735 research outputs found
Relational reasoning via probabilistic coupling
Probabilistic coupling is a powerful tool for analyzing pairs of
probabilistic processes. Roughly, coupling two processes requires finding an
appropriate witness process that models both processes in the same probability
space. Couplings are powerful tools proving properties about the relation
between two processes, include reasoning about convergence of distributions and
stochastic dominance---a probabilistic version of a monotonicity property.
While the mathematical definition of coupling looks rather complex and
cumbersome to manipulate, we show that the relational program logic pRHL---the
logic underlying the EasyCrypt cryptographic proof assistant---already
internalizes a generalization of probabilistic coupling. With this insight,
constructing couplings is no harder than constructing logical proofs. We
demonstrate how to express and verify classic examples of couplings in pRHL,
and we mechanically verify several couplings in EasyCrypt
Computer-aided verification in mechanism design
In mechanism design, the gold standard solution concepts are dominant
strategy incentive compatibility and Bayesian incentive compatibility. These
solution concepts relieve the (possibly unsophisticated) bidders from the need
to engage in complicated strategizing. While incentive properties are simple to
state, their proofs are specific to the mechanism and can be quite complex.
This raises two concerns. From a practical perspective, checking a complex
proof can be a tedious process, often requiring experts knowledgeable in
mechanism design. Furthermore, from a modeling perspective, if unsophisticated
agents are unconvinced of incentive properties, they may strategize in
unpredictable ways.
To address both concerns, we explore techniques from computer-aided
verification to construct formal proofs of incentive properties. Because formal
proofs can be automatically checked, agents do not need to manually check the
properties, or even understand the proof. To demonstrate, we present the
verification of a sophisticated mechanism: the generic reduction from Bayesian
incentive compatible mechanism design to algorithm design given by Hartline,
Kleinberg, and Malekian. This mechanism presents new challenges for formal
verification, including essential use of randomness from both the execution of
the mechanism and from the prior type distributions. As an immediate
consequence, our work also formalizes Bayesian incentive compatibility for the
entire family of mechanisms derived via this reduction. Finally, as an
intermediate step in our formalization, we provide the first formal
verification of incentive compatibility for the celebrated
Vickrey-Clarke-Groves mechanism
Tracking Data-Flow with Open Closure Types
Type systems hide data that is captured by function closures in function
types. In most cases this is a beneficial design that favors simplicity and
compositionality. However, some applications require explicit information about
the data that is captured in closures. This paper introduces open closure
types, that is, function types that are decorated with type contexts. They are
used to track data-flow from the environment into the function closure. A
simply-typed lambda calculus is used to study the properties of the type theory
of open closure types. A distinctive feature of this type theory is that an
open closure type of a function can vary in different type contexts. To present
an application of the type theory, it is shown that a type derivation
establishes a simple non-interference property in the sense of information-flow
theory. A publicly available prototype implementation of the system can be used
to experiment with type derivations for example programs.Comment: Logic for Programming Artificial Intelligence and Reasoning (2013
Computational Soundness for Dalvik Bytecode
Automatically analyzing information flow within Android applications that
rely on cryptographic operations with their computational security guarantees
imposes formidable challenges that existing approaches for understanding an
app's behavior struggle to meet. These approaches do not distinguish
cryptographic and non-cryptographic operations, and hence do not account for
cryptographic protections: f(m) is considered sensitive for a sensitive message
m irrespective of potential secrecy properties offered by a cryptographic
operation f. These approaches consequently provide a safe approximation of the
app's behavior, but they mistakenly classify a large fraction of apps as
potentially insecure and consequently yield overly pessimistic results.
In this paper, we show how cryptographic operations can be faithfully
included into existing approaches for automated app analysis. To this end, we
first show how cryptographic operations can be expressed as symbolic
abstractions within the comprehensive Dalvik bytecode language. These
abstractions are accessible to automated analysis, and they can be conveniently
added to existing app analysis tools using minor changes in their semantics.
Second, we show that our abstractions are faithful by providing the first
computational soundness result for Dalvik bytecode, i.e., the absence of
attacks against our symbolically abstracted program entails the absence of any
attacks against a suitable cryptographic program realization. We cast our
computational soundness result in the CoSP framework, which makes the result
modular and composable.Comment: Technical report for the ACM CCS 2016 conference pape
Machine Assisted Proof of ARMv7 Instruction Level Isolation Properties
In this paper, we formally verify security properties of the ARMv7 Instruction Set Architecture (ISA) for user mode executions.
To obtain guarantees that arbitrary (and unknown) user processes are able to run isolated from privileged software and other user processes, instruction level noninterference and integrity properties are provided, along with proofs that transitions to privileged modes can only occur in a controlled manner.
This work establishes a main requirement for operating system and hypervisor verification, as demonstrated for the PROSPER separation kernel. The proof is performed in the HOL4 theorem prover, taking the Cambridge model of ARM as basis.
To this end, a proof tool has been developed, which assists the verification of relational state predicates semi-automatically
Computer-Aided Cryptographic Proofs
International audienceProvable security [6] is at the heart of modern cryptography. It advocates a mathematical approach in which the security of new cryptographic constructions is defined rigorously, and provably reduced to one or several assumptions, such as the hardness of a computational problem, or the existence of an ideal functionality. A typical provable security statement is of the form: for all adversary against the cryptographic construction TeX , there exists an adversary TeX against a security assumption TeX , such that if TeX has a high probability of breaking the scheme TeX in time t, then TeX has a high probability of breaking the assumption TeX in time t′ (defined as a function of t)
Metallicity determination in gas-rich galaxies with semiempirical methods
A study of the precision of the semiempirical methods used in the
determination of the chemical abundances in gas-rich galaxies is carried out.
In order to do this the oxygen abundances of a total of 438 galaxies were
determined using the electronic temperature, the and the P methods.
The new calibration of the P method gives the smaller dispersion for the low
and high metallicity regions, while the best numbers in the turnaround region
are given by the method. We also found that the dispersion correlates
with the metallicity. Finally, it can be said that all the semiempirical
methods studied here are quite insensitive to metallicity with a value of
dex for more than 50% of the total sample.
\keywords{ISM: abundances; (ISM): H {\sc ii} regions}Comment: 26 pages, 9 figures and 2 tables. To appear at AJ, January 200
On continuation-passing transformations and expected cost analysis
We define a continuation-passing style (CPS) translation for a typed \u3bb-calculus with probabilistic choice, unbounded recursion, and a tick operator - for modeling cost. The target language is a (non-probabilistic) \u3bb-calculus, enriched with a type of extended positive reals and a fixpoint operator. We then show that applying the CPS transform of an expression M to the continuation \u3bb v. 0 yields the expected cost of M. We also introduce a formal system for higher-order logic, called EHOL, prove it sound, and show it can derive tight upper bounds on the expected cost of classic examples, including Coupon Collector and Random Walk. Moreover, we relate our translation to Kaminski et al.'s ert-calculus, showing that the latter can be recovered by applying our CPS translation to (a generalization of) the classic embedding of imperative programs into \u3bb-calculus. Finally, we prove that the CPS transform of an expression can also be used to compute pre-expectations and to reason about almost sure termination
- …