Virtual Analysis and Reduction of Side-Channel Vulnerabilities of Smartcards

This paper focuses on the usability of the PINPAS tool. The PINPAS tool is an instruction-level interpreter for smartcard assembler languages, augmented with facilities to study side-channel vulnerabilities. The tool can simulate side-channel leakage and has a suite of utilities to analyze this. The usage of the tool, for the analysis of a cryptographic algorithm is illustrated using the standard AES and RSA. Vulnerabilities of the implementations are identified and protective measures added. It is argued, that the tool can be instrumental for the design and realization of secure smartcard implementations in a systematic wa

Metric Semantics and Full Abstractness for Action Refinement and Probabilistic Choice

This paper provides a case-study in the field of metric semantics for probabilistic programming. Both an operational and a denotational semantics are presented for an abstract process language L_pr, which features action refinement and probabilistic choice. The two models are constructed in the setting of complete ultrametric spaces, here based on probability measures of compact support over sequences of actions. It is shown that the standard toolkit for metric semantics works well in the probabilistic context of L_pr, e.g. in establishing the correctness of the denotational semantics with respect to the operational one. In addition, it is shown how the method of proving full abstraction --as proposed recently by the authors for a nondeterministic language with action refinement-- can be adapted to deal with the probabilistic language L_pr as well

Retractions in comparing PROLOG semantics

We present an operational model O and a continuation based denotational model D for a uniform variant of PROLOG, including the cut operator. The two semantical definitions make use of higher order transformations Phi and Psi, respectively. We prove O and D equivalent in a novel way by comparing yet another pair of higher order transformations Phi~ and Psi~, that yield Phi and Psi, respectively, by application of a suitable abstraction operator

Continuation semantics for PROLOG with cut

We present a denotational continuation semantics for PROLOG with cut. First a uniform language B is studied, which captures the control flow aspects of PROLOG. The denotational semantics for B is proven equivalent to a transition system based operational semantics. The congruence proof relies on the representation of the operational semantics as a chain of approximations and on a convenient induction principle. Finally, we interpret the abstract language B such that we obtain equivalent denotational and operational models for PROLOG itself

Denotational semantics for unguarded recursion: the demonic case

We show that the technique to prove equivalence of operational and denotational cpo based semantics using retractions, as introduced in de Bruin & Vink [1989] for a sequential backtracking language, can be applied to parallel languages as well. We prove equivalence for a uniform language in which procedure calls need not be guarded. The unguardedness is taken care of by giving a semantics in which the nondeterminism is demonic

System evolution by migration coordination

Collaborations between components can bemodeled in the coordination language Paradigm[3]. A collaboration solution is specified by loosely coupling component dynamics to a protocol via their roles. Not only regular, foreseen collaboration can be specified, originally unforeseen collaboration can be modeled too [4]. To explain how, we first look very briefly at Paradigm’s regular coordination specification. Component dynamics are expressed by state-transition diagrams (STDs), see Figure 1(a) for a mock-up STD MU in UML style. MU contributes to a collaboration via a role MU(R). Figure 1(b) specifies MU(R) through a different STD, whose states are so-called phases of MU: temporarily valid, dynamic constraints imposed on MU. The figure mentions four such phases, Clock, Anti, Inter and Small. Figure 1(c) couplesMU and MU(R). It specifies each phase as part of MU, additionally decorated with one or more polygons grouping some states of a phase. Polygons visualize so-called traps: a trap, once entered, cannot be left as long as the phase remains the valid constraint. A trap having been entered, serves as a guard for a phase change. Therefore, traps label transitions in a role STD, cf. Figure 1(b). Single steps from different roles, are synchronized into one protocol step. A protocol step can be coupled to one detailed step of a so-called manager component, driving the protocol. Meanwhile, local variables can be updated. It is through a consistency rule, Paradigm specifies a protocol step: (i) at the left-hand side of a ?? the one, driving manager step is given, if relevant; (ii) the right-hand side lists the role steps being synchronized; (iii) optionally, a change clause [2] can be given updating variables, e.g. one containing the current set of consistency rules. For example, a consistency rule without change clause, MU2:A!B ?? MU1(R):Clock triv ! Anti, MU3(R): Inter toSmall ! Small where a manager step ofMU2 is coupled to the swapping ofMU1 from circling clockwise to anti-clock-wise and swapping MU3 from intermediate inspection into circling on a smaller scale