A calculus for the specification and verification of distributed concurrent interactive real time systems is introduced. Systems are specified by their interface behavior formalized by interface predicates and interface assertions. System designs in terms of architectures of distributed networks of interactive systems are constructed by concurrent composition of subsystems. The specification of system designs is calculated from the specifications of their subsystems. Verification is done by proof rules which are based on the concepts of causality and realizability justified by the operational model in terms of generalized Moore machines, Moore machines not restricted to finite state spaces. The calculus supports interface specification and reasoning both about untimed as well as timed distributed concurrent systems. This includes the design of cyber-physical systems. Real-time is used, in particular, to specify time sensitive behavior and to prove properties related to causality and realizability, properties which hold for all Moore machines. On this basis, a calculus is worked out and illustrated by small examples. The calculus is shown to be sound and relatively complete.
The C and C++ languages introduced the relaxed-memory concurrency into the language specification for efficiency purposes in 2011.
Trace semantics can provide the mathematical foundation for the proposed C++11 memory model, and there is a lack of investigation of trace semantics for C++11.
The Promising Semantics (PS) of Kang et al. provides the standard SC-style operational semantics for the C++11 concurrency model, where “SC” refers to “Sequential Consistency”. Inspired by PS, in this paper we first investigate the trace semantics for the relaxed read and write accesses under C++11, acting in the denotational semantics style. In our semantic model, a trace is in the form of a sequence of snapshots, and the snapshots record the modification in the relevant global or local variables, and the thread view. Moreover, the trace semantics for the release/acquire accesses under C++11 is also explored, based on the separated thread views and newly added message views.
When considering this trace model, different accesses bring in their unique snapshots, and make distinguished effects on the production of the sequences.
For any given program, the proposed trace semantics in this paper produces all the valid traces directly. Further, our trace semantics, together with that for TSO and MCA ARMv8, has the possibility to be the foundation of the meta model of the trace semantics for weak memory models.
Recently, due to the continued reduction in DNA sequencing cost, large-scale genetic samples are being gathered for accelerating predispositions to specific diseases, tailoring treatment of efficient drugs and therapies, etc. Massive genetic samples are encrypted-and-then-delegated to a public cloud to both save investment and maintenance costs and prevent the potential leakage of sensitive information. However, such a manner compromises the serviceability of a public cloud, since encryption inevitably breaks the semantic information of genetic samples. Secure count query of single-nucleotide polymorphisms (SNPs), as a kernel component for GWASs and related genomic analysis, is attracting much more attention.
Existing methods lack provable security, suffer low efficiency caused by multiple interactions with the cloud, etc. In this paper, a secure virtual CT-Tree (secure vCT-Tree) is carefully constructed to confuse the tree structure by introducing a hash function and a Paillier system. Furthermore, by delegating the secure vCT-Tree to the cloud, concrete models (i.e., SecCT and SecCT+) are presented to resolve secure count query problems on-the-fly. SecCT+ is a solution based on trusted execution environment while SecCT is a pure software solution. Both models advance the provable security of genetic research and are proven to be secure under the adaptive chosen keyword (query) attack (IND-CKA2) model. Furthermore, massive experiments are evaluated on realistic data to show the superiority of SecCT and SecCT+.
Formal Methods (FM) radically improve the quality of the code artefacts they help to produce. They are simple, probably accessible to first-year undergraduate students and certainly to second-year students and beyond. Nevertheless, in many cases, they are not part of a general recommendation for course curricula, i.e., they are not taught — and yet they are valuable.
One reason for this is that teaching “Formal Methods” is often confused with teaching logic and theory. This paper advocates what we call FM thinking: the application of
Bounded model checking (BMC) and fuzzing techniques are among the most effective methods for detecting errors and security vulnerabilities in software. However, there are still shortcomings in detecting these errors due to the inability of existent methods to cover large areas in target code. We propose FuSeBMC v4, a test generator that synthesizes seeds with useful properties, that we refer to as smart seeds, to improve the performance of its hybrid fuzzer thereby achieving high C program coverage. FuSeBMC works by first analyzing and incrementally injecting goal labels into the given C program to guide BMC and Evolutionary Fuzzing engines. After that, the engines are employed for an initial period to produce the so–called smart seeds. Finally, the engines are run again, with these smart seeds as starting seeds, in an attempt to achieve maximum code coverage / find bugs. During seed generation and normal running, the Tracer subsystem aids coordination between the engines. This subsystem conducts additional coverage analysis and updates a shared memory with information on goals covered so far. Furthermore, the Tracer evaluates test-cases dynamically to convert cases into seeds for subsequent test fuzzing. Thus, the BMC engine can provide the seed that allows the fuzzing engine to bypass complex mathematical guards (e.g., input validation). As a result, we received three awards for participation in the fourth international competition in software testing (Test-Comp 2022), outperforming all state-of-the-art tools in every category, including the coverage category.
Permissionless blockchains commonly use resource challenges to defend against sybil attacks. For example, popular resource challenge designs include Proof-of-Work and Proof-of-Stake. It is well-known that simultaneously exploiting multiple resources can help make a permissionless blockchain more robust. For example, combining PoW and PoS can help to keep a blockchain secure, even when the attacker controls more than 50% of the computational power in the system.
While there have been existing efforts for combining multiple resources in blockchains, they only provide partial solutions. Specifically, it is currently still unclear how to combine PoW and PoS, or multiple resources in general, to achieve optimal resilience. Here by optimal resilience, we mean that the blockchain can tolerate every security region, unless that security region is proven to be impossible to tolerate. Existing designs are not able to achieve such optimal resilience.
As our central contribution, this work proposes the novel design and formal security analysis of a blockchain protocol that combines PoS and PoW, which can be further generalized to multiple resources. Our blockchain is the very first blockchain that can achieve optimal resilience. Our design also overcomes a common tricky issue of PoW difficulty adjustment in previous designs. We have further implemented a research prototype of our blockchain design, and experimentally demonstrated its good end-to-end performance.