Long-Term and Inter-annual Mass Changes in the Iceland Ice Cap Determined From GRACE Gravity Using Slepian Functions

The Gravity Recovery and Climate Experiment (GRACE) satellites have measured anomalies in the Earth's time-variable gravity field since 2002, allowing for the measurement of the melting of glaciers due to climate change. Many techniques used with GRACE data have difficulty constraining mass change in small regions, such as Iceland, often requiring broad averaging functions in order to capture trends. These techniques also capture data from nearby regions, causing signal leakage. Alternatively, Slepian functions may solve this problem by optimally concentrating data both in the spatial domain (e.g., Iceland) and spectral domain (i.e., the bandwidth of the data). We use synthetic experiments to show that Slepian functions can capture trends over Iceland without meaningful leakage and influence from ice changes in Greenland. We estimate a mass change over Iceland from GRACE data of approximately -9.3 ± 1.0 Gt/yr between March 2002 and November 2016, with an acceleration of 1.1 ± 0.5 Gt/yr2.NASA Space Grant Internship at the University of Arizona; TRIFF-WEES program at the University of ArizonaOpen access journalThis item from the UA Faculty Publications collection is made available by the University of Arizona with support from the University of Arizona Libraries. If you have questions, please contact us at [email protected]

Formal Model-Driven Analysis of Resilience of GossipSub to Attacks from Misbehaving Peers

GossipSub is a new peer-to-peer communication protocol designed to counter attacks from misbehaving peers by carefully controlling what information is disseminated and to whom, via a score function computed by each peer that captures positive and negative behaviors of its neighbors. The score function depends on several parameters (weights, caps, thresholds, etc.) that can be configured by applications using GossipSub. The specification for GossipSub is written in English and its resilience to attacks from misbehaving peers is supported empirically by emulation testing using an implementation in Golang. In this work we take a foundational approach to understanding the resilience of GossipSub to attacks from misbehaving peers. We build the first formal model of GossipSub, using the ACL2s theorem prover. Our model is officially endorsed by GossipSub developers. It can simulate GossipSub networks of arbitrary size and topology, with arbitrarily configured peers, and can be used to prove and disprove theorems about the protocol. We formalize fundamental security properties stating that the score function is fair, penalizes bad behavior and rewards good behavior. We prove that the score function is always fair, but can be configured in ways that either penalize good behavior or ignore bad behavior. Using our model, we run GossipSub with the specific configurations for two popular real-world applications: the FileCoin and Eth2.0 blockchains. We show that all properties hold for FileCoin. However, given any Eth2.0 network (of any topology and size) with any number of potentially misbehaving peers, we can synthesize attacks where these peers are able to continuously misbehave by never forwarding topic messages, while maintaining positive scores so that they are never pruned from the network by GossipSub.Comment: In revie

Verification of GossipSub in ACL2s

GossipSub is a popular new peer-to-peer network protocol designed to disseminate messages quickly and efficiently by allowing peers to forward the full content of messages only to a dynamically selected subset of their neighboring peers (mesh neighbors) while gossiping about messages they have seen with the rest. Peers decide which of their neighbors to graft or prune from their mesh locally and periodically using a score for each neighbor. Scores are calculated using a score function that depends on mesh-specific parameters, weights and counters relating to a peer's performance in the network. Since a GossipSub network's performance ultimately depends on the performance of its peers, an important question arises: Is the score calculation mechanism effective in weeding out non-performing or even intentionally misbehaving peers from meshes? We answered this question in the negative in our companion paper by reasoning about GossipSub using our formal, official and executable ACL2s model. Based on our findings, we synthesized and simulated attacks against GossipSub which were confirmed by the developers of GossipSub, FileCoin, and Eth2.0, and publicly disclosed in MITRE CVE-2022-47547. In this paper, we present a detailed description of our model. We discuss design decisions, security properties of GossipSub, reasoning about the security properties in context of our model, attack generation and lessons we learnt when writing it.Comment: In Proceedings ACL2-2023, arXiv:2311.0837

A Case Study in Analytic Protocol Analysis in ACL2

When verifying computer systems we sometimes want to study their asymptotic behaviors, i.e., how they behave in the long run. In such cases, we need real analysis, the area of mathematics that deals with limits and the foundations of calculus. In a prior work, we used real analysis in ACL2s to study the asymptotic behavior of the RTO computation, commonly used in congestion control algorithms across the Internet. One key component in our RTO computation analysis was proving in ACL2s that for all alpha in [0, 1), the limit as n approaches infinity of alpha raised to n is zero. Whereas the most obvious proof strategy involves the logarithm, whose codomain includes irrationals, by default ACL2 only supports rationals, which forced us to take a non-standard approach. In this paper, we explore different approaches to proving the above result in ACL2(r) and ACL2s, from the perspective of a relatively new user to each. We also contextualize the theorem by showing how it allowed us to prove important asymptotic properties of the RTO computation. Finally, we discuss tradeoffs between the various proof strategies and directions for future research.Comment: In Proceedings ACL2-2023, arXiv:2311.0837

Uphold the nuclear weapons test moratorium

The Trump administration is considering renewing nuclear weapons testing (1), a move that could increase the risk of another nuclear arms race as well as an inadvertent or intentional nuclear war. Following in the long tradition of scientists opposing nuclear weapons due to their harmful effects on both humanity and the planet (2), we ask the U.S. government to desist from plans to conduct nuclear tests. During the Cold War, the United States conducted 1030 nuclear weapons tests, more than all other nuclear-armed nations combined (3). In 1996, the United States signed the Comprehensive Nuclear Test Ban Treaty (CTBT), agreeing not to conduct a nuclear weapons test of any yield (4). The United States has not yet ratified the CTBT but did spearhead the 2016 adoption of UN Security Council Resolution 2310, which calls upon all countries to uphold the object and purpose of the CTBT by not conducting nuclear tests (5). Eight of the nine nuclear-armed states, including the five permanent members of the UN Security Council, have observed a moratorium on nuclear testing since 1998 (3, 4). The ninth, North Korea, responding to international pressure, stopped testing warhead detonations (as opposed to missile flights) in 2017 (6). If the United States ratified the CTBT, joining the 168 countries who have already done so (4), there is a good chance that the other holdout countries would ratify the treaty as well (7)

Uphold the nuclear weapons test moratorium

The Trump administration is considering renewing nuclear weapons testing (1), a move that could increase the risk of another nuclear arms race as well as an inadvertent or intentional nuclear war. Following in the long tradition of scientists opposing nuclear weapons due to their harmful effects on both humanity and the planet (2), we ask the U.S. government to desist from plans to conduct nuclear tests. During the Cold War, the United States conducted 1030 nuclear weapons tests, more than all other nuclear-armed nations combined (3). In 1996, the United States signed the Comprehensive Nuclear Test Ban Treaty (CTBT), agreeing not to conduct a nuclear weapons test of any yield (4). The United States has not yet ratified the CTBT but did spearhead the 2016 adoption of UN Security Council Resolution 2310, which calls upon all countries to uphold the object and purpose of the CTBT by not conducting nuclear tests (5). Eight of the nine nuclear-armed states, including the five permanent members of the UN Security Council, have observed a moratorium on nuclear testing since 1998 (3, 4). The ninth, North Korea, responding to international pressure, stopped testing warhead detonations (as opposed to missile flights) in 2017 (6). If the United States ratified the CTBT, joining the 168 countries who have already done so (4), there is a good chance that the other holdout countries would ratify the treaty as well (7)