A Cut Principle for Information Flow

We view a distributed system as a graph of active locations with unidirectional channels between them, through which they pass messages. In this context, the graph structure of a system constrains the propagation of information through it. Suppose a set of channels is a cut set between an information source and a potential sink. We prove that, if there is no disclosure from the source to the cut set, then there can be no disclosure to the sink. We introduce a new formalization of partial disclosure, called *blur operators*, and show that the same cut property is preserved for disclosure to within a blur operator. This cut-blur property also implies a compositional principle, which ensures limited disclosure for a class of systems that differ only beyond the cut.Comment: 31 page

A Hybrid Analysis for Security Protocols with State

Cryptographic protocols rely on message-passing to coordinate activity among principals. Each principal maintains local state in individual local sessions only as needed to complete that session. However, in some protocols a principal also uses state to coordinate its different local sessions. Sometimes the non-local, mutable state is used as a means, for example with smart cards or Trusted Platform Modules. Sometimes it is the purpose of running the protocol, for example in commercial transactions. Many richly developed tools and techniques, based on well-understood foundations, are available for design and analysis of pure message-passing protocols. But the presence of cross-session state poses difficulties for these techniques. In this paper we provide a framework for modeling stateful protocols. We define a hybrid analysis method. It leverages theorem-proving---in this instance, the PVS prover---for reasoning about computations over state. It combines that with an "enrich-by-need" approach---embodied by CPSA---that focuses on the message-passing part. As a case study we give a full analysis of the Envelope Protocol, due to Mark Ryan

A Third Hot White Dwarf Companion Detected by Kepler

We have found a system listed in the Kepler Binary Catalog (3.273 day period; Prsa et al. 2010) that we have determined is comprised of a low-mass, thermally-bloated, hot white dwarf orbiting an A star of about 2.3 solar masses. In this work we designate the object, KIC 10657664, simply as KHWD3. We use the transit depth of ~0.66%, the eclipse depth of ~1.9%, and regular smooth periodic variations at the orbital frequency and twice the orbital frequency to analyze the system parameters. The smooth periodic variations are identified with the classical ellipsoidal light variation and illumination effects, and the newly utilized Doppler boosting effect. Given the measured values of R/a and inclination angle of the binary, both the ELV and DB effects are mostly sensitive to the mass ratio, q = M_2/M_1, of the binary. The two effects yield values of q which are somewhat inconsistent - presumably due to unidentified systematic effects - but which nonetheless provide a quite useful set of possibilities for the mass of the white dwarf (either 0.18 +/- 0.03 M_Sun or 0.37 +/- 0.08 M_Sun). All of the other system parameters are determined fairly robustly. In particular, we show that the white dwarf has a radius of 0.15 +/- 0.01 R_Sun which is extremely bloated over the radius it would have as a fully degenerate object, and an effective temperature T_eff = 14,100 +/- 350 K. Binary evolution scenarios and models for this system are discussed. We suggest that the progenitor binary was comprised of a primary of mass ~2.2 M_Sun (the progenitor of the current hot white dwarf) and a secondary of mass ~1.4 M_Sun (the progenitor of the current A star in the system). We compare this new system with three other white dwarfs in binaries that likely were formed via stable Roche-lobe overflow (KOI-74, KOI-81, and Regulus).Comment: Accepted for publication in Ap

The Transit Light Curve Project. VIII. Six Occultations of the Exoplanet TrES-3

We present photometry of the exoplanet host star TrES-3 spanning six occultations (secondary eclipses) of its giant planet. No flux decrements were detected, leading to 99%-confidence upper limits on the planet-to-star flux ratio of 0.00024, 0.0005, and 0.00086 in the i, z, and R bands respectively. The corresponding upper limits on the planet's geometric albedo are 0.30, 0.62, and 1.07. The upper limit in the i band rules out the presence of highly reflective clouds, and is only a factor of 2-3 above the predicted level of thermal radiation from the planet.Comment: To appear in AJ [14 pages

Description and Practical Application of the Physiologic Distribution of 3’-Deoxy-3’-[18F]Fluorothymidine in Companion Animals

Access to positron emission tomography (PET), and more recently PET combined with computed tomography (PET/CT), is increasing in veterinary medicine. This molecular imaging technology allows clinicians to map biological functions within patients based on the distribution and selective uptake of specialized positron-emitting radiopharmaceuticals. Although most clinical studies utilize 2-deoxy-2-[18F]fluoro-Dglucose (18FDG), a versatile but relatively nonspecific tracer that interrogates the energy metabolism of tissues, there is a growing need to establish reference values for alternative or adjunct tracers in veterinary species. Among these is 3’-deoxy-3’- [18F]fluorothymidine (18FLT), a thymidine analog that selectively accumulates in proliferating tissues. In the present work, 18FLT distribution in clinically healthy adult dogs and young adult cats was imaged using a state-of-the-art PET/CT scanner to define normal uptake levels within numerous tissues, including major parenchymal organs, bone marrow, and other sites of increased radiopharmaceutical uptake. The marrow signal was subsequently segmented into separate skeletal regions, and used to quantitatively define the adult marrow distribution pattern in the dog. Marrow activity is concentrated in the vertebral column (particularly within the thoracic and lumbar regions), sternum, ribs, and proximal aspects of the appendicular skeleton in the adult dog. Feline marrow distribution is similar; however, considerable uptake within more distal appendicular structures suggests that age-related marrow conversion is ongoing in 3-year-old cats. Outside the marrow compartment, physiologic uptake was observed within the urinary and biliary systems, intestinal tract, and variably within lymphoid structures. Prominent uptake within the hepatic parenchyma was also observed in cats, but not dogs, at the times imaged in this study. The details of normal canine and feline 18FLT biodistribution included in this dissertation may be used to inform lesion interpretation in dogs and cats with suspected disease. Likewise, quantitative details of adult marrow distribution in dogs may be used by clinicians to guide the selection of marrow sampling sites or inform tissue-sparing efforts during radiotherapeutic planning in canine patients

Transit Timing Observations from Kepler. VIII Catalog of Transit Timing Measurements of the First Twelve Quarters

Following Ford et al. (2011, 2012) and Steffen et al. (2012) we derived the transit timing of 1960 Kepler KOIs using the pre-search data conditioning (PDC) light curves of the first twelve quarters of the Kepler data. For 721 KOIs with large enough SNRs, we obtained also the duration and depth of each transit. The results are presented as a catalog for the community to use. We derived a few statistics of our results that could be used to indicate significant variations. Including systems found by previous works, we have found 130 KOIs that showed highly significant TTVs, and 13 that had short-period TTV modulations with small amplitudes. We consider two effects that could cause apparent periodic TTV - the finite sampling of the observations and the interference with the stellar activity, stellar spots in particular. We briefly discuss some statistical aspects of our detected TTVs. We show that the TTV period is correlated with the orbital period of the planet and with the TTV amplitude.Comment: Accepted for publication to ApJ. 57 pages, 23 Figures. Machine readable catalogs are available at ftp://wise-ftp.tau.ac.il/pub/tauttv/TT

Validation of Kepler's Multiple Planet Candidates. II: Refined Statistical Framework and Descriptions of Systems of Special Interest

We extend the statistical analysis of Lissauer et al. (2012, ApJ 750, 112), which demonstrates that the overwhelming majority of Kepler candidate multiple transiting systems (multis) represent true transiting planets, and develop therefrom a procedure to validate large numbers of planet candidates in multis as bona fide exoplanets. We show that this statistical framework correctly estimates the abundance of false positives already identified around Kepler targets with multiple sets of transit-like signatures based on their abundance around targets with single sets of transit-like signatures. We estimate the number of multis that represent split systems of one or more planets orbiting each component of a binary star system. We use the high reliability rate for multis to validate more than one dozen particularly interesting multi-planet systems are validated in a companion paper by Rowe et al. (2014, ApJ, this issue). We note that few very short period (P < 1.6 days) planets orbit within multiple transiting planet systems and discuss possible reasons for their absence. There also appears to be a shortage of planets with periods exceeding a few months in multis