Quantitative threat analysis via a logical service

It is increasingly important to analyze system security quantitatively using concepts such as trust, reputation, cost, and risk. This requires a thorough understanding of how such concepts should interact so that we can validate the assessment of threats, the choice of adopted risk management, etc.. To this end, we propose a declarative language Peal+ in which the interaction of such concepts can be rigorously described and analyzed. Peal+ has been implemented in PEALT using the SMT solver Z3 as analysis back-end. PEALT's code generators target complex back-ends and evolve with optimizations or new back-ends. Thus we can neither trust the tool chain nor feasibly prove correctness of all involved artefacts. We eliminate the need to trust that tool chain by independently certifying scenarios found by back-ends in a manner agnostic of code generation and choice of back-end. This scenario validation is compositional, courtesy of Kleene's 3-valued logic and potential re nement of scenarios. We prove the correctness of this validation, discuss how PEALT presents scenarios to further users' understanding, and demonstrate the utility of this approach by showing how it can express attack-countermeasure trees so that the interaction of attack success probability, attack cost, and attack impact can be analyzed

PEALT: A reasoning tool for numerical aggregation of trust evidence

We present a tool that supports the understanding and validation of mechanisms that numerically aggregate trust evidence { which may stem from heterogenous sources such as geographical information, reputation, and threat levels. The tool is based on a policy com- position language Peal [3] and can declare Peal expressions and intended analyses of such expressions as input. The analyses include vacuity checking, sensitivity analysis of thresh- olds, and policy re nement. We develop and implement two methods for generating veri - cation conditions for analyses, using the SMT solver Z3 as backend. One method is explicit and space intense, the other one is symbolic and so linear in the analysis expressions. We experimentally investigate this space-time tradeo by observing the Z3 code generation and its running time on randomly generated analyses and on a non-random benchmark modeling majority voting. Our ndings suggest both methods have complementary value and may scale up su ciently for the analysis of most realistic case studies

Static analysis of parity games: alternating reachability under parity

It is well understood that solving parity games is equivalent, up to polynomial time, to model checking of the modal mu-calculus. It is a long-standing open problem whether solving parity games (or model checking modal mu-calculus formulas) can be done in polynomial time. A recent approach to studying this problem has been the design of partial solvers, algorithms that run in polynomial time and that may only solve parts of a parity game. Although it was shown that such partial solvers can completely solve many practical benchmarks, the design of such partial solvers was somewhat ad hoc, limiting a deeper understanding of the potential of that approach. We here mean to provide such robust foundations for deeper analysis through a new form of game, alternating reachability under parity. We prove the determinacy of these games and use this determinacy to define, for each player, a monotone fixed point over an ordered domain of height linear in the size of the parity game such that all nodes in its greatest fixed point are won by said player in the parity game. We show, through theoretical and experimental work, that such greatest fixed points and their computation leads to partial solvers that run in polynomial time. These partial solvers are based on established principles of static analysis and are more effective than partial solvers studied in extant work

Towards usable generation and enforcement of trust evidence from programmers’ intent

Programmers develop code with a sense of purpose and with expectations on how units of code should interact with other units of code. But this intent of programmers is typically implicit and undocumented, goes beyond considerations of functional correctness, and may depend on trust assumptions that programmers make. At present, neither programming languages nor development environments offer a means of articulating such intent in a manner that could be used for controlling whether software executions meet such intentions and their associated expectations. We here study how extant research on trust can inform approaches to articulating programmers’ intent so that it may help with creating trust evidence for more trustworthy interaction of software units

Effects of anisotropic interactions on the structure of animal groups

This paper proposes an agent-based model which reproduces different structures of animal groups. The shape and structure of the group is the effect of simple interaction rules among individuals: each animal deploys itself depending on the position of a limited number of close group mates. The proposed model is shown to produce clustered formations, as well as lines and V-like formations. The key factors which trigger the onset of different patterns are argued to be the relative strength of attraction and repulsion forces and, most important, the anisotropy in their application.Comment: 22 pages, 9 figures. Submitted. v1-v4: revised presentation; extended simulations; included technical results. v5: added a few clarification

Force and Compliance Measurements on Living Cells Using Atomic Force Microscopy (AFM)

We describe the use of atomic force microscopy (AFM) in studies of cell adhesion and cell compliance. Our studies use the interaction between leukocyte function associated antigen-1 (LFA-1)/intercellular adhesion molecule-1 (ICAM-1) as a model system. The forces required to unbind a single LFA-1/ICAM-1 bond were measured at different loading rates. This data was used to determine the dynamic strength of the LFA-1/ICAM-1 complex and characterize the activation potential that this complex overcomes during its breakage. Force measurements acquired at the multiple- bond level provided insight about the mechanism of cell adhesion. In addition, the AFM was used as a microindenter to determine the mechanical properties of cells. The applications of these methods are described using data from a previous study

Diffractive Dijet Production at sqrt(s)=630 and 1800 GeV at the Fermilab Tevatron

We report a measurement of the diffractive structure function $F_{jj}^D$ of the antiproton obtained from a study of dijet events produced in association with a leading antiproton in $\bar pp$ collisions at $\sqrt s=630$ GeV at the Fermilab Tevatron. The ratio of $F_{jj}^D$ at $\sqrt s=630$ GeV to $F_{jj}^D$ obtained from a similar measurement at $\sqrt s=1800$ GeV is compared with expectations from QCD factorization and with theoretical predictions. We also report a measurement of the $\xi$ ($x$-Pomeron) and $\beta$ ($x$ of parton in Pomeron) dependence of $F_{jj}^D$ at $\sqrt s=1800$ GeV. In the region $0.035<\xi<0.095$, $|t|<1$ GeV$^2$ and $\beta<0.5$, $F_{jj}^D(\beta,\xi)$ is found to be of the form $\beta^{-1.0\pm 0.1} \xi^{-0.9\pm 0.1}$, which obeys $\beta$-$\xi$ factorization.Comment: LaTeX, 9 pages, Submitted to Phys. Rev. Letter

A Study of B0 -> J/psi K(*)0 pi+ pi- Decays with the Collider Detector at Fermilab

We report a study of the decays B0 -> J/psi K(*)0 pi+ pi-, which involve the creation of a u u-bar or d d-bar quark pair in addition to a b-bar -> c-bar(c s-bar) decay. The data sample consists of 110 1/pb of p p-bar collisions at sqrt{s} = 1.8 TeV collected by the CDF detector at the Fermilab Tevatron collider during 1992-1995. We measure the branching ratios to be BR(B0 -> J/psi K*0 pi+ pi-) = (8.0 +- 2.2 +- 1.5) * 10^{-4} and BR(B0 -> J/psi K0 pi+ pi-) = (1.1 +- 0.4 +- 0.2) * 10^{-3}. Contributions to these decays are seen from psi(2S) K(*)0, J/psi K0 rho0, J/psi K*+ pi-, and J/psi K1(1270)