Noninterference Analysis of Reversible Systems: An Approach Based on Branching Bisimilarity

The theory of noninterference supports the analysis and the execution of secure computations in multi-level security systems. Classical equivalence-based approaches to noninterference mainly rely on weak bisimulation semantics. We show that this approach is not sufficient to identify potential covert channels in the presence of reversible computations. As illustrated via a database management system example, the activation of backward computations may trigger information flows that are not observable when proceeding in the standard forward direction. To capture the effects of back and forth computations, it is necessary to switch to a more expressive semantics that, in an interleaving framework, has been proven to be branching bisimilarity in a previous work by De Nicola, Montanari, and Vaandrager. In this paper we investigate a taxonomy of noninterference properties based on branching bisimilarity along with their preservation and compositionality features, then we compare it with the classical hierarchy based on weak bisimilarity

On-going and future research at the Sulcis site in Sardinia, Italy. Characterization and experimentation at a possible future CCS pilot

National Italian funding has recently been allocated for the construction of a 350 MWe coal-fired power plant / CCS demonstration plant in the Sulcis area of SW Sardinia, Italy. In addition, the recently approved EC-funded ENOS project (ENabling Onshore CO2 Storage in Europe) will use the Sulcis site as one of its main field research laboratories. Site characterization is already ongoing, and work has begun to design gas injection experiments at 100-200 m depth in a fault. This article gives an overview of results to date and plans for the future from the Sapienza University of Rome research group

PicNIc - Pi-calculus Non-Interference checker

PICNIC is a tool for verifying security properties of systems, namely non-interference properties of processes expressed as terms of the pi-calculus with two security levels and declassification primitives. More precisely, it checks whether inserting a process into two different high contexts no information leakage to the low level observers occurs. These properties are decidable over finite control processes, but decidability can be extended by compositionality also to some infinite state processes. Notably, PICNIC has been developed in Fresh OpsilaCaML, a dialect of CaML with native support for binders and fresh/local names; thus, this work can be seen also as a non-trivial case study about the applicability of these new programming languages

on discrete time reversibility modulo state renaming and its applications

Time reversibility plays an important role in the analysis of continuous and discrete time Markov chains (DTMCs). Specifically, the computation of the stationary distribution of a reversible Markov chain has been proved to be very efficient and does not require the solution of the system of global balance equations. A DTMC is reversible when the processes at forward and reversed time are probabilistically indistinguishable. In this paper we introduce the concept of ρ-reversibility, i.e., a notion of reversibility modulo a renaming of the states, and we contrast it with the previous definition of dynamic reversibility especially with respect to the assumptions on the state renaming function. We discuss the applications of discrete time reversibility in the embedded and uniformized chains of continuous time processes

Dynamic Control of the Join-Queue Lengths in Saturated Fork-Join Stations

The analysis of fork-join queueing systems has played an important role for the performance evaluation of distributed systems where parallel computations associated with the same job are carried out and a job is considered served only when all the parallel tasks it consists of are served and then joined. The fork-join nodes that we consider consist of K >= 2 parallel servers each of which is equipped with two FCFS queues, namely the service-queue and the join-queue. The former stores the tasks waiting for being served while the latter stores the served tasks waiting for being joined. When the queueing station is saturated, i.e., the service-queues are never empty, we observe that the join-queue sizes tend to grow infinitely even if the expected service times at the servers are the same. In fact, this is due to the variance of the service time distribution. To tackle this problem, we propose a simple service-rate control mechanism, and show that under the exponential assumption on the service times, we can analytically study a set of relevant performance indices. We show that by selectively reducing the speed of some servers, significant energy saving can be achieved

Priority-based bandwidth allocation in wireless sensor networks

In Wireless Sensor Networks (WSN) a set of motes monitors the environment by measuring some physical phenomena such as humidity, light, temperature, vibrations. The coexistence of different data types arises the problem of assigning the network resources in a fair way by taking into account possible different priorities among the traffic streams. In this paper we propose an allocation control scheme which is easy to implement, meets the limited resources of sensor nodes, and does not require extra control traffic in the WSN. Our scheme is based on the idea that the motes maintain a window with the classes of the latest transmissions. We propose an analytical model and provide an algorithm to study the performance of this allocation scheme with respect to the throughput and the fairness achieved. The model is a continuous time Markov chain which is proved to be dynamically reversible (although not reversible) and admits a product-form equilibrium distribution

Large solutions to an anisotropic quasilinear elliptic problem

In this paper we consider existence, asymptotic behavior near the boundary and uniqueness of positive solutions to the problem: divx(|∇xu| p−2∇xu)(x, y) + divy(|∇yu| q−2∇yu)(x, y) = u r (x, y) in a bounded domain Ω⊂RN×RMΩ⊂RN×RM together with the boundary condition u (x, y) = ∞ on ∂Ω. We prove that the necessary and sufficient condition for the existence of a solution u∈W1,p,qloc(Ω)u∈Wloc1,p,q(Ω) to this problem is r > max{p−1, q−1}. Assuming that r > q−1 ≥ p−1 > 0 we will show that the exponent q controls the blow-up rates near the boundary in the sense that all points of ∂Ω share the same profile, that depends on q and r but not on p, with the sole exception of the vertical points (where the exponent p plays a role).Fil: García Melián, Jorge. Universidad de la Laguna; EspañaFil: Rossi, Julio Daniel. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Departamento de Matemática; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas; ArgentinaFil: Sabina de Lis, José C.. Universidad de la Laguna; Españ

Persistent Stochastic Non-Interference

In this paper we present an information flow security property for stochastic, cooperating, processes expressed as terms of the Performance Evaluation Process Algebra (PEPA). We introduce the notion of Persistent Stochastic Non-Interference (PSNI) based on the idea that every state reachable by a process satisfies a basic Stochastic Non-Interference (SNI) property. The structural operational semantics of PEPA allows us to give two characterizations of PSNI: the first involves a single bisimulation-like equivalence check, while the second is formulated in terms of unwinding conditions. The observation equivalence at the base of our definition relies on the notion of lumpability and ensures that, for a secure process P, the steady state probability of observing the system being in a specific state P' is independent from its possible high level interactions.Comment: In Proceedings EXPRESS/SOS 2018, arXiv:1808.0807