Self-Similarity Breeds Resilience

Self-similarity is the property of a system being similar to a part of itself. We posit that a special class of behaviourally self-similar systems exhibits a degree of resilience to adversarial behaviour. We formalise the notions of system, adversary and resilience in operational terms, based on transition systems and observations. While the general problem of proving systems to be behaviourally self-similar is undecidable, we show, by casting them in the framework of well-structured transition systems, that there is an interesting class of systems for which the problem is decidable. We illustrate our prescriptive framework for resilience with some small examples, e.g., systems robust to failures in a fail-stop model, and those avoiding side-channel attacks

A Case Study in Analytic Protocol Analysis in ACL2

When verifying computer systems we sometimes want to study their asymptotic behaviors, i.e., how they behave in the long run. In such cases, we need real analysis, the area of mathematics that deals with limits and the foundations of calculus. In a prior work, we used real analysis in ACL2s to study the asymptotic behavior of the RTO computation, commonly used in congestion control algorithms across the Internet. One key component in our RTO computation analysis was proving in ACL2s that for all alpha in [0, 1), the limit as n approaches infinity of alpha raised to n is zero. Whereas the most obvious proof strategy involves the logarithm, whose codomain includes irrationals, by default ACL2 only supports rationals, which forced us to take a non-standard approach. In this paper, we explore different approaches to proving the above result in ACL2(r) and ACL2s, from the perspective of a relatively new user to each. We also contextualize the theorem by showing how it allowed us to prove important asymptotic properties of the RTO computation. Finally, we discuss tradeoffs between the various proof strategies and directions for future research.Comment: In Proceedings ACL2-2023, arXiv:2311.0837

Leveraging Static Analysis Tools for Improving Usability of Memory Error Sanitization Compilers

Memory errors such as buffer overruns are notorious security vulnerabilities. There has been considerable interest in having a compiler to ensure the safety of compiled code either through static verification or through instrumented runtime checks. While certifying compilation has shown much promise, it has not been practical, leaving code instrumentation as the next best strategy for compilation. We term such compilers Memory Error Sanitization Compilers (MESCs). MESCs are available as part of GCC, LLVM and MSVC suites. Due to practical limitations, MESCs typically apply instrumentation indiscriminately to every memory access, and are consequently prohibitively expensive and practical to only small code bases. This work proposes a methodology that applies state-of-the-art static analysis techniques to eliminate unnecessary runtime checks, resulting in more efficient and scalable defenses. The methodology was implemented on LLVM\u27s Safecode, Integer Overflow, and Address Sanitizer passes, using static analysis of Frama-C and Codesurfer. The benchmarks demonstrate an improvement in runtime performance that makes incorporation of runtime checks a viable option for defenses

Ethics in data sharing: developing a model for best practice

As an outcome of a seminar on the 'Ethics in Data Sharing', we sketch a model of best practice for sharing data in research. We illustrate this model with two current and timely real-life cases from the context of computer and network security

Adaptive Algorithms for PASO Systems

: We describe a fault-tolerant distributed storage system for local area networks. Our system implements Persistent, Associative, Shared Object (PASO) memory. A PASO memory stores a set of data objects that can be accessed by associative search queries from all nodes in an ensemble of machines. This approach to distributed memory has been used in a number of systems, and provides a convenient and useful model for parallel and distributed applications. PASO memory is amenable to adaptive implementations that relocate data objects in response to changing network configurations and access patterns, making it a good candidate for an efficient, fault-tolerant storage system. The paper defines the semantics of PASO memory, gives a basic design strategy, discusses memory primitives and their costs, and discusses adaptive techniques for improving efficiency. 1 Introduction This paper presents PASO, a Persistent, Associative, Shared Object memory, and studies algorithms that implement fault-t..

Runtime Verification: The Application Perspective

International audienceIn the past decade, Runtime Verification (RV) has gained much focus, from both the research community and practitioners. RV combines a set of theories, techniques and tools aiming towards efficient analysis of systems' executions and guaranteeing their correctness using monitoring techniques. Major challenges in RV include characterizing and formally expressing requirements that can be monitored, offering intuitive and concise specification formalisms, and monitoring specifications efficiently for functional and non-functional behavior. In spite of the major strides made in recent years, much effort is still needed to make RV an attractive and viable methodology for industrial use and to apply it to wider application domains, such as security, bio-health, power micro-grids. This special issue of STTT proposes extended versions of four papers that have been selected from the Runtime Verification track at ISoLA 2012 [10]

Runtime Verification: The Application Perspective

Y. Falcone's work was funded in part by the French-government Single Inter-Ministry Fund (FUI) through the IO32 project. L. Zuck's work was funded in part by NSF award CCF-0916438International audienceIn the past decade, Runtime Verification (RV) has gained much focus, from both the research community and practitioners. Roughly speaking, RV combines a set of theories, techniques and tools aiming towards efficient analysis of systems' executions and guaranteeing their correctness using monitoring techniques. Major challenges in RV include characterizing and formally expressing requirements that can be monitored, proposing intuitive and concise specification formalisms, and monitoring specifications efficiently (time and memory-wise). With the major strides made in recent years, much effort is still needed to make RV an attractive and viable methodology for industrial use. In addition, further studies are needed to apply RV to wider application domains such as security, bio-health, power micro-grids. The purpose of the "Runtime Verification: the application perspective" track at ISoLA'12 was to bring together experts on runtime verification and potential application domains to try and advance the state-of-the-art on how to make RV more attractive to industry and usable in additional application domains. This introductory paper proposes an overview of the contributions brought by the papers selected at the track