Alwen Tiu's research while affiliated with Australian National University and other places

Publications (96)

Chapter
We describe Dagster, a system that implements a new approach to scheduling interdependent (Boolean) SAT search activities in high-performance computing (HPC) environments. This system allows practitioners to solve challenging problems by efficiently distributing search effort across computing cores in a customizable way. Our solver takes as input a...
Chapter
We present an investigation into the design and implementation of a parallel model checker for security protocol verification that is based on a symbolic model of the adversary, where instantiations of concrete terms and messages are avoided until needed to resolve a particular assertion. We propose to build on this naturally lazy approach to paral...
Preprint
We present an investigation into the design and implementation of a parallel model checker for security protocol verification that is based on a symbolic model of the adversary, where instantiations of concrete terms and messages are avoided until needed to resolve a particular assertion. We propose to build on this naturally lazy approach to paral...
Preprint
Full-text available
In the hardware design process, hardware components are usually described in a hardware description language. Most of the hardware description languages, such as Verilog and VHDL, do not have mathematical foundation and hence are not fit for formal reasoning about the design. To enable formal reasoning in one of the most commonly used description l...
Article
Full-text available
Open bisimilarity is defined for open process terms in which free variables may appear. The insight is, in order to characterise open bisimilarity, we move to the setting of intuitionistic modal logics. The intuitionistic modal logic introduced, called $\mathcal{OM}$, is such that modalities are closed under substitutions, which induces a property...
Article
Full-text available
We introduce translations between display calculus proofs and labeled calculus proofs in the context of tense logics. First, we show that every derivation in the display calculus for the minimal tense logic Kt extended with general path axioms can be effectively transformed into a derivation in the corresponding labeled calculus. Concerning the con...
Article
Full-text available
The SPARC instruction set architecture (ISA) has been used in various processors in workstations, embedded systems, and in mission-critical industries such as aviation and space engineering. Hence, it is important to provide formal frameworks that facilitate the verification of hardware and software that run on or interface with these processors. I...
Article
This work explores how to enhance pseudonymous whistleblower submission systems, specifically by supporting protocol level unlinkability, while also making the system resilient against (distributed) denial of service attacks. To that end, we propose a blind signature based protocol which facilitates assignment of trust to anonymous posters in a man...
Preprint
Full-text available
We introduce translations between display calculus proofs and labelled calculus proofs in the context of tense logics. First, we show that every derivation in the display calculus for the minimal tense logic Kt extended with general path axioms can be effectively transformed into a derivation in the corresponding labelled calculus. Concerning the c...
Article
Full-text available
We provide a direct method for proving Craig interpolation for a range of modal and intuitionistic logics, including those containing a "converse" modality. We demonstrate this method for classical tense logic, its extensions with path axioms, and for bi-intuitionistic logic. These logics do not have straightforward formalisations in the traditiona...
Preprint
Full-text available
We provide a direct method for proving Craig interpolation for a range of modal and intuitionistic logics, including those containing a "converse" modality. We demonstrate this method for classical tense logic, its extensions with path axioms, and for bi-intuitionistic logic. These logics do not have straightforward formalisations in the traditiona...
Chapter
Symbolic verification of security protocols typically relies on an attacker model called the Dolev-Yao model, which does not model adequately various algebraic properties of cryptographic operators used in many real-world protocols. In this work we describe an integration of a state-of-the-art protocol verifier ProVerif, with automated first order...
Article
Full-text available
This article explores the proof theory necessary for recommending an expressive but decidable first-order system, named MAV1, featuring a De Morgan dual pair of nominal quantifiers. These nominal quantifiers called “new” and “wen” are distinct from the self-dual Gabbay-Pitts and Miller-Tiu nominal quantifiers. The novelty of these nominal quantifie...
Preprint
SPARC processors have many applications in mission-critical industries such as aviation and space engineering. Hence, it is important to provide formal frameworks that facilitate the verification of hardware and software that run on or interface with these processors. This paper presents the first mechanised SPARC Total Store Ordering (TSO) memory...
Article
MTL has been widely used to specify runtime policies. Traditionally this use is to capture the qualitative aspects of the monitored systems, but recent developments in its extensions with aggregate operators allow some quantitative policies to be specified. Our interest in MTL-based policy languages is driven by applications in runtime malware or i...
Article
Full-text available
This paper clarifies that linear implication defines a branching-time preorder, preserved in all contexts, when used to compare embeddings of process in non-commutative logic. The logic considered is a first-order extension of the proof system BV featuring a de Morgan dual pair of nominal quantifiers, called BV1. An embedding of π -calculus process...
Chapter
Full-text available
Attack trees provide a structure to an attack scenario, where disjunctions represent choices decomposing attacker’s goals into smaller subgoals. This paper investigates the nature of choices in attack trees. For some choices, the attacker has the initiative, but for other choices either the environment or an active defender decides. A semantics for...
Chapter
Scalable and automatic formal verification for concurrent systems is always demanding. In this paper, we propose a verification framework to support automated compositional reasoning for concurrent programs with shared variables. Our framework models concurrent programs as succinct automata and supports the verification of multiple important proper...
Conference Paper
Full-text available
Quasi-open bisimilarity is the coarsest notion of bisimilarity for the π-calculus that is also a congruence. This work extends quasi-open bisimilarity to handle mismatch (guards with inequalities). This minimal extension of quasi-open bisimilarity allows fresh names to be manufactured to provide constructive evidence that an inequality holds. The e...
Article
Full-text available
separation logics are a family of extensions of Hoare logic for reasoning about programs that manipulate resources such as memory locations. These logics are “abstract” because they are independent of any particular concrete resource model. Their assertion languages, called Propositional Abstract Separation Logics (PASLs), extend the logic of (Bool...
Article
Full-text available
We introduce a novel type system for enforcing secure information flow in an imperative language. Our work is motivated by the problem of statically checking potential information leakage in Android applications. To this end, we design a lightweight type system featuring Android permission model, where the permissions are statically assigned to app...
Conference Paper
Full-text available
This paper presents tactics for reasoning about the assertions of separation logic. We formalise our proof methods in Isabelle/HOL based on Klein et al.’s separation algebra library. Our methods can also be used in other separation logic frameworks that are instances of the separation algebra of Calcagno et al. The first method, separata , is bas...
Conference Paper
Full-text available
Open bisimilarity is a strong bisimulation congruence for the π-calculus. In open bisimilarity, free names in processes are treated as variables that may be instantiated; in contrast to late bisimilarity where free names are constants. An established modal logic due to Milner, Parrow, and Walker characterises late bisimilarity, that is, two process...
Conference Paper
Full-text available
Coverage-based fuzzing is one of the most effective techniques to find vulnerabilities, bugs or crashes. However, existing techniques suffer from the difficulty in exercising the paths that are protected by magic bytes comparisons (e.g., string equality comparisons). Several approaches have been proposed to use heavy-weight program analysis to brea...
Article
Full-text available
Attack trees profile the sub-goals of the proponent of an attack. Attack trees have a variety of semantics depending on the kind of question posed about the attack, where questions are captured by an attribute domain. We observe that one of the most general semantics for attack trees, the multiset semantics, coincides with a semantics expressed usi...
Article
Full-text available
In the logic programming paradigm, it is difficult to develop an elegant solution for generating distinguishing formulae that witness the failure of open-bisimilarity between two pi-calculus processes; this was unexpected because the semantics of the pi-calculus and open bisimulation have already been elegantly specified in higher-order logic progr...
Conference Paper
Full-text available
It is essential to deal with the interference of the environment between programs in concurrent program verification. This has led to the development of concurrent program reasoning techniques such as rely-guarantee. However, the source code of the programs to be verified often involves language features such as exceptions and procedures which are...
Conference Paper
Full-text available
The high security requirements of cyber-physical systems and the critical tasks they carry out make it necessary to guarantee the absence of any vulnerability to security attacks and that they have no unexpected behaviour. The size and complexity of the underlying hardware in cyber-physical systems are increasing and so is the risk of failures and...
Data
Article
The high security requirements of cyber-physical systems and the critical tasks they carry out make it necessary to guarantee the absence of any vulnerability to security attacks and that they have no unexpected behaviour. The size and complexity of the underlying hardware in cyber-physical systems are increasing and so is the risk of failures and...
Conference Paper
Full-text available
SPEC is an automated equivalence checker for security protocols specified in the spi-calculus, an extension of the pi-calculus with cryptographic primitives. The notion of equivalence considered is a variant of bisimulation, called open bisimulation, that identifies processes indistinguishable when executed in any context. SPEC produces compact and...
Conference Paper
Full-text available
The SPARCv8 instruction set architecture (ISA) has been used in various processors for workstations, embedded systems, and space missions. However, there are no publicly available formal models for the SPARCv8 ISA. In this work, we give the first formal model for the integer unit of SPARCv8 ISA in Isabelle/HOL. We capture the operational semantics...
Article
Full-text available
Scalable and automatic formal verification for concurrent systems is always demanding, but yet to be developed. In this paper, we propose a verification framework to support automated compositional reasoning for concurrent programs with shared variables. Our framework models concurrent programs as succinct automata and supports the verification of...
Conference Paper
Full-text available
Existing work on theorem proving for the assertion language of separation logic (SL) either focuses on abstract semantics which are not readily available in most applications of program verification, or on concrete models for which completeness is not possible. An important element in concrete SL is the points-to predicate which denotes a singleton...
Article
Full-text available
We present an expressive but decidable first-order system (named MAV1) defined by using the calculus of structures, a generalisation of the sequent calculus. In addition to first-order universal and existential quantifiers the system incorporates a pair of nominal quantifiers called new' and wen', distinct from the self-dual Gabbay-Pitts and Mill...
Conference Paper
Full-text available
This paper considers Reynolds’s separation logic with all logical connectives but without arbitrary predicates. This logic is not recursively enumerable but is very useful in practice. We give a sound labelled sequent calculus for this logic. Using numerous examples, we illustrate the subtle deficiencies of several existing proof calculi for separa...
Conference Paper
Linear temporal logic (LTL) has been widely used to specify runtime policies. Traditionally this use of LTL is to capture the qualitative aspects of the monitored systems, but recent developments in metric LTL and its extensions with aggregate operators allow some quantitative policies to be specified. Our interest in LTL-based policy languages is...
Article
Full-text available
Android is an operating system that has been used in a majority of mobile devices. Each application in Android runs in an instance of the Dalvik virtual machine, which is a register-based virtual machine (VM). Most applications for Android are developed using Java, compiled to Java bytecode and then translated to DEX bytecode using the dx tool in t...
Article
Full-text available
The Abella interactive theorem prover is based on an intuitionistic logic that allows for inductive and co-inductive reasoning over relations. Abella supports the λ-tree approach to treating syntax containing binders: it allows simply typed λ-terms to be used to represent such syntax and it provides higher-order (pattern) unification, the ∇ quantif...
Conference Paper
Proof theory for a logic with categorical semantics can be developed by the following methodology: define a sound and complete display calculus for an extension of the logic with additional adjunctions; translate this calculus to a shallow inference nested sequent calculus; translate this calculus to a deep inference nested sequent calculus; then p...
Conference Paper
Full-text available
separation logics are a family of extensions of Hoare logic for reasoning about programs that mutate memory. These logics are "abstract" because they are independent of any particular concrete memory model. Their assertion languages, called propositional abstract separation logics, extend the logic of (Boolean) Bunched Implications (BBI) in various...
Conference Paper
Full-text available
We present a design and an implementation of a security policy specification language based on metric linear-time temporal logic (MTL). MTL features temporal operators that are indexed by time intervals, allowing one to specify timing-dependent security policies. The design of the language is driven by the problem of runtime monitoring of applicati...
Conference Paper
Full-text available
We consider the problem of model checking specifications involving co-inductive definitions such as are available for bisimulation. A proof search approach to model checking with such specifications often involves state exploration. We consider four different tabling strategies that can minimize such exploration significantly. In general, tabling i...
Article
Full Intuitionistic Linear Logic (FILL) is multiplicative intuitionistic linear logic extended with par. Its proof theory has been notoriously difficult to get right, and existing sequent calculi all involve inference rules with complex annotations to guarantee soundness and cut-elimination. We give a simple and annotation-free display calculus for...
Conference Paper
Full-text available
We present a labelled sequent calculus for Boolean BI, a classical variant of O'Hearn and Pym's logic of Bunched Implication. The calculus is simple, sound, complete, and enjoys cut-elimination. We show that all the structural rules in our proof system, including those rules that manipulate labels, can be localised around applications of certain lo...
Conference Paper
Proof systems for logics with recursive definitions typically impose a strict syntactic stratification on the body of a definition to ensure cut elimination and consistency of the logics, i.e., by forbidding any negative occurrences of the predicate being defined. Often such a restriction is too strong, as there are cases where such negative occurr...
Conference Paper
Full-text available
A grammar logic refers to an extension to the multi-modal logic K in which the modal axioms are generated from a formal grammar. We consider a proof theory, in nested sequent calculus, of grammar logics with converse, i.e., every modal operator [a] comes with a converse. Extending previous works on nested sequent systems for tense logics, we show a...
Article
Full-text available
We consider two characterisations of the may and must testing preorders for a probabilistic extension of the finite pi-calculus: one based on notions of probabilistic weak simulations, and the other on a probabilistic extension of a fragment of Milner-Parrow-Walker modal logic for the pi-calculus. We base our notions of simulations on the similar c...
Conference Paper
Gödel-Dummett logic is an extension of first-order intuitionistic logic with the linearity axiom (A É B) Ú(B É A)(A \supset B) \lor (B \supset A), and the so-called “quantifier shift” axiom "x(A ÚB(x)) É A Ú"x B(x).\forall x(A \lor B(x)) \supset A \lor \forall x B(x). Semantically, it can be characterised as a logic for linear Kripke frames with co...
Article
We consider two styles of proof calculi for a family of tense logics, presented in a formalism based on nested sequents. A nested sequent can be seen as a tree of traditional single-sided sequents. Our first style of calculi is what we call "shallow calculi", where inference rules are only applied at the root node in a nested sequent. Our shallow c...
Article
Proof search has been used to specify a wide range of computation systems. In order to build a framework for reasoning about such specifications, we make use of a sequent calculus involving induction and co-induction. These proof principles are based on a proof theoretic (rather than set-theoretic) notion of definition. Definitions are akin to logi...
Conference Paper
We consider the problem of automating open bisimulation checking for the spi calculus, an extension of the pi-calculus with cryptographic primitives. The notion of open bisimulation considered here is indexed by a (symbolic) environment, represented as bi-traces (i.e., pairs of symbolic traces), which encode the history of interaction between the i...
Article
We consider an extension of bi-intuitionistic logic with the traditional modalities from tense logic Kt. Proof theoretically, this extension is obtained simply by extending an existing sequent calculus for bi-intuitionistic logic with typical inference rules for the modalities used in display logics. As it turns out, the resulting calculus, LBiKt,...
Article
Harrison John . Handbook of practical logic and automated reasoning. Cambridge University Press, Cambridge, UK, 2009, xix + 681 pp. - Volume 16 Issue 2 - Alwen Tiu
Article
We consider the problem of intruder deduction in security protocol analysis: that is, deciding whether a given message M can be deduced from a set of messages Gamma under the theory of blind signatures and arbitrary convergent equational theories modulo associativity and commutativity (AC) of certain binary operators. The traditional formulations o...
Conference Paper
We consider a formalisation of a notion of observer (or in- truder) theories, commonly used in symbolic analysis of security pro- tocols. An observer theory describes the knowledge and capabilities of an observer, and can be given a formal account using deductive sys- tems, such as those used in various "environment-sensitive" bisimulation for proc...
Conference Paper
We consider two sequent calculi for tense logic in which the syntactic judgements are nested sequents, i.e., a tree of traditional one- sided sequents built from multisets of formulae. Our first calculus SKt is a variant of Kashima's calculus for Kt, which can also be seen as a display calculus, and uses "shallow" inference whereby inference rules...
Conference Paper
Full-text available
We consider policies that are described by regular expres- sions, finite automata, or formulae of linear temporal logic (LTL). Such policies are assumed to describe situations that are problematic, and thus should be avoided. Given a trace pattern u, i.e., a sequence of ac- tion symbols and variables, were the variables stand for unknown (i.e., not...
Conference Paper
Online trading invariably involves dealings between strangers, so it is important for one party to be able to judge objectively the trust- worthiness of the other. In such a setting, the decision to trust a user may sensibly be based on that user's past behaviour. We introduce a specication language based on linear temporal logic for expressing a p...
Article
A notion of open bisimulation is formulated for the spi calculus, an extension of the pi-calculus with cryptographic primitives. In this formulation, open bisimulation is indexed by pairs of symbolic traces, which represent the history of interactions between the environment with the pairs of processes being checked for bisimilarity. The use of sym...
Article
Full-text available
Lambda tree syntax (a variant of HOAS) and nominal techniques are two approaches to representing and reasoning about languages containing bindings. Although they are based on separate foundations, recent advances in the proof theory of generic judgments have shown that one may be able to incorporate some aspects of nominal techniques (i.e., the equ...
Article
Online trading invariably involves dealings between strangers, so it is important for one party to be able to judge objectively the trustworthiness of the other. In su ch a setting, the decision to trust a user may sensibly be based on that user's past behaviour. We introduc e a specification language based on linear temporal logic for expressing a...
Article
Full-text available
Proof search has been used to specify a wide range of computation systems. In order to build a framework for reasoning about such specifications, we make use of a sequent calculus involving induction and co-induction. These proof principles are based on a proof theoretic (rather than set-theoretic) notion of definition. Definitions are akin to (str...
Article
Full-text available
We specify the operational semantics and bisimulation relations for the finite pi-calculus within a logic that contains the nabla quantifier for encoding generic judgments and definitions for encoding fixed points. Since we restrict to the finite case, the ability of the logic to unfold fixed points allows this logic to be complete for both the ind...
Article
We consider the problem of intruder deduction in security protocol analysis: that is, deciding whether a given message $M$ can be deduced from a set of messages $\Gamma$ under the theory of blind signatures and arbitrary convergent equational theories modulo associativity and commutativity (AC) of certain binary operators. The traditional formulati...
Article
This paper presents a cut-elimination proof for the logic $LG^\omega$, which is an extension of a proof system for encoding generic judgments, the logic $\FOLDNb$ of Miller and Tiu, with an induction principle. The logic $LG^\omega$, just as $\FOLDNb$, features extensions of first-order intuitionistic logic with fixed points and a generic quantif...
Conference Paper
We propose a new sequent calculus for bi-intuitionistic log ic which sits somewhere between display calculi and traditional sequent calculi by using nested sequents. Our calculus enjoys a simple (purely syntactic) cut-elimination proof as do display calculi. But it has an eas ily derivable variant calculus which is amenable to automated proof searc...
Article
In this paper, we consider policies that are described by reg- ular languages. Such regular policies L are assumed to describe situa- tions that are problematic, and thus should be avoided. Given a trace pattern u, i.e., a sequence of action symbols and variables, were the vari- ables stand for unknown (i.e., not observed) sequences of actions, we...
Conference Paper
A notion of open bisimulation is formulated for the spi calculus, an extension of the π-calculus with cryptographic primitives. In this formulation, open bisimulation is indexed by pairs of symbolic traces, which represent the history of interactions between the environment with the pairs of processes being checked for bisimilarity. The use of symb...
Article
We begin by showing how to faithfully encode the Classical Modal Display Logic (CMDL) of Wansing into the Calculus of Structures (CoS) of Guglielmi. Since every CMDL calculus enjoys cut-elimination, we obtain a cut-elimination theorem for all corresponding CoS calculi. We then show how our result leads to a minimal cut-free CoS calculus for modal l...
Article
Full-text available
This paper presents an extension of a proof system for encoding generic judgments, the logic FO r of Miller and Tiu, with an induction principle. The logic FO r is itself an extension of intuitionistic logic with fixed points and a "generic quantifier", r, which is used to reason about the dynamics of bindings in object systems encoded in the logic...
Conference Paper
Full-text available
Bedwyr is a generalization of logic programming that allows model checking directly on syntactic expressions possibly containing bindings. This system, written in OCaml, is a direct implementation of two recent advances in the theory of proof search. The first is centered on the fact that both finite success and finite failure can be captured in th...
Conference Paper
This paper presents systems for first-order intuitionistic logic and several of its extensions in which all the propositional rules are local, in the sense that, in applying the rules of the system, one needs only a fixed amount of information about the logical expressions involved. The main source of non-locality is the contraction rules. We show...
Article
Full-text available
We report on an experiment in combining the theorem prover Isabelle with automatic first-order arithmetic provers to increase automation on the verification of distributed protocols. As a case study for the experiment we verify several averaging clock synchronization algorithms. We present a formalization of Schneider's generalized clock synchroniz...
Article
This paper studies properties of the logic BV, which is an extension of multiplicative linear logic (MLL) with a self-dual non-commutative operator. BV is presented in the calculus of structures, a proof theoretic formalism that supports deep inference, in which inference rules can be applied anywhere inside logical expressions. The use of deep inf...
Article
Full-text available
The operational semantics of a computation system is often presented as inference rules or, equivalently, as logical theories. Specifications can be made more declarative and high level if syntactic details concerning bound variables and substitutions are encoded directly into the logic using term-level abstractions (λ-abstraction) and proof-level...
Article
We formalize the generalized Byzantine fault-tolerant clock synchronization protocol of Schneider. This protocol abstracts from particular algorithms or implementations for clock syn- chronization. This abstraction includes several assumptions on the behaviors of physical clocks and on general properties of concrete algorithms/implementations. Base...
Article
Full-text available
The operational semantics and typing of modern program- ming and specification languages are often defined using relations and proof systems. In simple settings, logic programming can be used to pro- vide rather direct and natural interpreters for such operational semantics. More complex features of specifications such as names and their bind- ings...
Conference Paper
Model checking for transition systems specified in pi-calculus has been a difficult problem due to the infinite-branching nature of input prefix, name-restriction and scope extrusion. We propose here an approach to model checking for pi-calculus by encoding it into a logic which supports reasoning about bindings and fixed points. This logic, called...
Article
This paper presents a system for intuitionistic logic in which all the rules are local, in the sense that, in applying the rules of the system, one needs only a fixed amount of information about the logical expressions involved. The main source of non-locality is the contraction rule. We show that the contraction rule can be restricted to the atomi...
Article
Full-text available
We present a meta-logic that contains a new quantifier ∇ (for encoding “generic judgments”) and inference rules for reasoning within fixed points of a given specification. We then specify the operational semantics and bisimulation relations for the finite π-calculus within this meta-logic. Since we restrict to the finite case, the ability of the me...
Article
This paper gives an overview of a prototype implementation of a fragment of the logic Linc [5, 8, 13] (also referred to as F Oλ∆ ∇ in [5]), which we tentatively call ‘Level 0/1 Prover ’ here. This implementation is part of a larger project, Parsifal, at INRIA Futurs (see
Article
We present a logic in which signatures are explicit in the sequent, and of two different nature: one signature is associated to the whole sequent to account for eigenvariables of the sequent, the other is associated to each formula in the sequent, used to account for generic variables locally scoped over the formula. The logic is a version of intui...
Article
An extension of the language L is given. The extension was mainly motivated by applications of higher-order abstract syntax in en- coding generic judgments, where object-level signatures need to be coded explicitly. It is shown that this extension preserves the m.g.u property and the decidability of the unification problems.
Conference Paper
Proof search has been used to specify a wide range of computation systems. In order to build a framework for reasoning about such specifications, we make use of a sequent calculus involving induction and co-induction. These proof principles are based on a proof theoretic notion of definition, following on work by Schroeder-Heister, Girard, and McDo...
Article
A notion of open bisimulation is formulated for the spi cal-culus, an extension of the π-calculus with cryptographic primitives. This notion of open bisimulation is based on the so-called hedged bisimula-tion, due to Borgström and Nestmann. Open bisimulation is shown to be sound with respect to hedged bisimulation, and futher, open bisimi-larity is...
Article
For formal system verification to become common practice, it has to be supported by flexible and powerful deductive tools that can accommodate adequate levels of abstraction as well as a high degree of automation. In this paper, we report on a case study on combination of deductive tools to support verification of distributed algorithms. More speci...
Article
Full-text available
This course introduces a logical approach to formalizing, prototyp-ing and reasoning about computational systems. We shall consider systems from various contexts, including typing and evaluation notions for programming languages, logics and proof-theoretic principles, formally specified software and concurrency. A fea-ture common to many of these s...
Article
We present a meta-logic that contains a new quantifler r (for encoding \generic judg- ments") and inference rules for reasoning within flxed points of a given speciflcation. We then specify the operational semantics and bisimulation relations for the flnite …-calculus within this meta-logic. Since we restrict to the flnite case, the ability of the...

Citations

... Ahn et al. (2017) [AHT17] give an innovative intuitionistic logic characterising open bisimilarity. In their setting, substitution effects are only employed inside the definition of the logical implication operator. ...
... The propagation rules we use are largely based upon the work of [26,49], where such rules were used in the setting of display and nested calculi. These rules were then transported to the labeled setting to prove the decidability of agency (STIT) logics [34], to establish translations between calculi within various proof-theoretic formalisms [11], and to provide a basis for the structural refinement methodology [32]. In this paper, we apply this methodology in the setting of intuitionistic grammar logics, obtaining analytic nested systems for these logics, which are then put to use to establish conservativity and (un)decidability results. ...
... A DoS attack its purpose is to make the server or network fail to yield normal services. Ordinarily, this attack is managed by Send fake packets to the victim's device or by sending a large number of packets that exceed the ability to process them [17], [18]. There is no IPv6 safe zone, even if it was. ...
... The common presentation of Total Store Order (TSO) memory model is operational [18]. In addition to the traditional interleaving semantics, each hardware thread under TSO has a write buffer and propagates writes to the main memory nondeterministically. Hóu et al. [19] presented axiomatic TSO model and operational TSO model on the top of high-level ISA model and low-level ISA model. Using axiomatic memory model definitions, Lahav et al. [17] listed several laws that WMMs such as TSO or other non-multi-copy-atomic memory models should follow respectively. ...
... Initiated by Bull [5] and Kashima [30], nested sequent systems perform reasoning over trees of (pairs of) multisets of formulae, proving worthwhile in developing automated reasoning techniques for logics. Such systems have been used to write decision algorithms for logics supporting automated counter-model extraction [22,49], have been employed in constructive proofs of interpolation [21,35], and have even been applied in knowledge integration scenarios [39]. ...
... Here, it is of absolute importance that the protocols are correctly designed and specified. However, designing and specifying such protocols is an error-prone task, due to the complex security requirements and their dependencies on the attacker model [5,13]. As a consequence, many flaws of security protocols were only discovered after years of productive usage, e.g., it took 17 years to identify a critical flaw in the Needham-Schroeder Public-Key protocol [24]. ...
... The existence of these two separate cases is a surprising novelty since all proof systems, on which the splitting technique has been applied so far, only employ atoms, binary connectives [Gug07,AT17], modalities [Str03a,GS11], and quantifiers [HTAC19]. Here, for the first time we present splitting for n-ary connectives with n > 2. ...
... Past-time LTL (PTLTL) [10] is another useful language for specifying security-related properties [11]. PTLTL has two distinct temporal operators called previously (P ) and since ( S ). ...
... The next natural extension was adding the additives, leading to the logic MAV [Hor15], which has then been extended by nominal quantifiers (and standard first-order quantifiers) [HTAC19,HT19] in order to simulate private names in process algebras, as for example the π-calculus. This is in the line of research by Bruscoli [Bru02] who used BV to simulate reductions in CCS, following the formulas-as-processes paradigm. ...
... To solve this problem, the work in [15] proposed a type system that incorporates permissions in function types. And another work in [16] also proposed a type system that solves the problem of typing non-monotonic policies without resorting to downgrading or declassifying the information. Inspired by the above research, we define a statement that supports declassification assignment, as shown in Table II. ...