per thread compositional compilation for confidentiality
play

Per-Thread Compositional Compilation for Confidentiality-Preserving - PowerPoint PPT Presentation

Jun 13, 2023 •290 likes •1.49k views

Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs Robert Sison 13 Jan 2018 THE UNIVERSITY OF NEW SOUTH WALES www.data61.csiro.au A confidentiality-preserving program Cross Domain Desktop Compositor

  1. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low part of state must remain indistinguishable. Classification of state as H or L can vary over time. 9 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  2. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low part of state must remain indistinguishable. Classification of state as H or L can vary over time. 9 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  3. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low part of state must remain indistinguishable. Classification of state as H or L can vary over time. 9 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  4. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low part of state must remain indistinguishable. Classification of state as H or L can vary over time. 9 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  5. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low part of state must remain indistinguishable. Classification of state as H or L can vary over time. 9 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  6. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low part of state must remain indistinguishable. Classification of state as H or L can vary over time. 10 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  7. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low part of state must remain indistinguishable. Classification of state as H or L can vary over time. 10 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  8. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low part of state must remain indistinguishable. Classification of state as H or L can vary over time. Per-thread, subject to havoc. 10 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  9. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low, unlocked part of state must remain indistinguishable. Classification of state as H or L can vary over time. Per-thread, subject to havoc that obeys locking discipline. 10 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  10. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low, unlocked part of state must remain indistinguishable. Classification of state as H or L can vary over time. Per-thread compositional property: 10 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  11. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low, unlocked part of state must remain indistinguishable. Classification of state as H or L can vary over time. Per-thread compositional property: 10 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  12. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low, unlocked part of state must remain indistinguishable. Classification of state as H or L can vary over time. Per-thread compositionality theorem [Murray+, CSF’16]: Under the hood: assume-guarantee on variable access. 10 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  13. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low, unlocked part of state must remain indistinguishable. Classification of state as H or L can vary over time. Per-thread compositionality theorem: [Murray+, CSF’16] instantiated with locking primitives. 10 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  14. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low, unlocked part of state must remain indistinguishable. Classification of state as H or L can vary over time. Whole-system property: [Murray+, CSF’16] instantiated with locking primitives. 10 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  15. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low, unlocked part of state must remain indistinguishable. Classification of state as H or L can vary over time. Whole-system property: 10 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  16. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low, unlocked part of state must remain indistinguishable. Classification of state as H or L can vary over time. Whole-system property: 10 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  17. The confidentiality property Concurrent value-dependent noninterference. Simplest policy: H igh �→ L ow Low, unlocked part of state must remain indistinguishable. Classification of state as H or L can vary over time. Whole-system property: i.e. Locked state still not considered to be observable. 10 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  18. This talk Part 1: Concurrent value-dependent noninterference Part 2: Per-thread compositional refinement Part 3: While-to-RISC compiler verification 11 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  19. This talk Part 1: Concurrent value-dependent noninterference Part 2: Per-thread compositional refinement Part 3: While-to-RISC compiler verification 11 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  20. Proof technique for compilation Per-thread compositional refinement [Murray+, CSF’16] 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  21. Proof technique for compilation Per-thread compositional refinement [Murray+, CSF’16] 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  22. Proof technique for compilation Per-thread compositional refinement [Murray+, CSF’16] Given bisimulation B establishing the property, 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  23. Proof technique for compilation Per-thread compositional refinement [Murray+, CSF’16] Given bisimulation B establishing the property, nominate R , I s.t.: 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  24. Proof technique for compilation Per-thread compositional refinement [Murray+, CSF’16] Given bisimulation B establishing the property, nominate R , I s.t.: 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  25. Proof technique for compilation Per-thread compositional refinement [Murray+, CSF’16] Given bisimulation B establishing the property, nominate R , I s.t.: 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  26. Proof technique for compilation Per-thread compositional refinement [Murray+, CSF’16] Given bisimulation B establishing the property, nominate R , I s.t.: 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  27. Proof technique for compilation Per-thread compositional refinement [Murray+, CSF’16] Given bisimulation B establishing the property, nominate R , I s.t.: 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  28. Proof technique for compilation Per-thread compositional refinement [Murray+, CSF’16] Then B ′ (= B T of B R I ) establishes the target-level property: 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  29. Proof technique for compilation Simpler proof technique than this! 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  30. Proof technique for compilation Simpler proof technique! Nominate R , I , abs steps s.t. (See: https://www.isa-afp.org/entries/Dependent_SIFUM_Refinement.html ) 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  31. Proof technique for compilation Simpler proof technique! Nominate R , I , abs steps s.t. Easy to prove if no H-branching in A (See: https://www.isa-afp.org/entries/Dependent_SIFUM_Refinement.html ) 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  32. Proof technique for compilation Simpler proof technique! Nominate R , I , abs steps s.t. ( I as pc-security) Easy to prove if no H-branching in A , and no new H-branching. (See: https://www.isa-afp.org/entries/Dependent_SIFUM_Refinement.html ) 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  33. Proof technique for compilation Simpler proof technique! Nominate R , I , abs steps. Then it suffices to prove: i.e. R a simulation of A’ by A . 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  34. Proof technique for compilation Simpler proof technique! Nominate R , I , abs steps. Then it suffices to prove: i.e. R a simulation of A’ by A , with provisos... 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  35. Proof technique for compilation Provisos for R , I : • R must preserve shared memory contents and locking state. ◮ Under the hood: preserve assumptions and guarantees. 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  36. Proof technique for compilation Provisos for R , I : • R must preserve shared memory contents and locking state. ◮ Under the hood: preserve assumptions and guarantees. 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  37. Proof technique for compilation Provisos for R , I : • R must preserve shared memory contents and locking state. ◮ Under the hood: preserve assumptions and guarantees. + any new locations permanently locked. i.e. No new shared state. 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  38. Proof technique for compilation Provisos for R , I : • R must preserve shared memory contents and locking state. ◮ Under the hood: preserve assumptions and guarantees. • R must be closed under lock-permitted shared memory havoc. 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  39. Proof technique for compilation Provisos for R , I : • R must preserve shared memory contents and locking state. ◮ Under the hood: preserve assumptions and guarantees. • R must be closed under lock-permitted shared memory havoc. 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  40. Proof technique for compilation Provisos for R , I : • R must preserve shared memory contents and locking state. ◮ Under the hood: preserve assumptions and guarantees. • R must be closed under lock-permitted shared memory havoc. 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  41. Proof technique for compilation Provisos for R , I : • R must preserve shared memory contents and locking state. ◮ Under the hood: preserve assumptions and guarantees. • R must be closed under lock-permitted shared memory havoc. 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  42. Proof technique for compilation Provisos for R , I : • R must preserve shared memory contents and locking state. ◮ Under the hood: preserve assumptions and guarantees. • R must be closed under lock-permitted shared memory havoc. Similar for I . 12 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  43. This talk Part 1: Concurrent value-dependent noninterference Part 2: Per-thread compositional refinement Part 3: While-to-RISC compiler verification 13 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  44. This talk Part 1: Concurrent value-dependent noninterference Part 2: Per-thread compositional refinement Part 3: While-to-RISC compiler verification 13 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  45. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  46. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler (Note: Constant-time execution steps, no cache effects) 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  47. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler Based on Fault-Resilient Non-interference [Tedesco et al, 2016]. 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  48. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler Based on Fault-Resilient Non-interference [Tedesco et al, 2016]. Implemented in Isabelle/HOL, executable, verified. 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  49. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler e.g. R cases for If construct 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  50. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler e.g. R cases for If construct 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  51. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler e.g. R cases for If construct, c 1 case: 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  52. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler e.g. R cases for If construct, c 1 case: Relation is inductive for smaller program pairs c 1 , c 2 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  53. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler e.g. R cases for If construct, c 1 case: Relation is inductive for smaller program pairs c 1 , c 2 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  54. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler e.g. R cases for If construct, c 1 case: Relation is inductive for smaller program pairs c 1 , c 2 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  55. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler e.g. R cases for If construct, c 1 case: Relation is inductive for smaller program pairs c 1 , c 2 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  56. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler • Theorem: R preserves per-thread compositional value-dependent noninterference property ◮ for B produced by our type system (no H-branching). ◮ for I asserting equal pc and program text. + 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  57. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler • Theorem: R preserves per-thread compositional value-dependent noninterference property ◮ for B produced by our type system (no H-branching). ◮ for I asserting equal pc and program text. • Theorem: Compiler input is related to its output by R ◮ Started with same observable initial state. ◮ No branching on H values. (Same as for type system.) 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  58. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  59. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  60. Compiler verification Per-thread simpler compositional refinement [Murray+, AFP] , instantiated with R characterising a compiler. Proof of concept: a While-to-RISC compiler Exercised on verified Cross Domain Desktop Compositor model. 14 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  61. Limitations and future work ideas • Optimisations to non-observable shared memory? 15 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

  62. Limitations and future work ideas • Optimisations to non-observable shared memory? Possibly too strict. 15 | Per-Thread Compositional Compilation for Confidentiality-Preserving Concurrent Programs | Robert Sison

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang

An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang

An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang 1 , Pierre Wilke 1 , 2 , Zhong Shao 1 Yale University 1 , CentraleSuplec 2 19 January 18 th , 2019 POPL Yuting Wang, Pierre Wilke , Zhong

251 views • 21 slides
JIT Compilation Module Overview JIT Compilation Native vs. Managed Compilation Managed

JIT Compilation Module Overview JIT Compilation Native vs. Managed Compilation Managed

JIT Compilation Module Overview JIT Compilation Native vs. Managed Compilation Managed Execution Phases Assembly Loading & Initialization JIT Compilation JIT Optimizations Whats new in NGEN 4.0? When to use NGEN? 2 Running Code

484 views • 46 slides
13 IN THIS CHAPTER Benefits of Thread Pooling 308 Considerations and Costs of Thread

13 IN THIS CHAPTER Benefits of Thread Pooling 308 Considerations and Costs of Thread

Thread Pooling CHAPTER 13 IN THIS CHAPTER Benefits of Thread Pooling 308 Considerations and Costs of Thread Pooling 308 A Generic Thread Pool: ThreadPool 309 A Specialized Worker Thread Pool: HttpServer 319 Techniques

556 views • 34 slides
The Compilation Process Preprocessing: o processes include-files, conditional compilation and

The Compilation Process Preprocessing: o processes include-files, conditional compilation and

4/1/14 The Compilation Process Preprocessing: o processes include-files, conditional compilation and macros. Compilation: Writing Large Programs o takes the output of the preprocessor and the source code, and generates assembler

271 views • 6 slides
Confidentiality & Disclaimer Confidentiality The recipient of the information contained in

Confidentiality & Disclaimer Confidentiality The recipient of the information contained in

Confidentiality & Disclaimer Confidentiality The recipient of the information contained in this presentation, in receiving it, agrees not to copy or disclose any of its contents to third parties without the written consent of Kendeil

790 views • 34 slides
Confidentiality & Disclaimer Confidentiality The recipient of the information contained in

Confidentiality & Disclaimer Confidentiality The recipient of the information contained in

Confidentiality & Disclaimer Confidentiality The recipient of the information contained in this presentation, in receiving it, agrees not to copy or disclose any of its contents to third parties without the written consent of Kendeil

952 views • 33 slides
will be posted on the LBAB website soon! Confidentiality Reminder of Confidentiality: Board

will be posted on the LBAB website soon! Confidentiality Reminder of Confidentiality: Board

This presentation will be posted on the LBAB website soon! Confidentiality Reminder of Confidentiality: Board members and staff are not at liberty to discuss application files, criminal background checks, or other matters that occur in

961 views • 51 slides
What is a Thread? A thread lives within a process; A process can have several threads.

What is a Thread? A thread lives within a process; A process can have several threads.

What is a Thread? A thread lives within a process; A process can have several threads. A thread possesses an independent flow of control, Threads and can be scheduled to run separately from other threads, because it maintains its

330 views • 4 slides
MULTITREADING What is a thread? A thread is a concurrent unit of execution Threads share

MULTITREADING What is a thread? A thread is a concurrent unit of execution Threads share

MULTITREADING What is a thread? A thread is a concurrent unit of execution Threads share processs resource but are able to execute independently Each thread has a call stack for methods being invoked A VM may run several threads

350 views • 24 slides
A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston

A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston

A Compositional Logic A Compositional Logic for Control Flow for Control Flow Gang Tan, Boston College g , g Andrew W. Appel, Princeton University Jan 8 2006 Jan 8, 2006 1 Mobile Code Security Protect trusted system against

561 views • 26 slides
Java Threads 2020/5/16 What is Thread? Process vs. Thread Process: Any computer

Java Threads 2020/5/16 What is Thread? Process vs. Thread Process: Any computer

Poly- mor- phism Abstra ction Class OOP Inheri -tance En- capsu- lation Kuan-Ting Lai Java Threads 2020/5/16 What is Thread? Process vs. Thread Process: Any computer program in execution Has independent resources such

715 views • 38 slides
1 Thread Context Switch Thread Context Switch Thread States and Transitions Thread States and

1 Thread Context Switch Thread Context Switch Thread States and Transitions Thread States and

Administrivia Administrivia Nachos guide and Lab #1 are on the web. Threads and Concurrency Threads and Concurrency http://www.cs.duke.edu/~chase/cps210 Form project teams of 2-3. Lab #1 due February 5. Synchronization

502 views • 6 slides
Roadmap for Section 4.3. Windows Process and Thread Internals Thread Block, Process Block Flow

Roadmap for Section 4.3. Windows Process and Thread Internals Thread Block, Process Block Flow

Unit OS4: Scheduling and Dispatch 4.3. Windows Process and Thread Internals Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 4.3. Windows Process and Thread Internals Thread

438 views • 15 slides
To thread or not to thread? Why PETSc favors MPI-only Plenary Discussion PETSc User Meeting 2016

To thread or not to thread? Why PETSc favors MPI-only Plenary Discussion PETSc User Meeting 2016

To thread or not to thread? Why PETSc favors MPI-only Plenary Discussion PETSc User Meeting 2016 Based on: MS35 - To Thread or Not To Thread April 13, 2016 SIAM PP , Paris The Big Picture The Big Picture

208 views • 9 slides
Data Confidentiality in Data Confidentiality in Collaborative Computing Collaborative Computing

Data Confidentiality in Data Confidentiality in Collaborative Computing Collaborative Computing

Data Confidentiality in Data Confidentiality in Collaborative Computing Collaborative Computing Mikhail Atallah Department of Computer Science Purdue University Collaborators Collaborators Ph.D. students: Marina Blanton (exp grad

1.36k views • 29 slides
Multithreading Horstmann ch.9 Multithreading Threads Thread states Thread

Multithreading Horstmann ch.9 Multithreading Threads Thread states Thread

Multithreading Horstmann ch.9 Multithreading Threads Thread states Thread interruption Race condition Lock Built-in lock java.util.concurrent library Animation example Single vs. Multiple Threads Finish

607 views • 46 slides
Numerical Solution of Compositional Two-Phase Flow in Porous Media P. Bastian Collaborators: M.

Numerical Solution of Compositional Two-Phase Flow in Porous Media P. Bastian Collaborators: M.

Numerical Solution of Compositional Two-Phase Flow in Porous Media P. Bastian Collaborators: M. Blatt, O. Ippisch, R. Neumann Universit at Heidelberg Interdisziplin ares Zentrum f ur Wissenschaftliches Rechnen Im Neuenheimer Feld 368,

567 views • 34 slides
Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle

Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle

Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle ACL2 Workshop Presentation July 14, 2003 Outline Motivation and Goals Technical Background Comments on Our Work Issues and

609 views • 31 slides
Glitch-Resistant Masking Revisited or Why Proofs in the Robust Probing Model are Needed Thorben

Glitch-Resistant Masking Revisited or Why Proofs in the Robust Probing Model are Needed Thorben

Glitch-Resistant Masking Revisited or Why Proofs in the Robust Probing Model are Needed Thorben Moos 1 , Amir Moradi 1 , Tobias Schneider 2 and Franois-Xavier Standaert 2 Horst Grtz Institute for IT Security, Ruhr-Universitt Bochum,

694 views • 46 slides
Compositional Certification John Rushby Computer Science Laboratory SRI International Menlo

Compositional Certification John Rushby Computer Science Laboratory SRI International Menlo

Compositional Certification John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Compositional Certification: 1 Systems, Components, and Properties Security, for example, is a system property

522 views • 17 slides
Compositional Program Analysis using Max-SMT Albert Rubio Cristina Borralleras, Marc

Compositional Program Analysis using Max-SMT Albert Rubio Cristina Borralleras, Marc

Compositional Program Analysis using Max-SMT Albert Rubio Cristina Borralleras, Marc Brockschmidt, Daniel Larraz, Albert Oliveras, Jos Miguel Rivero and Enric Rodrguez-Carbonell Universitat Politcnica de Catalunya - Barcelona Tech UCM

1.2k views • 96 slides
Secure Information Flow as a Safety Problem Overview Introduction to secure information flow

Secure Information Flow as a Safety Problem Overview Introduction to secure information flow

Secure Information Flow as a Safety Problem Overview Introduction to secure information flow Type-Based approach Self composition Downgrading Self composition with downgrading Type directed transformation

511 views • 22 slides
Compositional Action System Derivation Introduction Using Enforced Properties Action systems

Compositional Action System Derivation Introduction Using Enforced Properties Action systems

Compositional Action System Derivation Using Enforced Properties Brijesh Dongol and Ian J. Hayes Compositional Action System Derivation Introduction Using Enforced Properties Action systems Enforced properties Example Brijesh Dongol

785 views • 45 slides
Compositional Semantics and Analysis of Hierarchical Block Diagrams Iulia Dragomir 1 joint work

Compositional Semantics and Analysis of Hierarchical Block Diagrams Iulia Dragomir 1 joint work

Compositional Semantics and Analysis of Hierarchical Block Diagrams Iulia Dragomir 1 joint work with Viorel Preoteasa 1 and Stavros Tripakis 1 , 2 1 Aalto University, Finland 2 UC Berkeley, USA Hierarchical block diagrams Consist of: atomic

556 views • 45 slides

More recommend