Following in the spirit of data structure and algorithm correctness checking, authenticated data structures provide cryptographic proofs that their answers are as accurate as the author intended, even if the data structure is being maintained by a remote host. We present techniques for authenticating data structures that represent graphs and collection of geometric objects. We use a model where a data structure maintained by a trusted source is mirrored at distributed directories, with the directories answering queries made by users. When a user queries a directory, it receives a cryptographic proof in addition to the answer, where the proof contains statements signed by the source. The user verifies the proof trusting only the statements signed by the source. We show how to efficiently authenticate data structures for fundamental problems on networks, such as path and connectivity queries, and on geometric objects, such as intersection and containment queries.

Abstract. Sequential consistency is the most widely used correctness condition for multiprocessor memory systems. This paper studies the problem of testing shared-memory multiprocessors to determine if they are indeed providing a sequentially consistent memory. It presents the first formal study of this problem, which has applications to testing new memory system designs and realizations, providing run-time fault tolerance, and detecting bugs in parallel programs. A series of results are presented for testing an execution of a shared memory under various scenarios, comparing sequential consistency with linearizability, another well-known correctness condition. Linearizability imposes additional restrictions on the shared memory, beyond that of sequential consistency; these restrictions are shown to be useful in testing such memories.

In the program checking paradigm, the original program is run on the desired input, and its output is checked by another program called achecker. Recently, the notion of program checking has been extended from its original formulation of checking functions to checking a sequence of operations which query and alter the state of an object external to the program, e.g., checking the interactions between a client and the manager (server) of a data structure. In this expanded paradigm, the checker acts as an intermediary between the client, which generates the requests, and the server, which processes them. The checker is allowed a small amount of reliable memory and may provide a probabilistic guarantee of correctness for the client. We present off-line and on-line checkers for data structures such as linked lists, trees, and graphs. Previously, the only data structures for which such checkers existed were random access memories, stacks, and queues.

We introduce novel techniques for organizing the indexing structures of how data is stored so that alterations from an original version can be detected and the changed values specifically identified. We give forensic constructions for several fundamental data structures, including arrays, linked lists, binary search trees, skip lists, and hash tables. Some of our constructions are based on a new reduced-randomness construction for nonadaptive combinatorial group testing.

In this paper we describe a general technique for checking the integrity of data structures which can be corrupted by memory faults. Our approach is based on a recursive checksum technique. Basic methods of using checksums have been previously seen to be useful for detecting faults at the bit or word level; among our results will be their extension to the node level. The major contributions of our paper are threefold. First, we show how the recursive checksum procedure can be applied to tree data structures that are dynamically changing, whereas the previous work concentrated on trees that were static in their structure. This results in a asymptotic improvement in running time for applications where it is natural to model the underlying data as a tree. Second, we present a C ++ implementation of this scheme. Significantly, it is seen that our software can be used with existing applications which manipulate trees with only minor modification of the application programs. Finally, we ha...

this paper, we consider the problem of detecting errors in the answers given in response to data structure queries. For many programs a substantial fraction of the intricate error-prone code resides in the routines associated with data structure access. In addition, a significant fraction of total program running time is spent executing the code of these routines. Data structures are often used to implement abstract data types (ADTs) and in recent years a number of different ADTs have been shown to be efficiently checkable. Checkers which are also referred to as error monitors in this paper have been developed for priority queues, the union/find data type, and most recently mergeable priority queues and have been shown to require only O(n) time to check a sequence of n operations [5, 21, 23]. These checkers detect any errors in query answers and since each of these checkers is based on an ADT

In this paper we describe the use of the certification-trail technique as the basis of a new hybrid framework for building formally verified software systems. Our technique involves formally verifying only a part of a software system; however, the technique yields a software system which still satisfies the most important correctness properties. Substantial savings in the overhead of software verification, and also in program running time are shown to be possible in comparison to traditional methods. We apply our technique to the problem of sorting since sorting represents one of the most basic operations in computer science, and a formally verified sorting certifier should have significant applicability. The results presented in this paper represent an enhancement of the certification-trail technique relative to the detection of incorrect computational output caused by software faults. Index terms: Sorting; formal program verification; software correctness; certification trails; prog...

We report on the use of program checking in the LEDA library of efficient data types and algorithms.

For many years, there has been tremendous interest in methods to make computation more reliable. In this thesis, we explore various techniques that can be implemented in software to help insure the correctness of the output of a program. The basic tool we use is a generalization of the notion of a program checker called a certifier. A certifier is given intermediate computations from a program computing an answer in an effort to simplify the checking process. The certifier is constructed in such a way that even if the intermediate computations it is given are incorrect, the certifier will never accept an incorrect output. We have constructed certifiers and program checkers for several common abstract data types including mergeable priority queues and splittable priority queues. We have also constructed a certifier for an abstract data type that allows approximate nearest neighbor queries to be performed efficiently. We have implemented and experimentally evaluated some of these algorithms. In the parallel domain, we have developed both general and problem specific techniques for certifying parallel computation. Lastly, we have formally proven correct a certifier for sorting, and have analyzed the advantages of using certifiers in conjunction with formal program verification techniques. This work forms a thesis presented by Jonathan D. Bright to the faculty of the Department of Computer Science, at the Johns Hopkins University, in partial fulfillment of the requirements for the degree of Doctor of Philosophy, under the supervision of Professor Gregory F. Sullivan. iii Acknowledgements I would like to thank my advisor, Gregory Sullivan, for giving me an excellent research topic for my thesis, and for vastly improving my writing skills during my stay at Hopkins. Also, ...

We study query authentication schemes, algorithmic and cryptographic constructions that provide efficient and secure protocols for verifying the results of queries over structured data in untrusted or adversarial data distribution environments. We formally define the problem in a new data query and authentication setting that involves general query types answered in the RAM model of computation, and put forward a new approach for designing secure query authentication schemes that, through the new concept of query certification, aims to authenticate the validity of the answer, rather than the entire process that generates the answer. Our main results state that this new authentication framework achieves generality, namely any query type admits a secure query authentication scheme, and also supports an important type of modularity, namely the authentication of general queries based on the evaluation of relations over the data elements is reduced to the authentication of set-membership queries. Thus, in addition to general possibility results under general assumptions and characterization results using existing cryptographic techniques, we contribute a clear separation between algorithmics and cryptography in data-authentication protocol design, and sufficient conditions for achieving super-efficient answer verification in time asymptotically less than the time needed to answer the query.