Logic Column 10: Specifying Confidentiality

This article illustrates the use of a logical specification language to capture various forms of confidentiality properties used in the security literature.Comment: 12 page

Higher-Order Concurrent Win32 Programming

We present a concurrent framework for Win32 programming based on Concurrent ML, a concurrent language with higher-order functions, static typing, lightweight threads and synchronous communication channels. The key points of the framework are the move from an event loop model to a threaded model for the processing of window messages, and the decoupling of controls notifications from the system messages. This last point allows us to derive a general way of writing controls that leads to easy composition, and can accommodate ActiveX Controls in a transparent way.Comment: 10 pages; appeared in Proceedings of the 3rd Usenix Windows NT Symposium, Seattle, pp. 113-122, 199

An Analysis of Lambek's Production Machines

Lambek's production machines may be used to generate and recognize sentences in a subset of the language described by a production grammar. We determine in this paper the subset of the language of a grammar generated and recognized by such machines.Comment: 13 pages, 1 figur

Knowledge and Security

Epistemic concepts, and in some cases epistemic logic, have been used in security research to formalize security properties of systems. This survey illustrates some of these uses by focusing on confidentiality in the context of cryptographic protocols, and in the context of multi-level security systems.Comment: 51 pages; preliminary version of a chapter for an upcoming Handbook of Logics for Knowledge and Belie

On Partially Additive Kleene Algebras

We define the notion of a partially additive Kleene algebra, which is a Kleene algebra where the + operation need only be partially defined. These structures formalize a number of examples that cannot be handled directly by Kleene algebras. We relate partially additive Kleene algebras to existing algebraic structures, by exhibiting categorical connections with Kleene algebras, partially additive categories, and closed semirings.Comment: 23 pages; to be presented at the 8th International Conference on Relational Methods in Computer Science (RelMiCS 8

Logic Column 11: The Finite and the Infinite in Temporal Logic

This article examines the interpretation of the LTL temporal operators over finite and infinite sequences. This is used as the basis for deriving a sound and complete axiomatization for Caret, a recent temporal logic for reasoning about programs with nested procedure calls and returns.Comment: 14 page

Logic Column 12: Logical Verification and Equational Verification

This article examines two approaches to verification, one based on using a logic for expressing properties of a system, and one based on showing the system equivalent to a simpler system that obviously has whatever property is of interest. Using examples such as process calculi and regular programs, the relationship between these two approaches is explored.Comment: 11 page

Reactive Programming in Standard ML

Reactive systems are systems that maintain an ongoing interaction with their environment, activated by receiving input events from the environment and producing output events in response. Modern programming languages designed to program such systems use a paradigm based on the notions of instants and activations. We describe a library for Standard ML that provides basic primitives for programming reactive systems. The library is a low-level system upon which more sophisticated reactive behaviors can be built, which provides a convenient framework for prototyping extensions to existing reactive languages.Comment: 11 pages; appeared in Proceedings of the IEEE International Conference on Computer Languages (ICCL'98), pp. 48-57, 199

Phantom Types and Subtyping

We investigate a technique from the literature, called the phantom-types technique, that uses parametric polymorphism, type constraints, and unification of polymorphic types to model a subtyping hierarchy. Hindley-Milner type systems, such as the one found in Standard ML, can be used to enforce the subtyping relation, at least for first-order values. We show that this technique can be used to encode any finite subtyping hierarchy (including hierarchies arising from multiple interface inheritance). We formally demonstrate the suitability of the phantom-types technique for capturing first-order subtyping by exhibiting a type-preserving translation from a simple calculus with bounded polymorphism to a calculus embodying the type system of SML.Comment: 41 pages. Preliminary version appears in the Proceedings of the 2nd IFIP International Conference on Theoretical Computer Science, pp. 448--460, 200

A Formal Foundation for ODRL

ODRL is a popular XML-based language for stating the conditions under which resources can be accessed legitimately. The language is described in English and, as a result, agreements written in ODRL are open to interpretation. To address this problem, we propose a formal semantics for a representative fragment of the language. We use this semantics to determine precisely when a permission is implied by a set of ODRL statements and show that answering such questions is a decidable NP-hard problem. Finally, we define a tractable fragment of ODRL that is also fairly expressive.Comment: 30 pgs, preliminary version presented at WITS-04 (Workshop on Issues in the Theory of Security), 200