We present a broad extension of the conventional formalism of state machines and state diagrams, that is relevant to the specification and design of complex discrete-event systems, such as multi-computer real-time systems, communication protocols and digital control units. Our diagrams, which we call statecharts, extend conventional state-transition diagrams with essentially three olements, dealing, respectively, with the notions of hierarchy, concurrency and communication. These transform the language of state diagrams into a highly structured' and economical description language. Statecharts are thus compact and expressive--small diagrams can express complex behavior--as well as compositional and modular. When coupled with the capabilities of computerized graphics, statecharts enable viewing the description at different levels of detail, and make even very large specifications manageable and comprehensible. In fact, we intend to demonstrate here that statecharts counter many of the objections raised against conventional state diagrams, and thus appear to render specification by diagrams an attractive and plausible approach. Statecharts can be used either as a stand-alone behavioral description or as part of a more general design methodology that deals also with the system's other aspects, such as functional decomposition and data-flow specification. We also discuss some practical experience that was gained over the last three years in applying the statechart formalism to the specification of a particularly complex system.

Abstract not found

this paper we show that nondeterministic space s(n) is closed under complementation, for s(n) greater than or equal to log n. It immediately follows that the context-sensitive languages are closed under complementation, thus settling a question raised by Kuroda in 1964 [9]. See Hartmanis and Hunt [4] for a discussion of the history and importance of this problem, and Hopcroft and Ullman [5] for all relevant background material and definitions. The history behind the proof is as follows. In 1981 we showed that the set of first-order inductive definitions over finite structures is closed under complementation [6]. This holds with or without an ordering relation on the structure. If an ordering is present the resulting class is P. Many people expected that the result was false in the absence of an ordering. In 1983 we studied first-order logic, with ordering, with a transitive closure operator. We showed that NSPACE[log n] is equal to (FO + pos TC), i.e. first-order logic with ordering, plus a transitive closure operation, in which the transitive closure operator does not appear within any negation symbols [7]. Now we have returned to the issue of complementation in the light of recent results on the collapse of the log space hierarchies [10, 2, 14]. We have shown that the class (FO + pos TC) is closed under complementation. Our

Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an obfuscation-deobfuscation game between malicious code writers and researchers working on malicious code detection. Malicious code writers attempt to obfuscate the malicious code to subvert the malicious code detectors, such as anti-virus software. We tested the resilience of three commercial virus scanners against code-obfuscation attacks. The results were surprising: the three commercial virus scanners could be subverted by very simple obfuscation transformations! We present an architecture for detecting malicious patterns in executables that is resilient to common obfuscation transformations. Experimental results demonstrate the efficacy of our prototype tool, SAFE (a static analyzer for executables). 1

In the recent years, many formalizations of security properties have been proposed, most of which are based on different underlying models and are consequently difficult to compare. A classification of security properties is thus of interest for understanding the relationships among different definitions and for evaluating the relative merits. In this paper, many non-interference-like properties proposed for computer security are classified and compared in a unifying framework. The resulting taxonomy is evaluated through some case studies of access control in computer systems. The approach has been mechanized, resulting in the tool CoSeC. Various extensions (e.g., the application to cryptographic protocol analysis) and open problems are discussed. This paper

Abstract not found

Abstract not found

We explore the simulation and computational capabilities of hybrid and continuous dynamical systems. The continuous dynamical systems considered are ordinary differential equations (ODEs). For hybrid systems we concentrate on models that combine ODEs and discrete dynamics (e.g., finite automata). We review and compare four such models from the literature. Notions of simulation of a discrete dynamical system by a continuous one are developed. We show that hybrid systems whose equations can describe a precise binary timing pulse (exact clock) can simulate arbitrary reversible discrete dynamical systems defined on closed subsets of R n . The simulations require continuous ODEs in R 2n with the exact clock as input. All four hybrid systems models studied here can implement exact clocks. We also prove that any discrete dynamical system in Z n can be simulated by continuous ODEs in R 2n+1 . We use this to show that smooth ODEs in R 3 can simulate arbitrary Turing machines, and henc...

We investigate the all-pairs shortest paths problem in weighted graphs. We present an algorithm---the Hidden Paths Algorithm---that finds these paths in time O(m* n+n² log n), where m is the number of edges participating in shortest paths. Our algorithm is a practical substitute for Dijkstra's algorithm. We argue that m* is likely to be small in practice, since m* = O(n log n) with high probability for many probability distributions on edge weights. We also prove an Ω(mn) lower bound on the running time of any path-comparison based algorithm for the all-pairs shortest paths problem. Path-comparison based algorithms form a natural class containing the Hidden Paths Algorithm, as well as the algorithms of Dijkstra and Floyd. Lastly, we consider generalized forms of the shortest paths problem, and show that many of the standard shortest paths algorithms are effective in this more general setting.

We study two important extensions of first-order logic (FO) with iteration, the fixpoint and while queries. The main result of the paper concerns the open problem of the relationship between fixpoint and while: they are the same iff ptime = pspace. These and other expressibility results are obtained using a powerful normal form for while which shows that each while computation over an unordered domain can be reduced to a while computation over an ordered domain via a fixpoint query. The fixpoint query computes an equivalence relation on tuples which is a congruence with respect to the rest of the computation. The same technique is used to show that equivalence of tuples and structures with respect to FO formulas with bounded number of variables is definable in fixpoint. Generalizing fixpoint and while, we consider more powerful languages which model arbitrary computation interacting with a database using a finite set of FO queries. Such computation is modeled by a relational machine...