Nexus Authorization Logic (NAL): Logical Results

Nexus Authorization Logic (NAL) [Schneider et al. 2011] is a logic for reasoning about authorization in distributed systems. A revised version of NAL is given here, including revised syntax, a revised proof theory using localized hypotheses, and a new Kripke semantics. The proof theory is proved sound with respect to the semantics, and that proof is formalized in Coq

Belief Semantics of Authorization Logic

Authorization logics have been used in the theory of computer security to reason about access control decisions. In this work, a formal belief semantics for authorization logics is given. The belief semantics is proved to subsume a standard Kripke semantics. The belief semantics yields a direct representation of principals' beliefs, without resorting to the technical machinery used in Kripke semantics. A proof system is given for the logic; that system is proved sound with respect to the belief and Kripke semantics. The soundness proof for the belief semantics, and for a variant of the Kripke semantics, is mechanized in Coq

Civitas: Toward a Secure Voting System

Civitas is the first electronic voting system that is coercion-resistant, universally and voter verifiable, and suitable for remote voting. This paper describes the design and implementation of Civitas. Assurance is established in the design through security proofs, and in the implementation through information-flow security analysis. Experimental results give a quantitative evaluation of the tradeoffs between time, cost, and security.Engineering and Applied Science

Civitas: Implementation of a Threshold Cryptosystem

This paper describes the implementation of a threshold cryptosystem for Civitas, a secure electronic voting system. The cryptosystem improves the availability of Civitas by enabling tabulation to complete despite the failure of some agents. The implementation includes a sophisticated distributed key generation protocol, which was designed by Gennaro, Jarecki, Krawczyk, and Rabin. The cryptosystem is implemented in Jif, a security-typed language

Quantifying Information Flow with Beliefs

To reason about information flow, a new model is developed that describes how attacker beliefs change due to the attacker's observation of the execution of a probabilistic (or deterministic) program. The model enables compositional reasoning about information flow from attacks involving sequences of interactions. The model also supports a new metric for quantitative information flow that measures accuracy of an attacker's beliefs. Applying this new metric reveals inadequacies of traditional information flow metrics, which are based on reduction of uncertainty. However, the new metric is sufficiently general that it can be instantiated to measure either accuracy or uncertainty. The new metric can also be used to reason about misinformation; deterministic programs are shown to be incapable of producing misinformation. Additionally, programs in which nondeterministic choices are made by insiders, who collude with attackers, can be analyzed

Use of the Generating Options for Active Risk Control (GO-ARC) Technique can lead to more robust risk control options.

BACKGROUND: Risk assessment is widely used to improve patient safety, but healthcare workers are not trained to design robust solutions to the risks they uncover. This leads to an overreliance on the weakest category of risk control recommendations: administrative controls. Increasing the proportion of non-administrative risk control options (NARCOs) generated would enable (though not ensure) the adoption of more robust solutions. OBJECTIVES: Experimentally assess a method for generating stronger risk controls: The Generating Options for Active Risk Control (GO-ARC) Technique. METHODS: Participants generated risk control options in response to two patient safety scenarios. Scenario 1 (baseline): All participants used current practice (unstructured brainstorming). Scenario 2: Control group used current practice; intervention group used the GO-ARC Technique. To control for individual differences between participants, analysis focused on the change in the proportion of NARCOs for each group. CONTROL GROUP: Proportion of NARCOs decreased from 0.18 at baseline to 0.12. Intervention group: Proportion increased from 0.10 at baseline to 0.29 using the GO-ARC Technique. Results were statistically significant. There was no decrease in the number of administrative controls generated by the intervention group. CONCLUSION: The Generating Options for Active Risk Control (GO-ARC) Technique appears to lead to more robust risk control options.The research was partly funded by the UK National Institute for Health Research (NIHR) Collaboration for Leadership in Applied Health Research and Care East of England (CLAHRC EoE) at Cambridge and Peterborough NHS Foundation Trust. The views expressed are those of the author(s) and not necessarily those of the NHS, the NIHR or the Department of Health.This is the author's accepted manuscript. The final version has been published in International Journal of Risk & Safety in Medicine at http://dx.doi.org/10.3233/JRS-14063

A Chemical Composition Survey of the Iron-Complex Globular Cluster NGC 6273 (M 19)

Recent observations have shown that a growing number of the most massive Galactic globular clusters contain multiple populations of stars with different [Fe/H] and neutron-capture element abundances. NGC 6273 has only recently been recognized as a member of this "iron-complex" cluster class, and we provide here a chemical and kinematic analysis of > 300 red giant branch (RGB) and asymptotic giant branch (AGB) member stars using high resolution spectra obtained with the Magellan-M2FS and VLT-FLAMES instruments. Multiple lines of evidence indicate that NGC 6273 possesses an intrinsic metallicity spread that ranges from about [Fe/H] = -2 to -1 dex, and may include at least three populations with different [Fe/H] values. The three populations identified here contain separate first (Na/Al-poor) and second (Na/Al-rich) generation stars, but a Mg-Al anti-correlation may only be present in stars with [Fe/H] > -1.65. The strong correlation between [La/Eu] and [Fe/H] suggests that the s-process must have dominated the heavy element enrichment at higher metallicities. A small group of stars with low [alpha/Fe] is identified and may have been accreted from a former surrounding field star population. The cluster's large abundance variations are coupled with a complex, extended, and multimodal blue horizontal branch (HB). The HB morphology and chemical abundances suggest that NGC 6273 may have an origin that is similar to omega Cen and M 54.Comment: Accepted for Publication in The Astrophysical Journal; 50 pages; 18 figures; 8 tables; higher resolution figures are available upon request or in the published journal articl

The First Detection of Blue Straggler Stars in the Milky Way Bulge

We report the first detections of Blue Straggler Stars (BSS) in the bulge of the Milky Way galaxy. Proper motions from extensive space-based observations along a single sight-line allow us to separate a sufficiently clean and well-characterized bulge sample that we are able to detect a small population of bulge objects in the region of the color-magnitude diagram commonly occupied young objects and blue strgglers. However, variability measurements of these objects clearly establish that a fraction of them are blue stragglers. Out of the 42 objects found in this region of the color-magnitude diagram, we estimate that at least 18 are genuine BSS. We normalize the BSS population by our estimate of the number of horizontal branch stars in the bulge in order to compare the bulge to other stellar systems. The BSS fraction is clearly discrepant from that found in stellar clusters. The blue straggler population of dwarf spheroidals remains a subject of debate; some authors claim an anticorrelation between the normalised blue straggler fraction and integrated light. If this trend is real, then the bulge may extend it by three orders of magnitude in mass. Conversely, we find that the genuinely young (~5Gy or younger) population in the bulge, must be at most 3.4% under the most conservative scenario for the BSS population.Comment: ApJ in press; 25 pages, 6 figures, 2 table