2,699 research outputs found
New advances in H∞ control and filtering for nonlinear systems
The main objective of this special issue is to
summarise recent advances in H∞ control and filtering
for nonlinear systems, including time-delay, hybrid and
stochastic systems. The published papers provide new
ideas and approaches, clearly indicating the advances
made in problem statements, methodologies or applications
with respect to the existing results. The special
issue also includes papers focusing on advanced and
non-traditional methods and presenting considerable
novelties in theoretical background or experimental
setup. Some papers present applications to newly
emerging fields, such as network-based control and
estimation
Strong and Provably Secure Database Access Control
Existing SQL access control mechanisms are extremely limited. Attackers can
leak information and escalate their privileges using advanced database features
such as views, triggers, and integrity constraints. This is not merely a
problem of vendors lagging behind the state-of-the-art. The theoretical
foundations for database security lack adequate security definitions and a
realistic attacker model, both of which are needed to evaluate the security of
modern databases. We address these issues and present a provably secure access
control mechanism that prevents attacks that defeat popular SQL database
systems.Comment: A short version of this paper has been published in the proceedings
of the 1st IEEE European Symposium on Security and Privacy (EuroS&P 2016
Securing Databases from Probabilistic Inference
Databases can leak confidential information when users combine query results
with probabilistic data dependencies and prior knowledge. Current research
offers mechanisms that either handle a limited class of dependencies or lack
tractable enforcement algorithms. We propose a foundation for Database
Inference Control based on ProbLog, a probabilistic logic programming language.
We leverage this foundation to develop Angerona, a provably secure enforcement
mechanism that prevents information leakage in the presence of probabilistic
dependencies. We then provide a tractable inference algorithm for a practically
relevant fragment of ProbLog. We empirically evaluate Angerona's performance
showing that it scales to relevant security-critical problems.Comment: A short version of this paper has been accepted at the 30th IEEE
Computer Security Foundations Symposium (CSF 2017
Middle-Out Reasoning for Logic Program Synthesis
We propose a novel approach to automating the synthesis of logic programs: Logic programs are synthesized as a by-product of the planning of a verification proof. The approach is a two-level one: At the object level, we prove program verification conjectures in a sorted, first-order theory. The conjectures are of the form 8args \Gamma\Gamma\Gamma\Gamma! : prog(args \Gamma\Gamma\Gamma\Gamma! ) $ spec(args \Gamma\Gamma\Gamma\Gamma! ). At the meta-level, we plan the object-level verification with an unspecified program definition. The definition is represented with a (second-order) meta-level variable, which becomes instantiated in the course of the planning
Access Control Synthesis for Physical Spaces
Access-control requirements for physical spaces, like office buildings and
airports, are best formulated from a global viewpoint in terms of system-wide
requirements. For example, "there is an authorized path to exit the building
from every room." In contrast, individual access-control components, such as
doors and turnstiles, can only enforce local policies, specifying when the
component may open. In practice, the gap between the system-wide, global
requirements and the many local policies is bridged manually, which is tedious,
error-prone, and scales poorly.
We propose a framework to automatically synthesize local access control
policies from a set of global requirements for physical spaces. Our framework
consists of an expressive language to specify both global requirements and
physical spaces, and an algorithm for synthesizing local, attribute-based
policies from the global specification. We empirically demonstrate the
framework's effectiveness on three substantial case studies. The studies
demonstrate that access control synthesis is practical even for complex
physical spaces, such as airports, with many interrelated security
requirements
Runtime Verification of Temporal Properties over Out-of-order Data Streams
We present a monitoring approach for verifying systems at runtime. Our
approach targets systems whose components communicate with the monitors over
unreliable channels, where messages can be delayed or lost. In contrast to
prior works, whose property specification languages are limited to
propositional temporal logics, our approach handles an extension of the
real-time logic MTL with freeze quantifiers for reasoning about data values. We
present its underlying theory based on a new three-valued semantics that is
well suited to soundly and completely reason online about event streams in the
presence of message delay or loss. We also evaluate our approach
experimentally. Our prototype implementation processes hundreds of events per
second in settings where messages are received out of order.Comment: long version of the CAV 2017 pape
A Framework for Program Development Based on Schematic Proof
Often, calculi for manipulating and reasoning about programs can be recast as calculi for synthesizing programs. The difference involves often only a slight shift of perspective: admitting metavariables into proofs. We propose that such calculi should be implemented in logical frameworks that support this kind of proof construction and that such an implementation can unify program verification and synthesis. Our proposal is illustrated with a worked example developed in Paulson's Isabelle system. We also give examples of existent calculi that are closely related to the methodology we are proposing and others that can be profitably recast using our approach
- …