Constraint-Based Monitoring of Hyperproperties

Verifying hyperproperties at runtime is a challenging problem as hyperproperties, such as non-interference and observational determinism, relate multiple computation traces with each other. It is necessary to store previously seen traces, because every new incoming trace needs to be compatible with every run of the system observed so far. Furthermore, the new incoming trace poses requirements on future traces. In our monitoring approach, we focus on those requirements by rewriting a hyperproperty in the temporal logic HyperLTL to a Boolean constraint system. A hyperproperty is then violated by multiple runs of the system if the constraint system becomes unsatisfiable. We compare our implementation, which utilizes either BDDs or a SAT solver to store and evaluate constraints, to the automata-based monitoring tool RVHyper

Realizing Omega-regular Hyperproperties

We studied the hyperlogic HyperQPTL, which combines the concepts of trace relations and $\omega$-regularity. We showed that HyperQPTL is very expressive, it can express properties like promptness, bounded waiting for a grant, epistemic properties, and, in particular, any $\omega$-regular property. Those properties are not expressible in previously studied hyperlogics like HyperLTL. At the same time, we argued that the expressiveness of HyperQPTL is optimal in a sense that a more expressive logic for $\omega$-regular hyperproperties would have an undecidable model checking problem. We furthermore studied the realizability problem of HyperQPTL. We showed that realizability is decidable for HyperQPTL fragments that contain properties like promptness. But still, in contrast to the satisfiability problem, propositional quantification does make the realizability problem of hyperlogics harder. More specifically, the HyperQPTL fragment of formulas with a universal-existential propositional quantifier alternation followed by a single trace quantifier is undecidable in general, even though the projection of the fragment to HyperLTL has a decidable realizability problem. Lastly, we implemented the bounded synthesis problem for HyperQPTL in the prototype tool BoSy. Using BoSy with HyperQPTL specifications, we have been able to synthesize several resource arbiters. The synthesis problem of non-linear-time hyperlogics is still open. For example, it is not yet known how to synthesize systems from specifications given in branching-time hyperlogics like HyperCTL$^*$.Comment: International Conference on Computer Aided Verification (CAV 2020

Synthesis of fault-tolerant distributed systems

A distributed system is fault-tolerant if it continues to perform correctly even when a subset of the processes becomes faulty. Fault-tolerance is highly desirable but often difficult to implement. In this paper, we investigate fault-tolerant synthesis, i.e., the problem of determining whether a given temporal specification can be implemented as a fault-tolerant distributed system. As in standard distributed synthesis, we assume that the specification of the correct behaviors is given as a temporal formula over the externally visible variables. Additionally, we introduce the fault-tolerance specification, a CTL* formula describing the effects and the duration of faults. If, at some point in time, a process becomes faulty, it becomes part of the external environment and its further behavior is only restricted by the fault-tolerance specification. This allows us to model a large variety of fault types. Our method accounts for the effect of faults on the values communicated by the processes, and, hence, on the information available to the non-faulty processes. We prove that for fully connected system architectures, i.e., for systems where each pair of processes is connected by a communication link, the fault-tolerant synthesis problem from CTL* specifications is 2EXPTIME-complete

Abstraction refinement for games with incomplete information

Counterexample-guided abstraction refinement (CEGAR) is used in automated software analysis to find suitable finite-state abstractions of infinite-state systems. In this paper, we extend CEGAR to games with incomplete information, as they commonly occur in controller synthesis and modular verification. The challenge is that, under incomplete information, one must carefully account for the knowledge available to the player: the strategy must not depend on information the player cannot see. We propose an abstraction mechanism for games under incomplete information that incorporates the approximation of the players\' moves into a knowledge-based subset construction on the abstract state space. This abstraction results in a perfect-information game over a finite graph. The concretizability of abstract strategies can be encoded as the satisfiability of strategy-tree formulas. Based on this encoding, we present an interpolation-based approach for selecting new predicates and provide sufficient conditions for the termination of the resulting refinement loop

Microwave ISM Emission Observed by WMAP

We investigate the nature of the diffuse Galactic emission in the Wilkinson Microwave Anisotropy Probe (WMAP) temperature anisotropy data. Substantial dust-correlated emission is observed at all WMAP frequencies, far exceeding the expected thermal dust emission in the lowest frequency channels (23, 33, 41 GHz). The WMAP team (Bennett et al.) interpret this emission as dust-correlated synchrotron radiation, attributing the correlation to the natural association of relativistic electrons produced by SNae with massive star formation in dusty clouds, and deriving an upper limit of 5% on the contribution of Draine & Lazarian spinning dust at K-band (23 GHz). We pursue an alternative interpretation that much, perhaps most, of the dust-correlated emission at these frequencies is indeed spinning dust, and explore the spectral dependence on environment by considering a few specific objects as well as the full sky average. Models similar to Draine & Lazarian spinning dust provide a good fit to the full-sky data. The full-sky fit also requires a significant component with free-free spectrum uncorrelated with \Halpha, possibly hot (~million K) gas within 30 degrees of the Galactic center.Comment: ApJ in press (accepted 5 Dec 2003), version 2: corrected typos and added references. 23 pages, 5 figures, 2 tables. Free-free haze map is available at http://skymaps.inf

Synthesizing Finite-state Protocols from Scenarios and Requirements

Scenarios, or Message Sequence Charts, offer an intuitive way of describing the desired behaviors of a distributed protocol. In this paper we propose a new way of specifying finite-state protocols using scenarios: we show that it is possible to automatically derive a distributed implementation from a set of scenarios augmented with a set of safety and liveness requirements, provided the given scenarios adequately \emph{cover} all the states of the desired implementation. We first derive incomplete state machines from the given scenarios, and then synthesis corresponds to completing the transition relation of individual processes so that the global product meets the specified requirements. This completion problem, in general, has the same complexity, PSPACE, as the verification problem, but unlike the verification problem, is NP-complete for a constant number of processes. We present two algorithms for solving the completion problem, one based on a heuristic search in the space of possible completions and one based on OBDD-based symbolic fixpoint computation. We evaluate the proposed methodology for protocol specification and the effectiveness of the synthesis algorithms using the classical alternating-bit protocol.Comment: This is the working draft of a paper currently in submission. (February 10, 2014

VHE gamma ray absorption by galactic interstellar radiation field

Adopting a recent calculation of the Galactic interstellar radiation field, we calculate the attenuation of the very high energy gamma rays from the Galactic sources. The infra-red radiation background near the Galactic Center is very intense due to the new calculation and our result shows that a cutoff of high energy gamma ray spectrum begins at about 20 TeV and reaches about 10% for 50 TeV gamma rays.Comment: 6 pages, 1 figure, figure is changed, conclusion not change

Microwave ISM Emission in the Green Bank Galactic Plane Survey: Evidence for Spinning Dust

We observe significant dust-correlated emission outside of H II regions in the Green Bank Galactic Plane Survey (-4 < b < 4 degrees) at 8.35 and 14.35 GHz. The rising spectral slope rules out synchrotron and free-free emission as majority constituents at 14 GHz, and the amplitude is at least 500 times higher than expected thermal dust emission. When combined with the Rhodes (2.326 GHz), and WMAP (23-94 GHz) data it is possible to fit dust-correlated emission at 2.3-94 GHz with only soft synchrotron, free-free, thermal dust, and an additional dust-correlated component similar to Draine & Lazarian spinning dust. The rising component generally dominates free-free and synchrotron for \nu >~ 14 GHz and is overwhelmed by thermal dust at \nu > 60 GHz. The current data fulfill most of the criteria laid out by Finkbeiner et al. (2002) for detection of spinning dust.Comment: ApJ in press. 26 pages, 11 figures, figures jpeg compressed to save spac

Monitoring temporal information flow

We present a framework for monitoring information flow in security-critical reactive systems, such as communication protocols, cell phone apps, document servers and web browsers. The secrecy requirements in such systems typically vary over time in response to the interaction with the environment. Standard notions of secrecy, like noninterference, must therefore be extended by specifying precisely when and under what conditions a particular event needs to remain secret. Our framework is based on the temporal logic SecLTL, which combines the standard temporal operators of linear-time temporal logic with the modal Hide operator for the specification of information flow properties. We present a first monitoring algorithm for SecLTL specifications, based on a translation of SecLTL formulas to alternating automata, and identify open research questions and directions for future work

Pseudo-Dipole Signal Removal from WMAP Data

It is discovered in our previous work that different observational systematics, e.g., errors of antenna pointing directions, asynchronous between the attitude and science data, can generate pseudo-dipole signal in full-sky maps of the cosmic microwave background (CMB) anisotropy published by The Wilkinson Microwave Anisotropy Probe (WMAP) team. Now the antenna sidelobe response to the Doppler signal is found to be able to produce similar effect as well. In this work, independent to the sources, we uniformly model the pseudo-dipole signal and remove it from published WMAP7 CMB maps by model fitting. The result demonstrates that most of the released WMAP CMB quadrupole is artificial.Comment: V3: using WMAP7 dat