50 research outputs found
Rely-guarantee Reasoning about Concurrent Reactive Systems: The PiCore Framework, Languages Integration and Applications
The rely-guarantee approach is a promising way for compositional verification
of concurrent reactive systems (CRSs), e.g. concurrent operating systems,
interrupt-driven control systems and business process systems. However,
specifications using heterogeneous reaction patterns, different abstraction
levels, and the complexity of real-world CRSs are still challenging the
rely-guarantee approach. This article proposes PiCore, a rely-guarantee
reasoning framework for formal specification and verification of CRSs. We
design an event specification language supporting complex reaction structures
and its rely-guarantee proof system to detach the specification and logic of
reactive aspects of CRSs from event behaviours. PiCore parametrizes the
language and its rely-guarantee system for event behaviour using a
rely-guarantee interface and allows to easily integrate 3rd-party languages via
rely-guarantee adapters. By this design, we have successfully integrated two
existing languages and their rely-guarantee proof systems without any change of
their specification and proofs. PiCore has been applied to two real-world case
studies, i.e. formal verification of concurrent memory management in Zephyr
RTOS and a verified translation for a standardized Business Process Execution
Language (BPEL) to PiCore.Comment: Submission to ACM Transactions on Programming Languages and Systems
in 202
Event-based Compositional Reasoning of Information-Flow Security for Concurrent Systems
High assurance of information-flow security (IFS) for concurrent systems is
challenging. A promising way for formal verification of concurrent systems is
the rely-guarantee method. However, existing compositional reasoning approaches
for IFS concentrate on language-based IFS. It is often not applicable for
system-level security, such as multicore operating system kernels, in which
secrecy of actions should also be considered. On the other hand, existing
studies on the rely-guarantee method are basically built on concurrent
programming languages, by which semantics of concurrent systems cannot be
completely captured in a straightforward way. In order to formally verify
state-action based IFS for concurrent systems, we propose a
rely-guarantee-based compositional reasoning approach for IFS in this paper. We
first design a language by incorporating ``Event'' into concurrent languages
and give the IFS semantics of the language. As a primitive element, events
offer an extremely neat framework for modeling system and are not necessarily
atomic in our language. For compositional reasoning of IFS, we use
rely-guarantee specification to define new forms of unwinding conditions (UCs)
on events, i.e., event UCs. By a rely-guarantee proof system of the language
and the soundness of event UCs, we have that event UCs imply IFS of concurrent
systems. In such a way, we relax the atomicity constraint of actions in
traditional UCs and provide a compositional reasoning way for IFS in which
security proof of systems can be discharged by independent security proof on
individual events. Finally, we mechanize the approach in Isabelle/HOL and
develop a formal specification and its IFS proof for multicore separation
kernels as a study case according to an industrial standard -- ARINC 653
Medical image retrieval with query-dependent feature fusion based on one-class SVM
Due to the huge growth of the World Wide Web, medical images are now available in large numbers in online repositories, and there exists the need to retrieval the images through automatically extracting visual information of the medical images, which is commonly known as content-based image retrieval (CBIR). Since each feature extracted from images just characterizes certain aspect of image content, multiple features are necessarily employed to improve the retrieval performance. Meanwhile, experiments demonstrate that a special feature is not equally important for different image queries. Most of existed feature fusion methods for image retrieval only utilize query independent feature fusion or rely on explicit user weighting. In this paper, we present a novel query dependent feature fusion method for medical image retrieval based on one class support vector machine. Having considered that a special feature is not equally important for different image queries, the proposed query dependent feature fusion method can learn different feature fusion models for different image queries only based on multiply image samples provided by the user, and the learned feature fusion models can reflect the different importances of a special feature for different image queries. The experimental results on the IRMA medical image collection demonstrate that the proposed method can improve the retrieval performance effectively and can outperform existed feature fusion methods for image retrieval.<br /
A new query dependent feature fusion approach for medical image retrieval based on one-class SVM
With the development of the internet, medical images are now available in large numbers in online repositories, and there exists the need to retrieval the medical images in the content-based ways through automatically extracting visual information of the medical images. Since a single feature extracted from images just characterizes certain aspect of image content, multiple features are necessarily employed to improve the retrieval performance. Furthermore, a special feature is not equally important for different image queries since a special feature has different importance in reflecting the content of different images. However, most existed feature fusion methods for image retrieval only utilize query independent feature fusion or rely on explicit user weighting. In this paper, based on multiply query samples provided by the user, we present a novel query dependent feature fusion method for medical image retrieval based on one class support vector machine. The proposed query dependent feature fusion method for medical image retrieval can learn different feature fusion models for different image queries, and the learned feature fusion models can reflect the different importance of a special feature for different image queries. The experimental results on the IRMA medical image collection demonstrate that the proposed method can improve the retrieval performance effectively and can outperform existed feature fusion methods for image retrieval.<br /
PA-Boot: A Formally Verified Authentication Protocol for Multiprocessor Secure Boot
Hardware supply-chain attacks are raising significant security threats to the
boot process of multiprocessor systems. This paper identifies a new, prevalent
hardware supply-chain attack surface that can bypass multiprocessor secure boot
due to the absence of processor-authentication mechanisms. To defend against
such attacks, we present PA-Boot, the first formally verified
processor-authentication protocol for secure boot in multiprocessor systems.
PA-Boot is proved functionally correct and is guaranteed to detect multiple
adversarial behaviors, e.g., processor replacements, man-in-the-middle attacks,
and tampering with certificates. The fine-grained formalization of PA-Boot and
its fully mechanized security proofs are carried out in the Isabelle/HOL
theorem prover with 306 lemmas/theorems and ~7,100 LoC. Experiments on a
proof-of-concept implementation indicate that PA-Boot can effectively identify
boot-process attacks with a considerably minor overhead and thereby improve the
security of multiprocessor systems.Comment: Manuscript submitted to IEEE Trans. Dependable Secure Compu