MMM: May I Mine Your Mind?

Consider the following set-up for the plot of a possible future episode of the TV series Black Mirror: human brains can be connected directly to the net and MiningMind Inc. has developed a technology that merges a reward system with a cryptojacking engine that uses the human brain to mine cryptocurrency (or to carry out some other mining activity). Part of our brain will be committed to cryptographic calculations (mining), leaving the remaining part untouched for everyday operations, i.e., for our brain's normal daily activity. In this short paper, we briefly argue why this set-up might not be so far fetched after all, and explore the impact that such a technology could have on our lives and our society.Comment: 4 pages, 0 figure, Accepted at the "Re-Coding Black Mirror" workshop of the International World Wide Web Conferences (WWW

Smart Humans... WannaDie?

It won't be long until our prostheses, ECG personal monitors, subcutaneous insulin infusors, glasses, etc. become devices of the Internet of Things (IoT), always connected for monitoring, maintenance, charging and tracking. This will be the dawn of the Smart Human, not just a user of the IoT but a Thing in the Internet. How long would it then take for hackers to attack us like they have been attacking IoT devices? What would happen if hackers were able to blackmail us threatening our IoT body parts? Smart Humans may become victims of the devastating attack of WannaDie, a new ransomware that could provide the plot-line for a possible future episode of the Black Mirror TV series.Comment: 5 pages, 3 figures, Accepted at the "Re-Coding Black Mirror" workshop of the International Conference Data Protection and Democracy (CPDP

A History of Until

Until is a notoriously difficult temporal operator as it is both existential and universal at the same time: A until B holds at the current time instant w iff either B holds at w or there exists a time instant w' in the future at which B holds and such that A holds in all the time instants between the current one and w'. This "ambivalent" nature poses a significant challenge when attempting to give deduction rules for until. In this paper, in contrast, we make explicit this duality of until to provide well-behaved natural deduction rules for linear-time logics by introducing a new temporal operator that allows us to formalize the "history" of until, i.e., the "internal" universal quantification over the time instants between the current one and w'. This approach provides the basis for formalizing deduction systems for temporal logics endowed with the until operator. For concreteness, we give here a labeled natural deduction system for a linear-time logic endowed with the new operator and show that, via a proper translation, such a system is also sound and complete with respect to the linear temporal logic LTL with until.Comment: 24 pages, full version of paper at Methods for Modalities 2009 (M4M-6

Verifying the Interplay of Authorization Policies and Workflow in Service-Oriented Architectures (Full version)

A widespread design approach in distributed applications based on the service-oriented paradigm, such as web-services, consists of clearly separating the enforcement of authorization policies and the workflow of the applications, so that the interplay between the policy level and the workflow level is abstracted away. While such an approach is attractive because it is quite simple and permits one to reason about crucial properties of the policies under consideration, it does not provide the right level of abstraction to specify and reason about the way the workflow may interfere with the policies, and vice versa. For example, the creation of a certificate as a side effect of a workflow operation may enable a policy rule to fire and grant access to a certain resource; without executing the operation, the policy rule should remain inactive. Similarly, policy queries may be used as guards for workflow transitions. In this paper, we present a two-level formal verification framework to overcome these problems and formally reason about the interplay of authorization policies and workflow in service-oriented architectures. This allows us to define and investigate some verification problems for SO applications and give sufficient conditions for their decidability.Comment: 16 pages, 4 figures, full version of paper at Symposium on Secure Computing (SecureCom09