Pasquale Malacaria scite author profile

An intensional model for the programming language PCF is described, in which the types of PCF are interpreted by games, and the terms by certain "history-free" strategies. This model is shown to capture definability in PCF. More precisely, every compact strategy in the model is definable in a certain simple extension of PCF. We then introduce an intrinsic preorder on strategies, and show that it satisfies some striking properties, such that the intrinsic preorder on function types coincides with the pointwise preorder. We then obtain an order-extensional fully abstract model of PCF by quotienting the intensional model by the intrinsic preorder. This is the first syntax-independent description of the fully abstract model for PCF. (Hyland and Ong have obtained very similar results by a somewhat different route, independently and at the same time).We then consider the effective version of our model, and prove a Universality Theorem: every element of the effective extensional model is definable in PCF. Equivalently, every recursive strategy is definable up to observational equivalence.The Full Abstraction Problem for PCF [Plo77, Mil77, BCL85, Cur92b] is one of the longest-standing problems in the semantics of programming languages. There is quite widespread agreement that it is one of the most difficult; there is much less agreement as to what exactly the problem is, or more particularly as to the precise criteria for a solution. The usual formulation is that one wants a "semantic characterization" of the fully abstract model (by which we mean the inequationally fully abstract order-extensional model, which Milner proved to be uniquely specified up to isomorphism by these properties [Mil77]). The problem is to understand what should be meant by a "semantic characterization".Our view is that the essential content of the problem, what makes it important, is that it calls for a semantic characterization of sequential, functional computation at higher types. The phrase "sequential functional computation" deserves careful consideration. On the one hand, sequentiality refers to a computational process extended over time, not a mere function; on the other hand, we want to capture just those sequential computations *

show abstract

Quantitative Analysis of the Leakage of Confidential Data

Clark

Hunt

Malacaria

2002

Electronic Notes in Theoretical Computer Science

139

141

View full text Add to dashboard Cite

Decision support approaches for cyber security investment

Fielder

Panaousis

Malacaria

et al. 2016

Decision Support Systems

205

138

View full text Add to dashboard Cite

When investing in cyber security resources, information security managers have to follow effective decisionmaking\ud strategies. We refer to this as the cyber security investment challenge.In this paper, we consider\ud three possible decision support methodologies for security managers to tackle this challenge. We consider\ud methods based on game theory, combinatorial optimisation, and a hybrid of the two. Our modelling starts\ud by building a framework where we can investigate the effectiveness of a cyber security control regarding\ud the protection of different assets seen as targets in presence of commodity threats. As game theory captures\ud the interaction between the endogenous organisation’s and attackers’ decisions, we consider a 2-person\ud control game between the security manager who has to choose among different implementation levels of a\ud cyber security control, and a commodity attacker who chooses among different targets to attack. The pure\ud game theoretical methodology consists of a large game including all controls and all threats. In the hybrid\ud methodology the game solutions of individual control-games along with their direct costs (e.g. financial) are\ud combined with a Knapsack algorithm to derive an optimal investment strategy. The combinatorial optimisation\ud technique consists of a multi-objective multiple choice Knapsack based strategy. To compare these\ud approaches we built a decision support tool and a case study regarding current government guidelines. The\ud endeavour of this work is to highlight the weaknesses and strengths of different investment methodologies\ud for cyber security, the benefit of their interaction, and the impact that indirect costs have on cyber security\ud investment. Going a step further in validating our work, we have shown that our decision support tool provides\ud the same advice with the one advocated by the UK government with regard to the requirements for\ud basic technical protection from cyber attacks in SMEs

show abstract

A static analysis for quantifying information flow in a simple imperative language

Clark

Hunt

Malacaria

2007

JCS

134

View full text Add to dashboard Cite

We propose an approach to quantify interference in a simple imperative language that includes a looping construct. In this paper we focus on a particular case of this definition of interference: leakage of information from private variables to public ones via a Trojan Horse attack. We quantify leakage in terms of Shannon's information theory and we motivate our definition by proving a result relating this definition of leakage and the classical notion of programming language interference. The major contribution of the paper is a quantitative static analysis based on this definition for such a language. The analysis uses some non-trivial information theory results like Fano's inequality and L1 inequalities to provide reasonable bounds for conditional statements. While-loops are handled by integrating a qualitative flow-sensitive dependency analysis into the quantitative analysis.

show abstract

Quantifying information leaks in software

Heusser

Malacaria

2010

View full text Add to dashboard Cite

Leakage of confidential information represents a serious security risk. Despite a number of novel, theoretical advances, it has been unclear if and how quantitative approaches to measuring leakage of confidential information could be applied to substantial, real-world programs. This is mostly due to the high complexity of computing precise leakage quantities. In this paper, we introduce a technique which makes it possible to decide if a program conforms to a quantitative policy which scales to large state-spaces with the help of bounded model checking.Our technique is applied to a number of officially reported information leak vulnerabilities in the Linux Kernel. Additionally, we also analysed authentication routines in the Secure Remote Password suite and of a Internet Message Support Protocol implementation. Our technique shows when there is unacceptable leakage; the same technique is also used to verify, for the first time, that the applied software patches indeed plug the information leaks. This is the first demonstration of quantitative information flow addressing security concerns of real-world industrial programs.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.