Abstract. The spi calculus is an executable model for the description and analysis of cryptographic protocols. Security objectives like secrecy and authenticity can be formulated as equations between spi calculus terms, where equality is interpreted as a contextual equivalence. One problem with verifying contextual equivalences for message-passing process calculi is the infinite branching on process input. In this paper, we propose a general symbolic semantics for the spi calculus, where an input prefix gives rise to only one transition. To avoid infinite quantification over contexts, non-contextual concrete bisimulations approximating barbed equivalence have been defined. We propose a symbolic bisimulation that is sound with respect to barbed equivalence, and brings us closer to automated bisimulation checks. Background, Related Work, and SummaryVerification of Cryptographic Protocols in the Spi Calculus. Abadi and Gordon designed the spi calculus as an extension of the pi calculus with encryption primitives in order to describe and formally analyze cryptographic protocols [AG99]. The success of the spi calculus is due to at least three reasons. (1) It is equipped with an operational semantics; thus any protocol described in the calculus may be regarded as executable. (2) Security properties can be formulated as equations on process terms, so no external formalism is needed. (3) Contextual equivalences on process terms avoid the need to explicitly model the attacker; they take into account any attacker that can be expressed in the calculus.For example, we may wish to analyze the trivial cryptographic protocol (νk) (A | B) where A := a E k m and B := a(x).f D k x consisting of participant A sending on channel a the message m, encrypted under the secret shared symmetric key k, to participant B who tries to decrypt the received message and, in case of successful decryption, outputs the result on channel f . We may compare this protocol with its specification Apart from the equational style, cryptographic protocols in the spi calculus are analyzed by control flow analysis, trace analysis, reachability analysis, and type systems; they are beyond the scope of this paper. [this paper]+ 3 testing Equivalences. To verify security properties expressed in the equational style, we need to give an interpretation for the equation symbol. Contextual equivalencestwo terms are related if they behave in the same way in all contexts-are attractive because the quantification over all contexts directly captures the intuition of an unknown attacker expressible within the spi calculus [AG99].The notions of may-testing equivalence and barbed equivalence are the most prominent contextual equivalences [see the right column of Fig. 1]. Their main distinction is linear time versus branching time: The former considers the possibility of passing tests after sequences of computation steps; the latter has a more refined view, also comparing the derivatives of internal computation. Secrecy and authenticity are usually seen as trace-based prop...
In the area of high-performance computing and embedded systems, numerous code optimisation methods exist to accelerate the speed of the computation (or optimise another performance criteria). They are usually experimented by doing multiple observations of the initial and the optimised execution times of a programme in order to declare a speedup. Even with fixed input and execution environment, programme execution times vary in general. Hence, different kinds of speedups may be reported: the speedup of the average execution time, the speedup of the minimal execution time, the speedup of the median and others. Many published speedups in the literature are observations of a set of experiments. To improve the reproducibility of the experimental results, this article presents a rigorous statistical methodology regarding programme performance analysis. We rely on well-known statistical tests (Shapiro-Wilk's test, Fisher's F -test, Student's t-test, Kolmogorov-Smirnov's test and Wilcoxon-Mann-Whitney's test) to study if the observed speedups are statistically significant or not. By fixing 0 <˛< 1 a desired risk level, we are able to analyse the statistical significance of the average execution time as well as the median. We can also check if P OEX > Y > 1=2, the probability that an individual execution of the optimised code is faster than the individual execution of the initial code. In addition, we can compute the confidence interval of the probability to obtain a speedup on a randomly selected benchmark that does not belong to the initial set of tested benchmarks. Our methodology defines a consistent improvement compared with the usual performance analysis method in high-performance computing. We explain in each situation the hypothesis that must be checked to declare a correct risk level for the statistics. The Speedup-Test protocol certifying the observed speedups with rigorous statistics is implemented and distributed as an open source tool based on R software. CopyrightThe first principle is to provide a mathematical proof given a theoretical model that the published code optimisation method is correct or/and efficient: this is the hardest part of research in computer science, because if the theoretical model is too simple, it would not represent real world, and if the model is too close to real world, mathematics becomes too complex to digest. A second principle for code optimisation in general is to propose and implement a code transformation technique and to practice it on a set of chosen benchmarks in order to evaluate its efficiency. This article concerns this last point: how can we use rigorous statistics to compare between the performances of two versions of the same programme.What makes a binary programme execution time vary on a modern multicore processor, even if we use the same data input, the same binary and the same execution environment? Here are some factors:1. Intrinsic factors to the programme itself: synchronisation functions, OS calls and others. 2. Factors related to the execution environment: ...
Protocol narrations are a widely-used informal means to describe, in an idealistic manner, the functioning of cryptographic protocols as a single intended sequence of cryptographic message exchanges among the protocol's participants. Protocol narrations have also been informally "turned into" a number of formal protocol descriptions, e.g., using the spi-calculus. In this paper, we propose a direct formal operational semantics for protocol narrations that fixes a particular and, as we argue, well-motivated interpretation on how the involved protocol participants are supposed to execute. Based on this semantics, we explain and formally justify a natural and precise translation of narrations into spi-calculus. An optimised translation has been implemented in OCaml, and we report on case studies that we have carried out using the tool.
Recently, some active shielding techniques have been broken (e.g. by FlyLogic). The caveat is that their geometry is easy to guess, and thus they can be bypassed with an affordable price. This paper has two contributions. First of all, it provides a definition of the objectives of shielding, which is seldom found in publicly available sources. Notably, we precise the expected functionality, but also the constraints it must meet to be both manufacturable and secure. Second, we propose an innovative solution based on random shielding. The goal of this shielding is to make the geometry of the shield difficult to recognize, thereby making the "identification" phase of the attack harder than in previous schemes. Also, a proof of the shielding existence for two layers of metal is provided, which guarantees that the generation of the layout will succeed. Finally, we provide real tests of the shield generation algorithm, that show it is computationally tractable even for large areas to protect.
Abstract. In this paper, we study the general problem of one-dimensional periodic task scheduling under storage requirement, irrespective of machine constraints. We have already presented in (Touati and Eisenbeis, 2004) a theoretical framework that allows an optimal optimisation of periodic storage requirement in a cyclic schedule. Since our optimization problem is NP-hard (Touati, 2002), solving an exact integer linear programming formulation is too expensive in practice. In this article, we propose an efficient two-steps heuristic using model's properties that allows fast computation times while providing highly satisfactory results. This method includes the solution of an integer linear program with a totally unimodular constraints matrix in first step, then the solution of a linear assignment problem. Our heuristic is implemented for an industrial compiler for embedded VLIW processors.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.