Results 1  10
of
64
Secure web browsing with the OP web browser
 In Proceedings of the 2008 IEEE Symposium on Security and Privacy
, 2008
"... Abstract—Current web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems via browserbased attacks. Browser security efforts that retrofit existing browsers have had limited success because the design of modern browsers is fundamentally flawed. To enable ..."
Abstract

Cited by 102 (6 self)
 Add to MetaCart
(Show Context)
Abstract—Current web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems via browserbased attacks. Browser security efforts that retrofit existing browsers have had limited success because the design of modern browsers is fundamentally flawed. To enable more secure web browsing, we design and implement a new browser, called the OP web browser, that attempts to improve the stateoftheart in browser security. Our overall design approach is to combine operating system design principles with formal methods to design a more secure web browser by drawing on the expertise of both communities. Our overall design philosophy is to partition the browser into smaller subsystems and make all communication between subsystems simple and explicit. At the core of our design is a small browser kernel that manages the browser subsystems and interposes on all communications between them to enforce
Equational abstractions
 of LNCS
, 2003
"... Abstract. Abstraction reduces the problem of whether an infinite state system satisfies version. The most common abstractions are quotients of the original system. We present a simple method of defining quotient abstractions by means of equations collapsing the set of states. Our method yields the m ..."
Abstract

Cited by 40 (14 self)
 Add to MetaCart
(Show Context)
Abstract. Abstraction reduces the problem of whether an infinite state system satisfies version. The most common abstractions are quotients of the original system. We present a simple method of defining quotient abstractions by means of equations collapsing the set of states. Our method yields the minimal quotient system together with a set of proof obligations that guarantee its executability and can be discharged with tools such as those in the Maude formal environment.
Relating StateBased and ProcessBased Concurrency through Linear Logic
, 2006
"... This paper has the purpose of reviewing some of the established relationships between logic and concurrency, and of exploring new ones. Concurrent and distributed systems are notoriously hard to get right. Therefore, following an approach that has proved highly beneficial for sequential programs, mu ..."
Abstract

Cited by 19 (2 self)
 Add to MetaCart
This paper has the purpose of reviewing some of the established relationships between logic and concurrency, and of exploring new ones. Concurrent and distributed systems are notoriously hard to get right. Therefore, following an approach that has proved highly beneficial for sequential programs, much effort has been invested in tracing the foundations of concurrency in logic. The starting points of such investigations have been various idealized languages of concurrent and distributed programming, in particular the wellestablished statetransformation model inspired to Petri nets and multiset rewriting, and the prolific processbased models such as the πcalculus and other process algebras. In nearly all cases, the target of these investigations has been linear logic, a formal language that supports a view of formulas as consumable resources. In the first part of this paper, we review some of these interpretations of concurrent languages into linear logic. In the second part of the paper, we propose a completely new approach to understanding concurrent and distributed programming as a manifestation of logic, which yields a language that merges those two main paradigms of concurrency. Specifically, we present a new semantics for multiset rewriting founded on an alternative view of linear logic. The resulting interpretation is extended with a majority of linear connectives into the language of ωmultisets. This interpretation drops the distinction between multiset elements and rewrite rules, and considerably enriches the expressive power of standard multiset rewriting with embedded rules, choice, replication, and more. Derivations are now primarily viewed as open objects, and are closed only to examine intermediate rewriting states. The resulting language can also be interpreted as a process algebra. For example, a simple translation maps process constructors of the asynchronous πcalculus to rewrite operators, while the structural equivalence corresponds directly to logicallymotivated structural properties of ωmultisets (with one exception).
Representing and operating with model differences
 IN: PROC. OF TOOLS EUROPE 2008. LNBIP
, 2008
"... Models and metamodels play a cornerstone role in ModelDriven Software Development (MDSD). Models conform to metamodels, which usually specify domainspecific languages that allow to represent the various facets of a system in terms of models. This paper discusses the problem of calculating differen ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
(Show Context)
Models and metamodels play a cornerstone role in ModelDriven Software Development (MDSD). Models conform to metamodels, which usually specify domainspecific languages that allow to represent the various facets of a system in terms of models. This paper discusses the problem of calculating differences between models conforming to arbitrary metamodels, something essential in any MDSD environment for dealing with the management of changes and evolution of software models. We present a metamodel for representing the differences as models, too, following the MDSD “everything is a model” principle. The Difference Metamodel, together with the difference and other related operations (do, undo and composition) presented here have been specified in Maude and integrated in an Eclipsedeveloped environment.
A runtime environment for concurrent ob jects with asynchronous method calls
 WRLA 2004
, 2004
"... ..."
A sufficient completeness reasoning tool for partial specifications
 In Proc. ot the 16th Int. Conf. on Term Rewriting and Applications (RTA
, 2005
"... Abstract. We present the Maude sufficient completeness tool, which explicitly supports sufficient completeness reasoning for partial conditional specifications having sorts and subsorts and with domains of functions defined by conditional memberships. Our tool consists of two main components: (i) a ..."
Abstract

Cited by 15 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We present the Maude sufficient completeness tool, which explicitly supports sufficient completeness reasoning for partial conditional specifications having sorts and subsorts and with domains of functions defined by conditional memberships. Our tool consists of two main components: (i) a sufficient completeness analyzer that generates a set of proof obligations which, if discharged, ensures sufficient completeness; and (ii) Maude’s inductive theorem prover (ITP) that is used as a backend to try to automatically discharge those proof obligations. 1
Formal Specification and Verification of Java refactorings
, 2006
"... There is an extensive literature about refactorings of objectoriented programs, and many refactoring tools for the Java programming language. However, except for a few studies, in practice it is difficult to find precise formal specifications of the preconditions and mechanisms of automated refactor ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
There is an extensive literature about refactorings of objectoriented programs, and many refactoring tools for the Java programming language. However, except for a few studies, in practice it is difficult to find precise formal specifications of the preconditions and mechanisms of automated refactorings. Moreover, there is usually no formal proof that a refactoring is correct, i.e., that it preserves the behavior of the program. We present an equational semantics based approach to Java refactoring. Specifically, we use an executable Java formal semantics in the Maude language to: (i) formally specify a number of useful Java refactorings; and (ii) give detailed proofs of correctness for two of those refactorings, showing that they are behaviorpreserving transformations. Besides the obvious benefits of providing rigorous specifications for refactoring tool builders and rigorous correctness guarantees, our approach has the additional advantage of its executability: our formal refactoring specifications can be used directly to refactor Java programs and yield a provably correct Java refactoring tool. Another important advantage of our approach is its extensibility by new userdefined refactorings that, when defined in terms of a basic library of verified refactorings, can be guaranteed to be correct by construction.
Representing the MSR Cryptoprotocol Specification Language in an Extension of Rewriting Logic with Dependent Types
, 2004
"... This paper presents a shallow and hence efficient embedding of the security protocol specification language MSR into rewriting logic with dependent types, an instance of the open calculus of constructions which integrates key concepts from equational logic, rewriting logic, and type theory. MSR is b ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
(Show Context)
This paper presents a shallow and hence efficient embedding of the security protocol specification language MSR into rewriting logic with dependent types, an instance of the open calculus of constructions which integrates key concepts from equational logic, rewriting logic, and type theory. MSR is based on a form of firstorder multiset rewriting extended with existential name generation and a flexible type infrastructure centered on dependent types with subsorting. This encoding is intended to serve as the basis for implementing an MSR specification and analysis environment using existing firstorder rewriting engines such as Maude.
Information Integration in Institutions
, 2004
"... Abstract. This paper unifies and/or generalizes several approaches to information, including the information flow of Barwise and Seligman, the formal conceptual analysis of Wille, the lattice of theories of Sowa, the categorical general systems theory of Goguen, and the cognitive semantic theories o ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
(Show Context)
Abstract. This paper unifies and/or generalizes several approaches to information, including the information flow of Barwise and Seligman, the formal conceptual analysis of Wille, the lattice of theories of Sowa, the categorical general systems theory of Goguen, and the cognitive semantic theories of Fauconnier, Turner, Gärdenfors, and others. Its rigorous approach uses category theory to achieve independence from any particular choice of representation, and institutions to achieve independence from any particular choice of logic. Corelations and colimits provide a general formalization of information integration, and Grothendieck constructions extend this to several kinds of heterogeneity. Applications include modular programming, CurryHoward isomorphism, database semantics, ontology alignment, cognitive semantics, and more. 1
An ObjectOriented Component Model for Heterogeneous Nets
"... Many distributed applications can be understood in terms of components interacting in an open environment. This interaction is not always uniform as the network may consist of subnets with different quality: Some components are tightly connected with order preservation of communicated messages, wher ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
Many distributed applications can be understood in terms of components interacting in an open environment. This interaction is not always uniform as the network may consist of subnets with different quality: Some components are tightly connected with order preservation of communicated messages, whereas others are more loosely connected such that overtaking of messages and even message loss may occur. Furthermore, certain components may communicate over wireless networks, where sending and receiving must be synchronized, since the wireless medium cannot buffer messages. This paper proposes a formal framework for such systems, which allows highlevel modeling and formal analysis of distributed systems where interaction is managed by a variety of nets, including wireless ones. We introduce a simple modeling language for objectoriented components, extending the Creol language. An operational semantics for the language is defined in rewriting logic, which directly provides an executable implementation in Maude.