Verification of Confidentiality of Multi-threaded Programs

An introduction of Slalom project: motivation, plans and some result

Scheduler-specific Confidentiality for Multi-Threaded Programs and Its Logic-Based Verification

Observational determinism has been proposed in the literature as a way to ensure confidentiality for multi-threaded programs. Intuitively, a program is observationally deterministic if the behavior of the public variables is deterministic, i.e., independent of the private variables and the scheduling policy. Several formal definitions of observational determinism exist, but all of them have shortcomings; for example they accept insecure programs or they reject too many innocuous programs. Besides, the role of schedulers was ignored in all the proposed definitions. A program that is secure under one kind of scheduler might not be secure when executed with a different scheduler. The existing definitions do not ensure that an accepted program behaves securely under the scheduler that is used to deploy the program. Therefore, this paper proposes a new formalization of scheduler-specific observational determinism. It accepts programs that are secure when executed under a specific scheduler. Moreover, it is less restrictive on harmless programs under a particular scheduling policy. In addition, we discuss how compliance with our definition can be verified, using model checking. We use the idea of self-composition and we rephrase the observational determinism property for a single program $C$ as a temporal logic formula over the program $C$ executed in parallel with an independent copy of itself. Thus two states reachable during the execution of $C$ are combined into a reachable program state of the self-composed program. This allows to compare two program executions in a single temporal logic formula. The actual characterization is done in two steps. First we discuss how stuttering equivalence can be characterized as a temporal logic formula. Observational determinism is then expressed in terms of the stuttering equivalence characterization. This results in a conjunction of an LTL and a CTL formula, that are amenable to model checking

Confidentiality and Integrity for IoT/Mobile Networks

This chapter discusses how to ensure confidentiality and integrity for data flow in IoT applications. While confidentiality could be assessed by access control, cryptography, or information flow analysis, integrity is still an open challenge. This chapter proposes to use error-correcting codes to guarantee integrity, i.e., to maintain and assure the errorless state of data. Besides errors, many communication channels also cause erasures, i.e., the receiver cannot decide which symbol the received waveform represents. The chapter proposes a method that might correct both errors and erasures together. Our method is efficient in reducing memory storage as well as decoding complexity

On the Behavior of the Gamma Function on the Negative Side

In this paper we analyze the behavior of the Gamma function at its critical points and points of discontinuity on the negative side of the x-axis. We will also explain the bluntness of the gamma function on this negative side

On the Behavior of the Gamma Function on the Negative Side

In this paper we analyze the behavior of the Gamma function at its critical points and points of discontinuity on the negative side of the x-axis. We will also explain the bluntness of the gamma function on this negative side

A stochastic tractography system and applications

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2007.Includes bibliographical references (p. 75-77).Neuroscientists hypothesize that the pathologies of some neurological diseases are associated with neuroanatomical abnormalities. Diffusion Tensor Imaging (DTI) and stochastic tractography allow us to investigate white matter architecture non-invasively through measurements of water self diffusion throughout the brain. Many comparative studies of white matter architecture utilize spatially localized comparisons of diffusion characteristics. White matter tractography enables studies of fiber bundle characteristics. Stochastic tractography facilitates these investigations by providing a measure of confidence regarding the inferred fiber bundles. This thesis presents an implementation of an easy to use, open-source stochastic tractography system that will enable novel studies of fiber tract abnormalities. We demonstrate an application of the system on real DTI images and discuss possible studies of frontal lobe fiber differences in Schizophrenia.by Tri M. Ngo.M.Eng

Effective verification of confidentiality for multi-threaded programs

This paper studies how confidentiality properties of multi-threaded programs can be verified efficiently by a combination of newly developed and existing model checking algorithms. In particular, we study the verification of scheduler-specific observational determinism (SSOD), a property that characterizes secure information flow for multi-threaded programs under a given scheduler. Scheduler-specificness allows us to reason about refinement attacks, an important and tricky class of attacks that are notorious in practice. SSOD imposes two conditions: (SSOD-1)~all individual public variables have to evolve deterministically, expressed by requiring stuttering equivalence between the traces of each individual public variable, and (SSOD-2)~the relative order of updates of public variables is coincidental, i.e., there always exists a matching trace. \ud \ud We verify the first condition by reducing it to the question whether all traces of \ud each public variable are stuttering equivalent. \ud To verify the second condition, we show how\ud the condition can be translated, via a series of steps, \ud into a standard strong bisimulation problem. \ud Our verification techniques can be easily\ud adapted to verify other formalizations of similar information flow properties.\ud \ud We also exploit counter example generation techniques to synthesize attacks for insecure programs that fail either SSOD-1 or SSOD-2, i.e., showing how confidentiality \ud of programs can be broken

Secure Information Flow for IoT Applications

This paper discusses how to ensure security, i.e., confidentiality and integrity properties, for data in IoT applications. While confidentiality could be assessed via information flow analysis, integrity is ensured by error-correcting codes. In addition to errors, many communication channels also cause erasures, i.e., the demodulator cannot decide which symbol the received waveform represents. The paper proposes a method that might correct both errors and erasures together. Our method is efficient in reducing memory storage as well as decoding complexity

Research to support and inform the development, implementation and/or evaluation of tobacco control policies in relation to the framework convention on tobacco control in low and middle-income countries

In order to enforce policies on tobacco control in Vietnam, reliable information on health and socio-economic hazards associated with tobacco farming is needed. The study investigates the harmful impact of tobacco cultivation and processing on health of tobacco farmers in a rural community in northern Vietnam. Objectives included estimation of health care costs as well as health beliefs related to tobacco cultivation and processing. The health of those who cultivate the crop is constantly put in peril. The study confirms that tobacco farming does not bring prosperity to the farmers while causing them a lot of health problems, especially among women

A Clinical and Epidemiological Investigation of the First Reported Human Infection With the Zoonotic Parasite Trypanosoma evansi in Southeast Asia.

BACKGROUND: Trypanosomais a genus of unicellular parasitic flagellate protozoa.Trypanosoma bruceispecies and Trypanosoma cruziare the major agents of human trypanosomiasis; other Trypanosomaspecies can cause human disease, but are rare. In March 2015, a 38-year-old woman presented to a healthcare facility in southern Vietnam with fever, headache, and arthralgia. Microscopic examination of blood revealed infection with Trypanosoma METHODS: Microscopic observation, polymerase chain reaction (PCR) amplification of blood samples, and serological testing were performed to identify the infecting species. The patient's blood was screened for the trypanocidal protein apolipoprotein L1 (APOL1), and a field investigation was performed to identify the zoonotic source. RESULTS: PCR amplification and serological testing identified the infecting species as Trypanosoma evansi.Despite relapsing 6 weeks after completing amphotericin B therapy, the patient made a complete recovery after 5 weeks of suramin. The patient was found to have 2 wild-type APOL1 alleles and a normal serum APOL1 concentration. After responsive animal sampling in the presumed location of exposure, cattle and/or buffalo were determined to be the most likely source of the infection, with 14 of 30 (47%) animal blood samples testing PCR positive forT. evansi. CONCLUSIONS: We report the first laboratory-confirmed case ofT. evansiin a previously healthy individual without APOL1 deficiency, potentially contracted via a wound while butchering raw beef, and successfully treated with suramin. A linked epidemiological investigation revealed widespread and previously unidentified burden ofT. evansiin local cattle, highlighting the need for surveillance of this infection in animals and the possibility of further human cases