Existential Types for Relaxed Noninterference

Information-flow security type systems ensure confidentiality by enforcing noninterference: a program cannot leak private data to public channels. However, in practice, programs need to selectively declassify information about private data. Several approaches have provided a notion of relaxed noninterference supporting selective and expressive declassification while retaining a formal security property. The labels-as-functions approach provides relaxed noninterference by means of declassification policies expressed as functions. The labels-as-types approach expresses declassification policies using type abstraction and faceted types, a pair of types representing the secret and public facets of values. The original proposal of labels-as-types is formulated in an object-oriented setting where type abstraction is realized by subtyping. The object-oriented approach however suffers from limitations due to its receiver-centric paradigm. In this work, we consider an alternative approach to labels-as-types, applicable in non-object-oriented languages, which allows us to express advanced declassification policies, such as extrinsic policies, based on a different form of type abstraction: existential types. An existential type exposes abstract types and operations on these; we leverage this abstraction mechanism to express secrets that can be declassified using the provided operations. We formalize the approach in a core functional calculus with existential types, define existential relaxed noninterference, and prove that well-typed programs satisfy this form of type-based relaxed noninterference

Parametric polymorphism - universally

In the 1980s, John Reynolds postulated that a parametrically polymorphic function is an ad-hoc polymorphic function satisfying a uniformity principle. This allowed him to prove that his set-theoretic semantics has a relational lifting which satisfies the Identity Extension Lemma and the Abstraction Theorem. However, his definition (and subsequent variants) have only been given for specific models. In contrast, we give a model-independent axiomatic treatment by characterising Reynolds' definition via a universal property, and show that the above results follow from this universal property in the axiomatic setting

High affinity binding of the peptide agonist TIP-39 to the parathyroid hormone 2 (PTH₂) receptor requires the hydroxyl group of Tyr-318 on transmembrane helix 5

TIP39 (“tuberoinfundibular peptide of 39 residues”) acts via the parathyroid hormone 2 receptor, PTH₂, a Family B G protein-coupled receptor (GPCR). Despite the importance of GPCRs in human physiology and pharmacotherapy, little is known about the molecular details of the TIP39-PTH₂ interaction. To address this, we utilised the different pharmacological profiles of TIP39 and PTH(1-34) at PTH₂ and its related receptor PTH₁: TIP39 being an agonist at the former but an antagonist at the latter, while PTH(1-34) activates both. A total of 23 site-directed mutations of PTH₂, in which residues were substituted to the equivalent in PTH₁, were made and pharmacologically screened for agonist activity. Follow-up mutations were analysed by radioligand binding and cAMP assays. A model of the TIP39-PTH₂ complex was built and analysed using molecular dynamics. Only Tyr318-Ile displayed reduced TIP39 potency, despite having increased PTH(1-34) potency, and further mutagenesis and analysis at this site demonstrated that this was due to reduced TIP39 affinity at Tyr318-Ile (pIC50 = 6.01±0.03) compared with wild type (pIC₅₀ = 7.81±0.03). The hydroxyl group of the Tyr-318’s side chain was shown to be important for TIP39 binding, with the Tyr318-Phe mutant displaying 13-fold lower affinity and 35-fold lower potency compared with wild type. TIP39 truncated by up to 5 residues at the N-terminus was still sensitive to the mutations at Tyr-318, suggesting that it interacts with a region within TIP39(6-39). Molecular modelling and molecular dynamics simulations suggest that the selectivity is based on an interaction between the Tyr-318 hydroxyl group with the carboxylate side chain of Asp-7 of the peptide

The effect of small bowel transplantation on the morphology and physiology of intestinal muscle: A comparison of autografts versus allografts in dogs

The effects of acute (AR) and chronic rejection (CR) on intestinal smooth muscle that are responsible for the dysmotility following small bowel transplantation (SBTX) are incompletely understood. Jejunal and ileal specimens from normal control dogs (n=7), and autotransplanted dogs were examined at 7 days (n=6) and 1 (n=7), 3 (n=6), 6 (n=6), and 12 months (n=6). Allotransplanted dogs that developed AR (n=8) and CR (n=5) were examined for gross and microscopic morphology (muscle thickness, the number and size of myocytes, and inflammatory infiltrate), and for contractile and intracellular electrical function in vitro. Auto-SBTX did not alter morphology at any period, but contractile function was impaired at 7 days (73.6%) compared with normal intestine. Acute rejection did not influence myocyte number or size, but was associated with a prominent infiltrate of neutrophils and lymphocytes, and severely impaired contractile function (20.6%) compared with auto-SBTX controls. Acute rejection also significantly inhibited the amplitude of slow waves and of inhibitory junction potentials. Chronic rejection caused thickening of muscularis propria by both hyperplasia (175.5%) and hypertrophy (202.6%) accompanied by moderate inflammatory cell infiltrate compared with auto-SBTX controls. We conclude that the marked inflammatory infiltrate into the muscularis propria indicates that the graft muscle is injured by both acute and chronic rejection; impaired function of intestinal smooth muscle following SBTX results from both rejection and the injury associated with transplantation, and chronic rejection following SBTX is associated with both hyperplasia and hypertrophy of the muscularis propria

Functional Big-step Semantics

When doing an interactive proof about a piece of software, it is important that the underlying programming language’s semantics does not make the proof unnecessarily difficult or unwieldy. Both smallstep and big-step semantics are commonly used, and the latter is typically given by an inductively defined relation. In this paper, we consider an alternative: using a recursive function akin to an interpreter for the language. The advantages include a better induction theorem, less duplication, accessibility to ordinary functional programmers, and the ease of doing symbolic simulation in proofs via rewriting. We believe that this style of semantics is well suited for compiler verification, including proofs of divergence preservation. We do not claim the invention of this style of semantics: our contribution here is to clarify its value, and to explain how it supports several language features that might appear to require a relational or small-step approach. We illustrate the technique on a simple imperative language with C-like for-loops and a break statement, and compare it to a variety of other approaches. We also provide ML and lambda-calculus based examples to illustrate its generality