Social Union, Migration and the Constitution: Integration at Risk

Europäische Integration, Mobilität, Soziale Integration, Sozialstaat, Europäische Wirtschafts- und Währungsunion, European integration, Mobility, Social integration, Welfare state, European Economic and Monetary Union

Safe abstractions of data encodings in formal security protocol models

When using formal methods, security protocols are usually modeled at a high level of abstraction. In particular, data encoding and decoding transformations are often abstracted away. However, if no assumptions at all are made on the behavior of such transformations, they could trivially lead to security faults, for example leaking secrets or breaking freshness by collapsing nonces into constants. In order to address this issue, this paper formally states sufficient conditions, checkable on sequential code, such that if an abstract protocol model is secure under a Dolev-Yao adversary, then a refined model, which takes into account a wide class of possible implementations of the encoding/decoding operations, is implied to be secure too under the same adversary model. The paper also indicates possible exploitations of this result in the context of methods based on formal model extraction from implementation code and of methods based on automated code generation from formally verified model

Polymorphism and selection of rpoS in pathogenic Escherichia coli

<p>Abstract</p> <p>Background</p> <p>Though RpoS is important for survival of pathogenic <it>Escherichia coli </it>in natural environments, polymorphism in the <it>rpoS </it>gene is common. However, the causes of this polymorphism and consequential physiological effects on gene expression in pathogenic strains are not fully understood.</p> <p>Results</p> <p>In this study, we found that growth on non-preferred carbon sources can efficiently select for loss of RpoS in seven of ten representative verocytotoxin-producing <it>E. coli </it>(VTEC) strains. Mutants (Suc⁺⁺) forming large colonies on succinate were isolated at a frequency of 10^-8mutants per cell plated. Strain O157:H7 EDL933 yielded mainly mutants (about 90%) that were impaired in catalase expression, suggesting the loss of RpoS function. As expected, inactivating mutations in <it>rpoS </it>sequence were identified in these mutants. Expression of two pathogenicity-related phenotypes, cell adherence and RDAR (red dry and rough) morphotype, were also attenuated, indicating positive control by RpoS. For the other Suc⁺⁺mutants (10%) that were catalase positive, no mutation in <it>rpoS </it>was detected.</p> <p>Conclusion</p> <p>The selection for loss of RpoS on poor carbon sources is also operant in most pathogenic strains, and thus is likely responsible for the occurrence of <it>rpoS </it>polymorphisms among <it>E. coli </it>isolates.</p

Quiescent consistency: Defining and verifying relaxed linearizability

Concurrent data structures like stacks, sets or queues need to be highly optimized to provide large degrees of parallelism with reduced contention. Linearizability, a key consistency condition for concurrent objects, sometimes limits the potential for optimization. Hence algorithm designers have started to build concurrent data structures that are not linearizable but only satisfy relaxed consistency requirements. In this paper, we study quiescent consistency as proposed by Shavit and Herlihy, which is one such relaxed condition. More precisely, we give the first formal definition of quiescent consistency, investigate its relationship with linearizability, and provide a proof technique for it based on (coupled) simulations. We demonstrate our proof technique by verifying quiescent consistency of a (non-linearizable) FIFO queue built using a diffraction tree. © 2014 Springer International Publishing Switzerland

Verifying linearizability on TSO architectures

Linearizability is the standard correctness criterion for fine-grained, non-atomic concurrent algorithms, and a variety of methods for verifying linearizability have been developed. However, most approaches assume a sequentially consistent memory model, which is not always realised in practice. In this paper we define linearizability on a weak memory model: the TSO (Total Store Order) memory model, which is implemented in the x86 multicore architecture. We also show how a simulation-based proof method can be adapted to verify linearizability for algorithms running on TSO architectures. We demonstrate our approach on a typical concurrent algorithm, spinlock, and prove it linearizable using our simulation-based approach. Previous approaches to proving linearizabilty on TSO architectures have required a modification to the algorithm's natural abstract specification. Our proof method is the first, to our knowledge, for proving correctness without the need for such modification

Spatial variability in ecosystem services: simple rules for predator-mediated pest suppression

Agricultural pest control often relies on the ecosystem services provided by the predators of pests. Appropriate landscape and habitat management for pest control services requires an understanding of insect dispersal abilities and the spatial arrangement of source habitats for pests and their predators. Here we explore how dispersal and habitat configuration determine the locations where management actions are likely to have the biggest impact on natural pest control. The study focuses on the early colonization phase before predator reproduction takes place and when pest populations in crops are still relatively low. We developed a spatially explicit simulation model in which pest populations grow exponentially in pest patches and predators disperse across the landscape from predator patches. We generated 1000 computer-simulated landscapes in which the performance of four typical but different predator groups as biological control agents was evaluated. Predator groups represented trait combinations of poor and good dispersal ability and densityindependent and density-dependent aggregation responses toward pests. Case studies from the literature were used to inform the parameterization of predator groups. Landscapes with a small nearest-neighbor distance between pest and predator patches had the lowest mean pest density at the landscape scale for all predator groups, but there can be high variation in pest density between the patches within these landscapes. Mobile and strongly aggregating predators provide the best pest suppression in the majority of landscape types. Ironically, this result is true except in landscapes with small nearest-neighbor distances between pest and predator patches. The pest control potential of mobile predators can best be explained by the mean distance between a pest patch and all predator patches in the landscape, whereas for poorly dispersing predators the distance between a pest patch and the nearest predator patch is the best explanatory variable. In conclusion, the spatial arrangement of source habitats for natural enemies of agricultural pest species can have profound effects on their potential to colonize crops and suppress pest populations. © 2010 by the Ecological Society of America

Auswirkungen wählbarer Selbstbehalte in der Krankenversicherung: Lehren aus der Schweiz?

In diesem Papier wird diskutiert, ob die Einführung wählbarer Selbstbehalte in der Gesetzlichen Krankenversicherung einen sinnvollen Weg zur Kosteneinsparung im Gesundheitswesen darstellt. Ausgehend von Befunden aus dem schweizerischen Gesundheitssystem, das solche wählbaren Selbstbehalte in der obligatorischen Grundversicherung seit 1996 kennt, wird argumentiert, dass die Wahlmöglichkeit des Selbstbehalts keinen starken Einfluss auf das Patientenverhalten zu haben scheint. Der Großteil der beobachteten Reduktion der Anzahl der Arztbesuche bei Versicherten mit höheren Selbstbehalten ist durch Selbstselektion zu erklären. Gesündere Versicherte oder Versicherte, die aufgrund ihrer Präferenzen weniger medizinische Leistungen in Anspruch nehmen, wählen höhere Selbstbehalte. Eine durch die gewählte höhere Selbstbeteiligung induzierte Verhaltensänderung in Richtung einer sparsameren Inanspruchnahme des Gesundheitswesens ist kaum festzustellen. Soll trotzdem eine Wahlmöglichkeit bei Selbstbehalten in Deutschland eingeführt werden, gilt es die Systemunterschiede zwischen der Individualversicherung (CH) und der Familienversicherung (D) zu beachten. Die Einführung von nicht wählbaren Kostenbeteiligungen der Patienten scheint leichter durchsetzbar, da die Selbstselektion von Gesunden und Kranken in verschiedene Versicherungskontrakte, die vielfach als unsolidarisch empfunden wird, nicht auftreten kann

Formal Verification of Security Protocol Implementations: A Survey

Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac