Incompleteness of States w.r.t. Traces in Model Checking

Cousot and Cousot introduced and studied a general past/future-time specification language, called mu*-calculus, featuring a natural time-symmetric trace-based semantics. The standard state-based semantics of the mu*-calculus is an abstract interpretation of its trace-based semantics, which turns out to be incomplete (i.e., trace-incomplete), even for finite systems. As a consequence, standard state-based model checking of the mu*-calculus is incomplete w.r.t. trace-based model checking. This paper shows that any refinement or abstraction of the domain of sets of states induces a corresponding semantics which is still trace-incomplete for any propositional fragment of the mu*-calculus. This derives from a number of results, one for each incomplete logical/temporal connective of the mu*-calculus, that characterize the structure of models, i.e. transition systems, whose corresponding state-based semantics of the mu*-calculus is trace-complete

Formal Framework for Property-driven Obfuscations

We study the existence and the characterization of function transformers that minimally or maximally modify a function in order to reveal or conceal a certain property. Based on this general formal framework we develop a strategy for the design of the maximal obfuscating transformation that conceals a given property while revealing the desired observational behaviou

Crystallization behaviour of poly(lactide) in immiscible blend with poly(ε-caprolactone), comparison with solution and melt-mixed blends

Poly(ε-caprolactone)-poly(carbonate) based copolymers, both block and random, were synthetized and characterized by 1H-NMR spectroscopy. The copolymers have been tested as compatibilizers in 80/20 (w/w%) PLA/PCL blends prepared both by melt and solution mixing. The concentration of PCL-PC based copolymer added to the blends was 2 wt%. Compression moulded sheets and solvent cast films were evaluated by GPC (Gel Permeation Chromatography), TGA (Thermogravimetric Analysis), SEM (Scanning Electron Microscopy), PLOM (Polarized Light Optical Microscopy), DSC (Differential Scanning Calorimetry). The addition of the copolymers does not cause an increased miscibility in PLA-PCL phases since a reduction of PCL particles size is not detected in SEM micrographs. At the same time, upon copolymers addition PLA’s Tg value does not decrease in both melt and solution mixed blends. Copolymers addition causes a reduction of molecular weight in melt mixed blends. In particular, the random copolymer (PCL-ran-PC) causes the highest reduction molecular weight in melt mixed blend, since it is characterized by the lower thermal stability as shown in TGA analysis. As result, PLA phase within melt mixed blends containing PCL-PC based copolymers shows a higher tendency to crystallize during both isothermal and non-isothermal DSC experiments. The increased crystallization of PLA phase is attributed to an increase in spherulitic growth kinetics determined by PLOM analysis. Upon molecular weight reduction in melt mixed blends containing copolymers, PLA chains have a higher mobility resulting in an improved motion towards the growing crystal front

The PER model of abstract non-interference

Abstract. In this paper, we study the relationship between two models of secure information flow: the PER model (which uses equivalence relations) and the abstract non-interference model (which uses upper closure operators). We embed the lattice of equivalence relations into the lattice of closures, re-interpreting abstract non-interference over the lattice of equivalence relations. For narrow abstract non-interference, we show non-interference it is strictly less general. The relational presentation of abstract non-interference leads to a simplified construction of the most concrete harmless attacker. Moreover, the PER model of abstract noninterference allows us to derive unconstrained attacker models, which do not necessarily either observe all public information or ignore all private information. Finally, we show how abstract domain completeness can be used for enforcing the PER model of abstract non-interference

Transforming semantics by abstract interpretation

In 1997, Cousot introduced a hierarchy where semantics are related with each other by abstract interpretation. In this field we consider the standard abstract domain transformers, devoted to refine abstract domains in order to include attribute independent and relational information, respectively the reduced product and power of abstract domains, as domain operations to systematically design and compare semantics of programming languages by abstract interpretation. We first prove that natural semantics can be decomposed in terms of complementary attribute independent observables, leading to an algebraic characterization of the symmetric structure of the hierarchy. Moreover, we characterize some structural property of semantics, such as their compositionality, in terms of simple abstract domain equations. This provides an equational presentation of most well known semantics, which is parametric on the observable and structural property of the semantics, making it possible to systematically derive abstract semantics, e.g. for program analysis, as solutions of abstract domain equations

Code obfuscation against abstraction refinement attacks

Code protection technologies require anti reverse engineering transformations to obfuscate programs in such a way that tools and methods for program analysis become ineffective. We introduce the concept of model deformation inducing an effective code obfuscation against attacks performed by abstract model checking. This means complicating the model in such a way a high number of spurious traces are generated in any formal verification of the property to disclose about the system under attack.We transform the program model in order to make the removal of spurious counterexamples by abstraction refinement maximally inefficient. Because our approach is intended to defeat the fundamental abstraction refinement strategy, we are independent from the specific attack carried out by abstract model checking. A measure of the quality of the obfuscation obtained by model deformation is given together with a corresponding best obfuscation strategy for abstract model checking based on partition refinement

A unifying view of abstract domain design

Introduction. The concept of abstract interpretation has been introduced by Patrick and Radhia Cousot in [4, 5], in order to formalize static program analyses. Within this framework, our goal is to offer a unifying view on operators for enhancing and simplifying abstract domains. Enhancing and simplifying operators are viewed, respectively, as domain refinements and inverses of domain refinements. This new unifying viewpoint make

How Fitting is Your Abstract Domain?

Abstract interpretation offers sound and decidable approxi- mations for undecidable queries related to program behavior. The effec- tiveness of an abstract domain is entirely reliant on the abstract domain itself, and the worst-case scenario is when the abstract interpreter pro- vides a response of “don’t know”, indicating that anything could happen during runtime. Conversely, a desirable outcome is when the abstract in- terpreter provides information that exceeds a specified level of precision, resulting in a more precise answer. The concept of completeness relates to the level of precision that is forfeited when performing computations within the abstract domain. Our focus is on the domain’s ability to ex- press program behaviour, which we refer to as adequacy. In this paper, we present a domain refinement strategy towards adequacy and a sim- ple sound proof system for adequacy, designed to determine whether an abstract domain is capable of providing satisfactory responses to spec- ified program queries. Notably, this proof system is both language and domain agnostic, and can be readily incorporated to support static pro- gram analysis