Using Argumentation Logic for Firewall Policy Specification and Analysis

Firewalls are important perimeter security mechanisms that imple-ment an organisation's network security requirements and can be notoriously difficult to configure correctly. Given their widespread use, it is crucial that network administrators have tools to translate their security requirements into firewall configuration rules and ensure that these rules are consistent with each other. In this paper we propose an approach to firewall policy specification and analysis that uses a formal framework for argumentation based preference reasoning. By allowing administrators to define network abstractions (e.g. subnets, protocols etc) security requirements can be specified in a declarative manner using high-level terms. Also it is possible to specify preferences to express the importance of one requirement over another. The use of a formal framework means that the security requirements defined can be automatically analysed for inconsistencies and firewall configurations can be automatically generated. We demonstrate that the technique allows any inconsistency property, including those identified in previous research, to be specified and automatically checked and the use of an argumentation reasoning framework provides administrators with information regarding the causes of the inconsistency

Determining the WIMP mass using the complementarity between direct and indirect searches and the ILC

We study the possibility of identifying dark matter properties from XENON-like 100 kg experiments and the GLAST satellite mission. We show that whereas direct detection experiments will probe efficiently light WIMPs, given a positive detection (at the 10% level for $m_{\chi} \lesssim 50$ GeV), GLAST will be able to confirm and even increase the precision in the case of a NFW profile, for a WIMP-nucleon cross-section $\sigma_{\chi-p} \lesssim 10^{-8}$ pb. We also predict the rate of production of a WIMP in the next generation of colliders (ILC), and compare their sensitivity to the WIMP mass with the XENON and GLAST projects.Comment: 32 pages, new figures and a more detailed statistical analysis. Final version to appear in JCA

Multihole water oxidation catalysis on haematite photoanodes revealed by operando spectroelectrochemistry and DFT

Water oxidation is the key kinetic bottleneck of photoelectrochemical devices for fuel synthesis. Despite advances in the identification of intermediates, elucidating the catalytic mechanism of this multi redox reaction on metal oxide photoanodes remains a significant experimental and theoretical challenge. Here, we report an experimental analysis of water oxidation kinetics on four widely studied metal oxides, focusing particularly on haematite. We observe that haematite is able to access a reaction mechanism that is third order in surface hole density, which is assigned to equilibration between three surface holes and M OH O M OH sites. This reaction exhibits low activation energy Ea amp; 8201; amp; 8776; amp; 8201;60 amp; 8201;meV . Density functional theory is used to determine the energetics of charge accumulation and O O bond formation on a model haematite 110 surface. The proposed mechanism shows parallels with the function of the oxygen evolving complex of photosystem II, and provides new insights into the mechanism of heterogeneous water oxidation on a metal oxide surfac

Group Key Exchange Enabling On-Demand Derivation of Peer-to-Peer Keys

Abstract. We enrich the classical notion of group key exchange (GKE) protocols by a new property that allows each pair of users to derive an independent peer-to-peer (p2p) key on-demand and without any subsequent communication; this, in addition to the classical group key shared amongst all the users. We show that GKE protocols enriched in this way impose new security challenges concerning the secrecy and independence of both key types. The special attention should be paid to possible collusion attacks aiming to break the secrecy of p2p keys possibly established between any two non-colluding users. In our constructions we utilize the well-known parallel Diffie-Hellman key exchange (PDHKE) technique in which each party uses the same exponent for the computation of p2p keys with its peers. First, we consider PDHKE in GKE protocols where parties securely transport their secrets for the establishment of the group key. For this we use an efficient multi-recipient ElGamal encryption scheme. Further, based on PDHKE we design a generic compiler for GKE protocols that extend the classical Diffie-Hellman method. Finally, we investigate possible optimizations of these protocols allowing parties to re-use their exponents to compute both group and p2p keys, and show that not all such GKE protocols can be optimized. Key words: group key exchange, peer-to-peer keys, on-demand derivation

A search for the decay B+→K+ννˉB^+ \to K^+ \nu \bar{\nu}

We search for the rare flavor-changing neutral-current decay $B^+ \to K^+ \nu \bar{\nu}$ in a data sample of 82 fb$^{-1}$ collected with the {\sl BABAR} detector at the PEP-II B-factory. Signal events are selected by examining the properties of the system recoiling against either a reconstructed hadronic or semileptonic charged-B decay. Using these two independent samples we obtain a combined limit of ${\mathcal B}(B^+ \to K^+ \nu \bar{\nu})<5.2 \times 10^{-5}$ at the 90% confidence level. In addition, by selecting for pions rather than kaons, we obtain a limit of ${\mathcal B}(B^+ \to \pi^+ \nu \bar{\nu})<1.0 \times 10^{-4}$ using only the hadronic B reconstruction method.Comment: 7 pages, 8 postscript figures, submitted to Phys. Rev. Let