incremental analysis of interference among aspects
play

Incremental Analysis of Interference Among Aspects Interference - PowerPoint PPT Presentation

Oct 31, 2022 •499 likes •938 views

Incremental Analysis of Interference Among Aspects Interference Among Aspects Authors: Emilia Katz, Shmuel Katz Th T The Technion h i 1 Motivation Multiple aspects are often woven into the same p p system => Unintended

  1. Incremental Analysis of Interference Among Aspects Interference Among Aspects Authors: Emilia Katz, Shmuel Katz Th T The Technion h i 1

  2. Motivation • Multiple aspects are often woven into the same p p system => Unintended interactions among the aspects may occur, even if each aspect is “correct” when woven i h i h alone • Libraries of reusable aspects (example: a library • Libraries of reusable aspects (example: a library implementing the ACID properties for transactional objects) => Usage guidelines for the participating aspects are needed 2

  3. New Interference Type Previously defined interference types: Interference caused by Interference caused by - • Common join-points example example – • Updating shared variables U d i h d i bl soon! • Changing join-points ⇒ Not enough! ⇒ More general definition is needed! Interference caused by the semantics of the aspects! 3

  4. What is a Aspect Specifications prior “correct” … because model- b work k d l aspect? checking is used in Pair of LTL formulas proof method p Specification of aspect A is (P A , R A ) automatization … The principle: assume – guarantee (generalized) A assumes: P A holds in the base system in any reasonable base system for A – what’s true at joinpoints unusual! – global properties of base system in any woven – properties of aspect parameters system with A A guarantees: R A is true in the woven system R i t i th t A t – new properties added by A possibly global ! – properties of base system maintained in woven system properties of base system maintained in woven system 4

  5. Semantic Interference Among g Aspects pairwise definition; pairwise definition; will be generalized to N aspects… One aspect “causes” another to not give the desired result (violate its guarantee): • Aspect A satisfies its specification (P A , R A ) • Aspect B satisfies its specification (P B , R B ) p p ( B , B ) • Base system satisfies both P A and P B 5

  6. From now on: assume all the Aspect Interference Aspect Interference aspects are “correct” A B A, B – aspects; S – underlying system aspects; S underlying system (S + A) +B � WRONG � WRONG (S A) S + A � OK OR (S + B) +A � WRONG S + B � OK S + B � OK OR OR S + (A,B) � WRONG This (“joint”) weaving 6 will be discussed later

  7. Interference Example p General description: • Two aspects – part of a security-aspects library, to Two aspects part of a security aspects library, to be used in password-protected systems • Aspect E encrypts passwords Whenever a password is sent from the login screen of the system, it is encrypted (there is also a decryption part, but we ignore it here) yp p , g ) • Aspect F for retrieving forgotten passwords Adds a button to report that the password is f forgotten. When the button is pressed, security tt Wh th b tt i d it questions are asked. If the answers are correct, the password is sent to the user. 7

  8. Example Usage: Internet Access to Bank Accounts Underlying system: Underlying system: send (login, password) Internet Internet Server terminal grant_access (info) 8

  9. Adding Password Encryption Adding Password Encryption Aspect E, responsible for encryption. E’s pointcut: a password is sent from login screen E’s assumption, P E : password-containing messages are sent only from login screen messages are sent only from login screen E’s guarantee, R E : each time a password is sent it is encrypted sent, it is encrypted 9

  10. Later addition: aspect F Aspect F, retrieving forgotten passwords: F’s pointcut: “forgot_password” button is pressed p F’s assumption, P F : true (no assumption needed) needed) F’s guarantee, R F : each time a password is forgotten it’s e mailed to the user provided forgotten, it s e-mailed to the user, provided the security questions are answered 10

  11. Example – contd.(3) p ( ) Unencrypted!!! ( S+E)+F: F send (login, d (l i “forgot_psw.” encr(password) ) e-mail psw. pressed Internet Server terminal terminal grant_access (info) 11

  12. Cause of the problem • Common join-points? – No. • Updating shared variables? • Updating shared variables? – No. No • Changing join-points? – Not as written. • The semantics of E and F? – Yes! Th ti f E d F? Y ! 1. The presence of F (resulting in e-mailed passwords) violates the guarantee of E (all passwords encrypted) violates the guarantee of E (all passwords encrypted) � F cannot be woven after E. 2 The presence of F (e mailed passwords) violates the 2. The presence of F (e-mailed passwords) violates the assumption of E (passwords sent from Login Screen only) � E cannot be woven after F y) 12

  13. Semantic Interference – more formally Semantic Interference – more formally We assume both A – aspect specified by (P A , R A ) A aspect, specified by (P A , R A ) aspects are correct aspects are correct B – aspect, specified by (P B , R B ) Definition: A does not interfere with B if for every system S system S, = ∧ → + + = ∧ (*) ( | ) (( ) | ) S P P S A B R R A B A B both assumptions both guarantees hold hold (*) Notation: OK (*) Notation: OK AB 13

  14. Non-Interference in a Library • Generalization of the definition to a library of N aspects: The aspect library is interference free if for every subset of the aspects, when they are woven into a system f h h h i that satisfies all their assumptions, the resulting system satisfies all the guarantees system satisfies all the guarantees • We detect interference or prove interference freedom • We detect interference or prove interference-freedom using model-checking, where advice is modeled as state-transition system state transition system 14

  15. Proving Non-Interference g • Need to prove: OK AB and OK BA • Intuitive method: Direct proof. • For every system S satisfying P A ∧ P B , For every system S satisfying P A ∧ P B , show that ((S+A)+B) and ((S+B)+A) satisfy R A ∧ R B • But: What about N aspects in a library? But: What about N aspects in a library? • Pairwise checks are not enough! Need to prove for every subset of aspects separately! Need to prove for every subset of aspects separately! (for all the subsets of 2,3,…N aspects) 15

  16. Incremental Non-Interference Proof A keeps the Theorem (dividing the proof task): Theorem (dividing the proof task): assumption assumption of B To prove OK AB , it’s enough to show ∀ ∀ = ∧ → → + + = (( | (( | ) ) ( ( | | )) )) [ KP AB ] [ KP ] S S S S P P P P S S A A P P A B B And ∀ = ∧ → + = (( | ) ( | )) [ KR AB ] S S R P S B R A B A B keeps the guarantee of A 16

  17. The Incremental Method Generalizes to N G li • If N aspects pairwise satisfy KP and KR in both directions, for any combination of m ≤ N aspects from that set, there is no semantic interference. • Each one preserves the assumption and guarantee of all the others, so no matter how many are f ll h h h applied, all guarantees will hold if all assumptions held in the base held in the base • The above generalization does NOT hold for the Direct method Direct method. example – soon! 17

  18. Adding an Aspect to a Library new aspect t library of aspects A A1, A2, … An P A , A’s assume- R A guarantee ? ? “offline specification A A1 P A , R A P A1 , R A1 ? ” A2 … P A2 , R A2 checks! checks! <A, Ai> ; <Ai, A> - refinement refinement ? ? … … pairwise interference An checks, based on P An , R An model-checking <A, Ai> or <Ai, A> A, Ai or Ai, A all checks succeeded check failed extended library unavoidable A, A1, A2, … An counterexample interference (A added) usage guidelines: error analysis extended interference free interference free guidelines guidelines (i (including A) l di A) subsets; permissible weaving orders 18

  19. Non-generalization of Direct: Example • Aspect A: Encrypts “secret” data sent in the system – In the bank system, encrypts passwords sent from login screen • Aspect B: Adds a possibility to “remember” the password of the user password of the user – Adds a private variable “password” to the User class, and stores the password there if needed. • Aspect C: “Publishes” data of specified non-secret objects [objects with no “secret” fields] – sends all the object data (including private fields) upon request object data (including private fields) upon request. – In the bank system – sends user data. 19

  20. Aspect Specifications: • Aspect A: – Assumes the password are the only type of secret data, and ssu es t e passwo d a e t e o y type o sec et data, a d the passwords are sent only from the login screen – Guarantees all the secret data is sent encrypted • Aspect B: A t B – Assumes nothing (adds the “save_password” button itself) – Guarantees the password is stored in the user data if it was Guarantees the password is stored in the user data if it was requested • Aspect C: – Assumes user objects store no secret data – Guarantees all stored user data is sent 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Incremental Construction Cost Incremental Construction Cost Analysis for New Homes Robin Snyder,

Incremental Construction Cost Incremental Construction Cost Analysis for New Homes Robin Snyder,

Incremental Construction Cost Incremental Construction Cost Analysis for New Homes Robin Snyder, Program Director y , g Building Codes Assistance Project Or Or Whats the 09 IECC going to cost home buyers i in my

561 views • 20 slides
Algorithmic Aspects of Example: How to . . . Algorithmic Aspects of . . . Analysis, Prediction,

Algorithmic Aspects of Example: How to . . . Algorithmic Aspects of . . . Analysis, Prediction,

Need for Analysis, . . . Symmetry: a . . . Algorithmic Aspects of . . . Algorithmic Aspects of Example: How to . . . Algorithmic Aspects of . . . Analysis, Prediction, and Example: Selecting . . . Control in Science and Acknowledgements

599 views • 44 slides
Analysis of a distributed inter-cell interference coordina?on

Analysis of a distributed inter-cell interference coordina?on

Analysis of a distributed inter-cell interference coordina?on scheme in a real-world office deployment scenario Oscar Tonelli , Ignacio Rodriguez, Gilberto

486 views • 11 slides
Orbital Slots and Spectrum Use in an Era of Interference Interference and Telecommunication

Orbital Slots and Spectrum Use in an Era of Interference Interference and Telecommunication

Orbital Slots and Spectrum Use in an Era of Interference Interference and Telecommunication Services FRANCIS NGABO Dir. ICT SRMM RURA Presentation Outline Interest in C Band Sharing compatibility Consideration for the future

1.1k views • 11 slides
Combining Graph-Based Information-Flow Analysis with KeY for Proving Non-Interference KeY

Combining Graph-Based Information-Flow Analysis with KeY for Proving Non-Interference KeY

Combining Graph-Based Information-Flow Analysis with KeY for Proving Non-Interference KeY Symposium | 27.07.2016 INSTITUTE FOR APPLICATION-ORIENTED FORMAL VERIFICATION , FACULTY OF INFORMATICS KIT University of the State of Baden-Wuerttemberg

409 views • 30 slides
Theoretical Corner: The Non-Interference Property Marwan Burelle marwan.burelle@lse.epita.fr

Theoretical Corner: The Non-Interference Property Marwan Burelle marwan.burelle@lse.epita.fr

Theoretical Corner: The Non-Interference Property Marwan Burelle marwan.burelle@lse.epita.fr http://wiki-prog.infoprepa.epita.fr Outline Introduction 1 2 Theory And Security Models And Policies Non-Interference 3 Flow Analysis

819 views • 66 slides
The wave model of light explains diffraction and interference. 31 Diffraction and Interference

The wave model of light explains diffraction and interference. 31 Diffraction and Interference

31 Diffraction and Interference The wave model of light explains diffraction and interference. 31 Diffraction and Interference Isaac Newton pictured light as a beam of ultra-tiny material particles. With this model he could explain

889 views • 51 slides
Noise/Interference 1) Noise in the recording system 2) Electrical interference

Noise/Interference 1) Noise in the recording system 2) Electrical interference

Noise/Interference 1) Noise in the recording system 2) Electrical interference AC power lines, radio &amp;TV transmitters, fluorescent lights, computers, mechanical vibrations, etc. The signal to noise ratio is

431 views • 13 slides
Analysis and Optimization of an Intelligent Reflecting Surface-assisted System With Interference

Analysis and Optimization of an Intelligent Reflecting Surface-assisted System With Interference

Analysis and Optimization of an Intelligent Reflecting Surface-assisted System With Interference Ying Cui Department of Electrical Engineering Shanghai Jiao Tong University Sept. 2020 SJTU Ying Cui 1 / 56 Outline Introduction System

784 views • 56 slides
MULTICORE SHARED MEMORY IN INTERFERENCE ANALYSIS THROUGH HARDWARE PERFORMANCE COUNTERS Alfonso

MULTICORE SHARED MEMORY IN INTERFERENCE ANALYSIS THROUGH HARDWARE PERFORMANCE COUNTERS Alfonso

MULTICORE SHARED MEMORY IN INTERFERENCE ANALYSIS THROUGH HARDWARE PERFORMANCE COUNTERS Alfonso Mascareas Gonzlez Youcef Bouchebaba Luca Santinelli GEN-F178-3 (GEN-SCI-029) PLAN 1. Objectives 2. Background 3. Multicore device 4.

491 views • 21 slides
Centennial 1917 - 2017 1 Electromagnetic Interference Interference to garage door openers

Centennial 1917 - 2017 1 Electromagnetic Interference Interference to garage door openers

Naval Air Station North Island Centennial 1917 - 2017 1 Electromagnetic Interference Interference to garage door openers near military installations Federal Communications Commission released Public Notice on issue on February 15, 2005

395 views • 5 slides
Physics 116 Lecture 8 Interference Halfway between are Oct 11, 2011 lines of destructive

Physics 116 Lecture 8 Interference Halfway between are Oct 11, 2011 lines of destructive

lines of reinforcement, where peaks overlap ( constructive interference) Physics 116 Lecture 8 Interference Halfway between are Oct 11, 2011 lines of destructive interference R. J. Wilkes Email: ph116@u.washington.edu 10/11/11 1

539 views • 15 slides
Treating Interference as Noise is Optimal for Covert Communication over Interference Channels

Treating Interference as Noise is Optimal for Covert Communication over Interference Channels

Treating Interference as Noise is Optimal for Covert Communication over Interference Channels Kang-Hee Cho and Si-Hyeon Lee School of Electrical Engineering KAIST 2020 ISIT 1 / 14 Covert Communication ^ Y n W Decoder X n W P n Encoder

386 views • 15 slides
Technician License Course Chapter 8 Lesson Module 17 Interference, Remote &amp; Automatic

Technician License Course Chapter 8 Lesson Module 17 Interference, Remote &amp; Automatic

Technician License Course Chapter 8 Lesson Module 17 Interference, Remote &amp; Automatic Operation, Prohibited Transmissions Interference QRN or Static Natural interference (thunderstorms) Man-made (appliances and

956 views • 52 slides
A Broadcast Approach Maha Zohdy, Ali Tajer, Shlomo Shamai RPI RPI Technion ISIT'20 1

A Broadcast Approach Maha Zohdy, Ali Tajer, Shlomo Shamai RPI RPI Technion ISIT'20 1

Interference Management without CSIT: A Broadcast Approach Maha Zohdy, Ali Tajer, Shlomo Shamai RPI RPI Technion ISIT'20 1 6/7/2020 Interference Channel Interference Avoidance Interference management Interference Cancellation under

361 views • 20 slides
Batch-Incremental vs. Instance-Incremental Learning in Dynamic and Evolving Data Jesse Read 1 ,

Batch-Incremental vs. Instance-Incremental Learning in Dynamic and Evolving Data Jesse Read 1 ,

Batch-Incremental vs. Instance-Incremental Learning in Dynamic and Evolving Data Jesse Read 1 , Albert Bifet 2 , Bernhard Pfahringer 2 , Geoff Holmes 2 1 Department of Signal Theory and Communications Universidad Carlos III Madrid, Spain 2

568 views • 19 slides
make Eric McCreath Overview In this lecture we will: introduce the idea of automatic build

make Eric McCreath Overview In this lecture we will: introduce the idea of automatic build

make Eric McCreath Overview In this lecture we will: introduce the idea of automatic build systems overview the make command and how it works learn about the basics of the format of a Makefile look at some Makefiles for Java projects, and

383 views • 13 slides
Software Engineering and Architecture Build Management Afklaring Hvordan udnytter vi

Software Engineering and Architecture Build Management Afklaring Hvordan udnytter vi

Software Engineering and Architecture Build Management Afklaring Hvordan udnytter vi bedst auditoriet Mentimeter sprgsml Motivation Oracle/Sun provides Java SDK free of charge provides standard command line tools:

629 views • 21 slides
CoAP The Web-based Application-layer Protocol for the Internet of Things Matthias Kovatsch

CoAP The Web-based Application-layer Protocol for the Internet of Things Matthias Kovatsch

Internet of Things and Smart Cities Ph.D. School 2014 &gt; COLLECT CoAP The Web-based Application-layer Protocol for the Internet of Things Matthias Kovatsch Follow the Slides http://goo.gl/anfy5w About the Speaker Matthias Kovatsch

1.86k views • 115 slides
C++ Binary Dependency Management with Gradle Hugh Greene &lt;hughg@tameter.org&gt; C++ Binary

C++ Binary Dependency Management with Gradle Hugh Greene &lt;hughg@tameter.org&gt; C++ Binary

C++ Binary Dependency Management with Gradle Hugh Greene &lt;hughg@tameter.org&gt; C++ Binary Dependency Management with Gradle Getting consistent versions of things needed to build your software and to use it 2 C++ Binary Dependency

218 views • 17 slides
CPSC 102 Build Tools Z A IN R IZ V I What Are Build Tools? Automate the compiling of

CPSC 102 Build Tools Z A IN R IZ V I What Are Build Tools? Automate the compiling of

CPSC 102 Build Tools Z A IN R IZ V I What Are Build Tools? Automate the compiling of executable applications from source code. Why is this important? Compilation Order Computer Scientists are lazy 1 2 3 4 Specify the order in

481 views • 8 slides
Advanced Programming Lab 4 Collections and Streams A Collection is a group of individual

Advanced Programming Lab 4 Collections and Streams A Collection is a group of individual

Advanced Programming Lab 4 Collections and Streams A Collection is a group of individual objects (elements) represented as a single unit. A Stream is a sequence of elements supporting sequential and parallel aggregate operations.

266 views • 10 slides
Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment

Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment

Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment pain The vision The Octomizer: TVM for everyone 2 Simple, secure, and efficient Drive TVM adoption Expand the set of users who can deployment of

370 views • 14 slides
Hacking Maven how to add steroids on Maven di Massimiliano Dess InseHacking Maven Abstract

Hacking Maven how to add steroids on Maven di Massimiliano Dess InseHacking Maven Abstract

Hacking Maven how to add steroids on Maven di Massimiliano Dess InseHacking Maven Abstract 30 minutes to illustrate from 30000 ft the ideas applied to turn Maven from a static producer to a rich compiler enabled to reads objects

354 views • 22 slides

More recommend