Results 1 
8 of
8
Formal Foundations of Computer Security
 Science for Peace and Security Series D: Information and Communication Security, Vol
, 2008
"... We would like to know with very high confidence that private data in computers is not unintentionally disclosed and that only authorized persons or processes can modify it. Proving security properties of software systems has always been hard because we are trying to show that something bad cannot ha ..."
Abstract

Cited by 8 (6 self)
 Add to MetaCart
We would like to know with very high confidence that private data in computers is not unintentionally disclosed and that only authorized persons or processes can modify it. Proving security properties of software systems has always been hard because we are trying to show that something bad cannot happen no matter what a hostile adversary tries
Knowledgebased synthesis of distributed systems using event structures
 In Proc. 11th Int. Conf. on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR 2004), Lecture Notes in Computer Science
, 2005
"... To produce a program guaranteed to satisfy a given specification one can synthesize it from a formal constructive proof that a computation satisfying that specification exists. This process is particularly effective if the specifications are written in a highlevel language that makes it easy for de ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
To produce a program guaranteed to satisfy a given specification one can synthesize it from a formal constructive proof that a computation satisfying that specification exists. This process is particularly effective if the specifications are written in a highlevel language that makes it easy for designers to specify their goals. We consider a highlevel specification language that results from adding knowledge to a fragment of Nuprl specifically tailored for specifying distributed protocols, called event theory. We then show how highlevel knowledgebased programs can be synthesized from the knowledgebased specifications using a proof development system such as Nuprl. Methods of Halpern and Zuck [1992] then apply to convert these knowledgebased protocols to ordinary protocols. These methods can be expressed as heuristic transformation tactics in Nuprl. 1
A graphbased approach towards discerning inherent structures in a digital library of formal mathematics
 In Lecture Notes in Computer Science
, 2004
"... Abstract. As the amount of online formal mathematical content grows, for example through active efforts such as the Mathweb [21], MOWGLI [4], Formal Digital Library, or FDL [1], and others, it becomes increasingly valuable to find automated means to manage this data and capture semantics such as rel ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. As the amount of online formal mathematical content grows, for example through active efforts such as the Mathweb [21], MOWGLI [4], Formal Digital Library, or FDL [1], and others, it becomes increasingly valuable to find automated means to manage this data and capture semantics such as relatedness and significance. We apply graphbased approaches, such as HITS, or HyperlinkInduced Topic Search, [11] used for World Wide Web document search and analysis, to formal mathematical data collections. The nodes of the graphs we analyze are theorems and definitions, and the links are logical dependencies. By exploiting this link structure, we show how one may extract organizational and relatedness information from a collection of digital formal math. We discuss the value of the information we can extract, yielding potential applications in math search tools, theorem proving, and education.
Tracebased Verification of Imperative Programs with I/O
"... In this paper we demonstrate how to prove the correctness of systems implemented using lowlevel imperative features like pointers, files, and socket I/O with respect to high level I/O protocol descriptions by using the Coq proof assistant. We present a webbased course gradebook application develope ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
In this paper we demonstrate how to prove the correctness of systems implemented using lowlevel imperative features like pointers, files, and socket I/O with respect to high level I/O protocol descriptions by using the Coq proof assistant. We present a webbased course gradebook application developed with Ynot, a Coq library for verified imperative programming. We add a dialogbased I/O system to Ynot, and we extend Ynot’s underlying Hoare logic with event traces to reason about I/O and protocol behavior. Expressive abstractions allow the modular verification of both high level specifications like privacy guarantees and low level properties like data structure pointer invariants.
Effectively Nonblocking Consensus Procedures Can Execute Forever – a Constructive Version of FLP
, 2008
"... The FischerLynchPaterson theorem (FLP) says that it is impossible for processes in an asynchronous distributed system to achieve consensus on a binary value when a single process can fail. It is a widely cited theoretical result about network computing. All proofs that I know depend essentially on ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
The FischerLynchPaterson theorem (FLP) says that it is impossible for processes in an asynchronous distributed system to achieve consensus on a binary value when a single process can fail. It is a widely cited theoretical result about network computing. All proofs that I know depend essentially on classical (nonconstructive) logic, although they use the hypothetical construction of a nonterminating execution as a main lemma. FLP is also a guide for protocol designers, and in that role there is a connection to an important property of consensus procedures, namely that they should not block, i.e. reach a global state in which no process can decide. A deterministic faulttolerant consensus protocol is effectively nonblocking if from any reachable global state we can find an execution path that decides. In this article we effectively construct a nonterminating execution of such a protocol. That is, given the protocol P and a natural number n, we show how to compute the nth step of an infinitely indecisive computation of P. From this fully constructive result, the classical FLP follows as a corollary as well as a stronger classical result, called here Strong FLP. Moreover, the construction focuses attention on the important role of nonblocking in protocol design.
Formalising the Grid Environment
, 2003
"... In the emerging eScience, a Grid computing environment is coming into shape. However, the features of "rapid customised assembly of services" and "autonomic computing" have yet been adequately addressed in existing Grid prototypes [Atkinson et al. ]. Our project is set up to apply deductive synthes ..."
Abstract
 Add to MetaCart
In the emerging eScience, a Grid computing environment is coming into shape. However, the features of "rapid customised assembly of services" and "autonomic computing" have yet been adequately addressed in existing Grid prototypes [Atkinson et al. ]. Our project is set up to apply deductive synthesis to automate Grid service assembly, using proof planning technology, provided that Grid services and applications can be specified in a suitable logic.
RESTRUCTURING FORMAL MATHEMATICS FOR NATURAL TEXTS
, 2004
"... In the presence of growing collections of formal mathematics, and renewed interest in formal mathematics and automated theorem proving for new domains such as hardware or code verification, it is vital to be able to present formal content accessibly to broad audiences. We propose a novel approach to ..."
Abstract
 Add to MetaCart
In the presence of growing collections of formal mathematics, and renewed interest in formal mathematics and automated theorem proving for new domains such as hardware or code verification, it is vital to be able to present formal content accessibly to broad audiences. We propose a novel approach to constructing a content planner for formal mathematics produced by a tacticstyle prover which capitalizes on the inherent structure of the formal proofs. Though it had been posited that highlevel formal structure is unsuitable as a source of information for text generation, due to its heuristic nature and necessary lack of details, we are able to show that this is not the case. Tacticstyle proofs share significant structural commonality with the discourse structure of corresponding texts. These commonalities allow a content planner to be constructed which need only use lowlevel logical content as a supplementary information source to the generation process. To show that this is the case, we collected two corpora of texts generated to communicate the proof content of a series of formal proofs produced by the Nuprl
Proof Assistants and the Dynamic Nature of Formal Theories ∗
"... This article shows that theory exploration arises naturally from the need to progressively modify applied formal theories, especially those underpinning deployed systems that change over time or need to be attacktolerant. Such formal theories require us to explore a problem space with a proof assis ..."
Abstract
 Add to MetaCart
This article shows that theory exploration arises naturally from the need to progressively modify applied formal theories, especially those underpinning deployed systems that change over time or need to be attacktolerant. Such formal theories require us to explore a problem space with a proof assistant and are naturally dynamic. The examples in this article are from our ongoing decadelong effort to formally synthesize critical components of modern distributed systems. Using the Nuprl proof assistant we created event logic and its protocol theories. I also mention the impact over this period of extensions to the constructive type theory implemented by Nuprl. One of them led to our solution of a long standing open problem in constructive logic. Proof exchange among theorem provers is promising for improving the “super tactics” that provide domain specific reasoners for our protocol theories. Both theory exploration and proof exchange illustrate the dynamic nature of applied formal theories built using modern proof assistants. These activities dispel the false impression that formal theories are rigid and brittle artifacts that become less relevant over time in a fast moving field like computer science. 1