Search combinators

The ability to model search in a constraint solver can be an essential asset for solving combinatorial problems. However, existing infrastructure for defining search heuristics is often inadequate. Either modeling capabilities are extremely limited or users are faced with a general-purpose programming language whose features are not tailored towards writing search heuristics. As a result, major improvements in performance may remain unexplored. This article introduces search combinators, a lightweight and solver-independent method that bridges the gap between a conceptually simple modeling language for search (high-level, functional and naturally compositional) and an efficient implementation (low-level, imperative and highly non-modular). By allowing the user to define application-tailored search strategies from a small set of primitives, search combinators effectively provide a rich domain-specific language (DSL) for modeling search to the user. Remarkably, this DSL comes at a low implementation cost to the developer of a constraint solver. The article discusses two modular implementation approaches and shows, by empirical evaluation, that search combinators can be implemented without overhead compared to a native, direct implementation in a constraint solver.     

A microkernel architecture for constraint programming

This paper presents a microkernel architecture for constraint programming organized around a small number of core functionalities and minimal interfaces. The architecture contrasts with the monolithic nature of many implementations. With this design, variables, domains and constraints all remain external to the microkernel which isolates the propagation logic and event protocols from the modeling constructions. The Objective-CP search blends the control primitives of the host language with search combinators in a completely transparent and fully compositional way, delivering a natural search procedure in which one can use native constructions and tools such as debuggers. Empirical results indicate that the software engineering benefits are not incompatible with runtime efficiency.     

Strict combinators

The idea of strict combinators is presented, and its use in the implementation of purely functional programming languages is discussed. Examples are given and the effect of the proposed implementation of such combinators on performance is also discussed.     

Four ways to improve security

How can you tell if an IT security product (or a product that includes security components) can secure your application? How can you be certain that a product will fully deliver on its claims that it will protect against malice in a deployed environment? Unfortunately, few vendors - and even fewer customers - can make these judgments. The article won't make you a security wizard, but it will give you a feel for what to look for in, and when to be concerned about, a vendor's claims. To ensure that a product has a chance of being secure; customers should check that vendors use adequate approaches in four primary areas. In order of importance (and maturity and availability), they are: quality-control (QC) mechanisms; cryptographic primitives; hardware assist mechanisms; and separation mechanisms.     

A discrimination algorithm inside λ-β-calculus

A finite set {F₁,…,F_n} of λ-terms is said to be discriminable if, given n arbitrary λ-terms X₁,…,X_n, there exists a λ-term Δ such that: ΔF_i ? X_ifor 1 ? i ? n. In the present paper each finite set of normal combinators which are pairwise non α-η-convertible is proved to be discriminable. Moreover a discrimination algorithm is given.     

Sarbanes—Oxley and Enterprise Security: IT Governance — What It Takes to Get the Job Done

Abstract

Several sections of the Sarbanes— Oxley Act of 2002 (SOX) directly affect the governance of the information technology (IT) organization, including potential SOX certification by the chief information officer, Section 404 internal control assessments, “rapid and current” disclosures to the public of material changes, and authentic and immutable record retention. The Securities and Exchange Commission (SEC) requires publicly traded companies to comply with the Treadway Commission's Committee of Sponsoring Organizations (COSO) that defines enterprise risk and places security as a critical variable in enterprise risk assessment. Effective IT and security governance are examined in terms of SOX compliance. Motorola IT security governance demonstrates effective structures, processes, and communications; centralized security leaders participate with Motorola's Management Board to create an enabling security organization to sustain long-term change.     

A timed semantics of Orc

Orc is a kernel language for structured concurrent programming. Orc provides three powerful combinators that define the structure of a concurrent computation. These combinators support sequential and concurrent execution, and concurrent execution with blocking and termination.Orc is particularly well-suited for task orchestration, a form of concurrent programming with applications in workflow, business process management, and web service orchestration. Orc provides constructs to orchestrate the concurrent invocation of services while managing time-outs, priorities, and failures of services or communication.Our previous work on the semantics of Orc focused on its asynchronous behavior. The inclusion of time or the effect of delay on a computation had not been modeled. In this paper, we define an operational semantics of Orc that allows reasoning about delays, which are introduced explicitly by time-based constructs or implicitly by network delays. We develop a number of identities among Orc expressions and define an equality relation that is a congruence. We also present a denotational semantics in which the meaning of an Orc program is a set of traces, and show that the two semantics are equivalent.     

Easy intruder deduction problems with homomorphisms

We present complexity results for the verification of security protocols. Since the perfect cryptography assumption is unrealistic for cryptographic primitives with visible algebraic properties, we extend the classical Dolev-Yao model by permitting the intruder to exploit these properties. More precisely, we are interested in theories such as Exclusive or and Abelian groups in combination with the homomorphism axiom. We show that the intruder deduction problem is in PTIME in both cases, improving the EXPTIME complexity results of Lafourcade, Lugiez and Treinen.     

A predictable real-time kernel for distributed multisensor systems

The authors present a real-time kernel developed to support a distributed multisensor system encountered in robotics applications. To ensure predictability, the kernel provides services with bounded worst-case execution times. In addition, the kernel allows the programmer to specify timing constraints for process execution and interprocess communication. The kernel uses these timing constraints both for scheduling processes and for scheduling communications. To illustrate the kernel, the authors describe a multisensor system being developed on their distributed real-time system. They present the measured performance of kernel primitives along with conclusions and remarks regarding distributed real-time systems     

Distributed system for educational use

The paper describes how five minicomputers used in undergraduate teaching have been linked with, initially, a ring topology. An operating system kernel providing message primitives, already operational for a single site, has been extended for multisite connections and supports a hierarchy of processes according to the Reference Model for Open Systems Interconnection.In parallel, single-site systems based on procedural and rendezvous primitives are being formulated and extended for a distributed system. The aim of this work is to illustrate concepts and mechanisms in an educational environment.     

New aspect-oriented constructs for security hardening concerns

In this paper, we present new pointcuts and primitives to Aspect-Oriented Programming (AOP) languages that are needed for systematic hardening of security concerns. The two proposed pointcuts allow to identify particular join points in a program's control-flow graph (CFG). The first one is the GAFlow, Closest Guaranteed Ancestor, which returns the closest ancestor join point to the pointcuts of interest that is on all their runtime paths. The second one is the GDFlow, Closest Guaranteed Descendant, which returns the closest child join point that can be reached by all paths starting from the pointcut of interest. The two proposed primitives are called ExportParameter and ImportParameter and are used to pass parameters between two pointcuts. They allow to analyze a program's call graph in order to determine how to change function signatures for passing the parameters associated with a given security hardening. We find these pointcuts and primitives to be necessary because they are needed to perform many security hardening practices and, to the best of our knowledge, none of the existing ones can provide their functionalities. Moreover, we show the viability and correctness of the proposed pointcuts and primitives by elaborating and implementing their algorithms and presenting the result of explanatory case studies.     

Communication and Synchronization Primitives for Distributed Programs

A distributed program is a collection of several processes which execute concurrently, possibly in different nodes of a distributed system, and which cooperate with each other to realize a common goal. In this paper, we present a design of communication and synchronization primitives for distributed programs. The primitives are designed such that they can be provided by a kernel of a distributed operating system. An important feature of the design is that the configuration of a process, i.e., identities of processes with which the process communicates, is specified separately from the computation performed by the process. This permits easy configuration and reconfiguration of processes. We identify different kinds of communication failures, and provide distinct mechanisms for handling them. The communication primitives are not atomic actions. To enable the construction of atomic actions, two new program components, atomic agent and manager are introduced. These are devoid of policy decisions regarding concurrency control and atomic commitment. We introduce the notion of conflicts relation using which a designer can construct either an optimistic or a pessimistic concurrency control scheme. The design also incorporates primitives for constructing nested atomic actions.     

A policy‐centric approach to protecting OS kernel from vulnerable LKMs

Loadable kernel modules (LKMs) that contain vulnerabilities are a big threat to modern operating systems (OSs). The primary reason is that there is no protection mechanism inside the kernel space when the LKM is executed. As a result, kernel module exploitation can seriously affect the OS kernel security. Although many protection systems have been developed to address this problem in the past few years, there still remain some challenges: (1) How to automatically generate a security policy before the kernel module is enforced? (2) How to properly mediate the interactions between the kernel module and the OS kernel without modifications on the existing OS, hardware, and kernel module structure? To address these challenges, we present LKM guard (LKMG), a policy‐centric system that can protect commodity OS kernel from vulnerable LKMs. Compared with previous systems, LKMG is able to generate a security policy from a kernel module and then enforce the policy during the run time. Generally, the working process of LKMG can be divided into 2 stages. First, we utilize static analysis to extract the kernel code and data access patterns from a kernel module's source code and then combine these patterns with the related memory address information to generate a security policy. Second, by leveraging the hardware‐assisted virtualization technology, LKMG isolates the kernel module from the rest of the kernel and then enforces the kernel module's execution to obey the derived policy. The experiments show that our system can defend against various attacks launched by the compromised kernel module effectively with moderate performance cost.     

A prological definition of HASL a purely functional language with unification based conditional binding expressions

We present a definition in Prolog of a new purely funtional (applicative) language HASL (HArvey’s StaticLanguage). HASL is a descendant of Turner’s SASL and differs from the latter in several significant points: it includes Abramson’s unification based conditional binding constructs; it restricts each clause in a definition of a HASL function to have the same arity, thereby complicating somewhat the compilation of clauses to combinators, but simplifying considerably the HASL reduction machine; and it includes the single element domain {fail} as a component of the domain of HASL data structures. It is intended to use HASL to express the functional dependencies in a translator writing system based on denotational semantics, and to study the feasibility of using HASL as a functional sublanguage of Prolog or some other logic programming language. Regarding this latter application we suggest that since a reduction mechanism exists for HASL, it may be easier to combine it with a logic programming language than it was for Robinson and Siebert to combine LISP and LOGIC into LOGLISP: in that case a fairly complex mechanism had to be invented to reduce uninterpreted LOGIC terms to LISP values. The definition is divided into four parts. The first part defines the lexical structure of the language by means of a simple Definite Clause Grammar which relates character strings to “token” strings. The second part defines the syntactic structure of the language by means of a more complex Definite Clause Grammar and relates token strings to a parse tree. The third part is semantic in nature and translates the parse tree definitions and expressions to a variable-free string of combinators and global names. The fourth part of the definition consists of a set of Prolog predicates which specifies how strings of combinators and global names are reduced to “values”, ie., integers, truth values, characters, lists, functions, fail, and has an operational flavour: one can think of this fourth part as the definition of a normal order reduction machine.     

The influence of user expertise and phone complexity on performance,ease of use and learnability of different mobile phones

The study focuses on usability, ease of use and learnability of three different mobile phones (Nokia 3210, Siemens C35i, Motorola P7389). The first independent variable refers to the complexity of the menu (depth/breadth of the menu tree) and navigation keys (number/functionality). The Nokia phone had the lowest and the Motorola the highest complexity, with the Siemens phone ranging between them. The second independent variable was user expertise: 30 novices and 30 experts solved six telephone tasks. In order to assess effects of learnability, tasks were presented twice. Differences between the mobile phones regarding effectiveness, efficiency and learnability were found: The best performance was shown by Nokia users. The remaining two phones did not differ significantly, although the most complex phone was superior to the phone of medium complexity which had the lowest performance. Moreover, an effect of expertise was confirmed, though suboptimal interfaces were identified as lessening the advantage of expertise. Specific weaknesses of the tested phones are discussed.     

Where Motorola goes next

Mario Di Prizio, director of engineering and product development for Motorola’s Worldwide Smartcard Solutions Division, outlines Motorola’s strategy in an interview with Card Technology Today editor David Jones.     

How Australia can catch up to U.S. cyber resilience by understanding that cyber survivability test and evaluation drives defense investment

The cyber threat to Australia’s Department of Defense (DoD) is not only information security, but includes preventing its platforms from being crippled. This threat is increasing and Australia is not keeping pace with its allies. Since 2009, the United States has used test and evaluation (T&E) policy and practice to inculcate the threat posed by cyber warfare into the development, acquisition, and fielding of all of its DoD platforms. As a result, U.S. defense chiefs understood early the operational vulnerability of their systems to cyber warfare, and of the necessity of designing more cyber-resilient systems. Australia has not required such cyber-security T&E and therefore may be blind to the operational vulnerabilities of its major platforms to cyber attack and is therefore likely to continue to underinvest in the cyber resilience of its capabilities. This article argues that the Australian DoD needs to urgently conduct operationally-focused cyber-survivability trials that leverage its alliance with the United States. In studying the growing divide in cyber security between these two close allies, this article’s contribution is concluding that representative cyber threats in operational T&E is a crucial first step for any country to gain understanding and appropriate investment in DoD cyber security.     

Motorola新型单片机MC68HC908JL3编程器的设计与实现

在分析M68HC08系列芯片内核结构及Flash存储器编程模式基础上,提出了MC68HC908JL3芯片的一种简明而实用的编程器设计方案,给出了基本设计思想、硬件设计电路、软件设计框架,并与Motorola公司提供的电路进行了对比分析。     

The kernel strategy and its use for the study of combinatory logic

Barendregt defines combinatory logic as an equational system satisfying the combinatorsS andK with ((Sx)y)z=(xz)(yz) and (Kx)y=x; the set consisting ofS andK provides abasis for all of combinatory logic. Rather than studying all of the logic, logicians often focus onfragments of the logic, subsets whose basis is obtained by replacingS orK or both by other combinators. In this article, we present a powerful new strategy, called thekernel strategy, for studying fragments in the context of questions concerned with fixed point properties. Interest in such properties rests in part with their relation to normal forms and paradoxes. We show how the kernel strategy was used to answer a number of open questions, offering abundant evidence that the availability of the kernel strategy marks a singular advance for automated reasoning. In all of our experiments with this strategy applied by an automated reasoning program, the rate of success has been impressively high and the CPU time to obtain the desired information startlingly small. For each fragment we study, we use the kernel strategy to attempt to determine whether the strong or the weak fixed point property holds. WhereA is a given fragment with basisB, the strong fixed point property holds forA if and only if there exists a combinatory such that, for all combinatorsx,yx=x(yx), wherey is expressed purely in terms of elements ofB. The weak fixed point property holds forA if and only if for all combinatorsx there exists a combinatory such thaty=xy, wherey is expressed purely in terms of the elements ofB and the combinatorx. Because the use of the kernel strategy is so effective in addressing questions focusing on either fixed point property, its formulation marks an important advance for combinatory logic. Perhaps of especial interest to logicians is an infinite class of infinite sets of tightly coupled fixed point combinators (presented here), whose unexpected discovery resulted directly from the application of the strategy by an automated reasoning program. We also offer various open questions for possible research and focus on an automated reasoning program and input files that may prove useful for such research.This work was supported by the Applied Mathematical Sciences subprogram of the Office of Energy Research, U.S. Department of Energy, under Contract W-31-109-Eng-38.