380 research outputs found
Lower Bounds for Complementation of omega-Automata Via the Full Automata Technique
In this paper, we first introduce a lower bound technique for the state
complexity of transformations of automata. Namely we suggest first considering
the class of full automata in lower bound analysis, and later reducing the size
of the large alphabet via alphabet substitutions. Then we apply such technique
to the complementation of nondeterministic \omega-automata, and obtain several
lower bound results. Particularly, we prove an \omega((0.76n)^n) lower bound
for B\"uchi complementation, which also holds for almost every complementation
or determinization transformation of nondeterministic omega-automata, and prove
an optimal (\omega(nk))^n lower bound for the complementation of generalized
B\"uchi automata, which holds for Streett automata as well
The Wadge Hierarchy of Deterministic Tree Languages
We provide a complete description of the Wadge hierarchy for
deterministically recognisable sets of infinite trees. In particular we give an
elementary procedure to decide if one deterministic tree language is
continuously reducible to another. This extends Wagner's results on the
hierarchy of omega-regular languages of words to the case of trees.Comment: 44 pages, 8 figures; extended abstract presented at ICALP 2006,
Venice, Italy; full version appears in LMCS special issu
Secrecy in Untrusted Networks
We investigate the protection of migrating agents against the untrusted sites they traverse. The resulting calculus provides a formal framework to reason about protection policies and security protocols over distributed, mobile infrastructures, and aims to stand to ambients as the spi calculus stands to ?. We present a type system that separates trusted and untrusted data and code, while allowing safe interactions with untrusted sites. We prove that the type system enforces a privacy property, and show the expressiveness of the calculus via examples and an encoding of the spi calculus
Space-Aware Ambients and Processes
Resource control has attracted increasing interest in foundational research on distributed systems. This paper focuses on space control and develops an analysis of space usage in the context of an ambient-like calculus with bounded capacities and weighed processes, where migration and activation require space. A type system complements the dynamics of the calculus by providing static guarantees that the intended capacity bounds are preserved throughout the computation
The Complexity of Enriched Mu-Calculi
The fully enriched μ-calculus is the extension of the propositional
μ-calculus with inverse programs, graded modalities, and nominals. While
satisfiability in several expressive fragments of the fully enriched
μ-calculus is known to be decidable and ExpTime-complete, it has recently
been proved that the full calculus is undecidable. In this paper, we study the
fragments of the fully enriched μ-calculus that are obtained by dropping at
least one of the additional constructs. We show that, in all fragments obtained
in this way, satisfiability is decidable and ExpTime-complete. Thus, we
identify a family of decidable logics that are maximal (and incomparable) in
expressive power. Our results are obtained by introducing two new automata
models, showing that their emptiness problems are ExpTime-complete, and then
reducing satisfiability in the relevant logics to these problems. The automata
models we introduce are two-way graded alternating parity automata over
infinite trees (2GAPTs) and fully enriched automata (FEAs) over infinite
forests. The former are a common generalization of two incomparable automata
models from the literature. The latter extend alternating automata in a similar
way as the fully enriched μ-calculus extends the standard μ-calculus.Comment: A preliminary version of this paper appears in the Proceedings of the
33rd International Colloquium on Automata, Languages and Programming (ICALP),
2006. This paper has been selected for a special issue in LMC
Name-passing calculi and crypto-primitives: A survey
The paper surveys the literature on high-level name-passing process calculi, and their extensions with cryptographic primitives. The survey is by no means exhaustive, for essentially two reasons. First, in trying to provide a coherent presentation of different ideas and techniques, one inevitably ends up leaving out the approaches that do not fit the intended roadmap. Secondly, the literature on the subject has been growing at very high rate over the years. As a consequence, we decided to concentrate on few papers that introduce the main ideas, in the hope that discussing them in some detail will provide sufficient insight for further reading
Channel Abstractions for Network Security
Process algebraic techniques for distributed systems are increasingly being targeted at identifying abstractions adequate both for high-level programming and specification, and for security analysis and verification.
Drawing on our earlier work in
[Bugliesi & Focardi 2008] F08}, we investigate the expressive power of a core set of security and network abstractions that provide high-level primitives for the specifications of the honest principals in a network, while at the same time enabling an analysis of the network-level adversarial attacks that may be mounted by an intruder.
We analyze various bisimulation equivalences for security, arising from endowing the intruder with (i) different adversarial capabilities and (ii) increasingly powerful control on the interaction among the distributed principals of a network. By comparing the relative strength of the bisimulation equivalences, we obtain a direct measure of the discriminating power of the intruder, hence of the expressiveness of the corresponding intruder model
Channel Abstractions for Network Security
Process algebraic techniques for distributed systems are increasingly being targeted at identifying abstractions adequate both for high-level programming and specification, and for security analysis and verification.
Drawing on our earlier work in
[Bugliesi & Focardi 2008] F08}, we investigate the expressive power of a core set of security and network abstractions that provide high-level primitives for the specifications of the honest principals in a network, while at the same time enabling an analysis of the network-level adversarial attacks that may be mounted by an intruder.
We analyze various bisimulation equivalences for security, arising from endowing the intruder with (i) different adversarial capabilities and (ii) increasingly powerful control on the interaction among the distributed principals of a network. By comparing the relative strength of the bisimulation equivalences, we obtain a direct measure of the discriminating power of the intruder, hence of the expressiveness of the corresponding intruder model
Sub-session hijacking on the web: Root causes and prevention
Since cookies act as the only proof of a user identity, web sessions are particularly vulnerable to session hijacking attacks, where the browser run by a given user sends requests associated to the identity of another user. When n > 1 cookies are used to implement a session, there might actually be n sub-sessions running at the same website, where each cookie is used to retrieve part of the state information related to the session. Sub-session hijacking breaks the ideal view of the existence of a unique user session by selectively hijacking m sub-sessions, with m < n. This may reduce the security of the session to the security of its weakest sub-session. In this paper, we take a systematic look at the root causes of sub-session hijacking attacks and we introduce sub-session linking as a possible defense mechanism. Out of two flavors of sub-session linking desirable for security, which we call intra-scope and inter-scope sub-session linking respectively, only the former is relatively smooth to implement. Luckily, we also identify programming practices to void the need for inter-scope sub-session linking. We finally present Warden, a server-side proxy which automatically enforces intra-scope sub-session linking on incoming HTTP(S) requests, and we evaluate it in terms of protection, performances, backward compatibility and ease of deployment
- …