Digital image watermarking: its formal model, fundamental properties and possible attacks

While formal definitions and security proofs are well established in some fields like cryptography and steganography, they are not as evident in digital watermarking research. A systematic development of watermarking schemes is desirable, but at present their development is usually informal, ad hoc, and omits the complete realization of application scenarios. This practice not only hinders the choice and use of a suitable scheme for a watermarking application, but also leads to debate about the state-of-the-art for different watermarking applications. With a view to the systematic development of watermarking schemes, we present a formal generic model for digital image watermarking. Considering possible inputs, outputs, and component functions, the initial construction of a basic watermarking model is developed further to incorporate the use of keys. On the basis of our proposed model, fundamental watermarking properties are defined and their importance exemplified for different image applications. We also define a set of possible attacks using our model showing different winning scenarios depending on the adversary capabilities. It is envisaged that with a proper consideration of watermarking properties and adversary actions in different image applications, use of the proposed model would allow a unified treatment of all practically meaningful variants of watermarking schemes.

A formal model of the Semantic Web Service Ontology (WSMO)

Semantic Web Service, one of the most significant research areas within the Semantic Web vision, has attracted increasing attention from both the research community and industry. The Web Service Modelling Ontology (WSMO) has been proposed as an enabling framework for the total/partial automation of the tasks (e.g., discovery, selection, composition, mediation, execution, monitoring, etc.) involved in both intra- and inter-enterprise integration of Web services. To support the standardisation and tool support of WSMO, a formal model of the language is highly desirable. As several variants of WSMO have been proposed by the WSMO community, which are still under development, the syntax and semantics of WSMO should be formally defined to facilitate easy reuse and future development. In this paper, we present a formal Object-Z formal model of WSMO, where different aspects of the language have been precisely defined within one unified framework. This model not only provides a formal unambiguous model which can be used to develop tools and facilitate future development, but as demonstrated in this paper, can be used to identify and eliminate errors present in existing documentation.

Formal analysis of human-computer interaction using model checking

Experiments with simulators allow psychologists to better understand the causes of human errors and build models of cognitive processes to be used in human reliability assessment (HRA). This paper investigates an approach to task failure analysis based on patterns of behaviour, by contrast to more traditional event-based approaches. It considers, as a case study, a formal model of an air traffic control (ATC) system which incorporates controller behaviour. The cognitive model is formalised in the CSP process algebra. Patterns of behaviour are expressed as temporal logic properties. Then a model-checking technique is used to verify whether the decomposition of the operator's behaviour into patterns is sound and complete with respect to the cognitive model. The decomposition is shown to be incomplete and a new behavioural pattern is identified, which appears to have been overlooked in the analysis of the data provided by the experiments with the simulator. This illustrates how formal analysis of operator models can yield fresh insights into how failures may arise in interactive systems.

Formal modelling and analysis of DNP3 secure authentication

Supervisory Control and Data Acquisition (SCADA) systems are one of the key foundations of smart grids. The Distributed Network Protocol version 3 (DNP3) is a standard SCADA protocol designed to facilitate communications in substations and smart grid nodes. The protocol is embedded with a security mechanism called Secure Authentication (DNP3-SA). This mechanism ensures that end-to-end communication security is provided in substations. This paper presents a formal model for the behavioural analysis of DNP3-SA using Coloured Petri Nets (CPN). Our DNP3-SA CPN model is capable of testing and verifying various attack scenarios: modification, replay and spoofing, combined complex attack and mitigation strategies. Using the model has revealed a previously unidentified flaw in the DNP3-SA protocol that can be exploited by an attacker that has access to the network interconnecting DNP3 devices. An attacker can launch a successful attack on an outstation without possessing the pre-shared keys by replaying a previously authenticated command with arbitrary parameters. We propose an update to the DNP3-SA protocol that removes the flaw and prevents such attacks. The update is validated and verified using our CPN model proving the effectiveness of the model and importance of the formal protocol analysis.

A model for tool-use traditions in primates: implications for the coevolution of culture and cognition

Inspired by the demonstration that tool-use variants among wild chimpanzees and orangutans qualify as traditions (or cultures), we developed a formal model to predict the incidence of these acquired specializations among wild primates and to examine the evolution of their underlying abilities. We assumed that the acquisition of the skill by an individual in a social unit is crucially controlled by three main factors, namely probability of innovation, probability of socially biased learning, and the prevailing social conditions (sociability, or number of potential experts at close proximity). The model reconfirms the restriction of customary tool use in wild primates to the most intelligent radiation, great apes; the greater incidence of tool use in more sociable populations of orangutans and chimpanzees; and tendencies toward tool manufacture among the most sociable monkeys. However, it also indicates that sociable gregariousness is far more likely to produce the maintenance of invented skills in a population than solitary life, where the mother is the only accessible expert. We therefore used the model to explore the evolution of the three key parameters. The most likely evolutionary scenario is that where complex skills contribute to fitness, sociability and/or the capacity for socially biased learning increase, whereas innovative abilities (i.e., intelligence) follow indirectly. We suggest that the evolution of high intelligence will often be a byproduct of selection on abilities for socially biased learning that are needed to acquire important skills, and hence that high intelligence should be most common in sociable rather than solitary organisms. Evidence for increased sociability during hominin evolution is consistent with this new hypothesis. (C) 2003 Elsevier Science Ltd. All rights reserved.

Towards formal verification of analog mixed signal designs using SPICE circuit simulation traces

An extension to a formal verification approach of hybrid systems is proposed to verify analog and mixed signal (AMS) designs. AMS designs can be formally modeled as hybrid systems and therefore lend themselves to the formal analysis and verification techniques applied to hybrid systems. The proposed approach employs simulation traces obtained from an actual design implementation of AMS circuit blocks (for example, in the form of SPICE netlists) to carry out formal analysis and verification. This enables the same platform used for formally validating an abstract model of an AMS design, to be also used for validating its different refinements and design implementation; thereby, providing a simple route to formal verification at different levels of implementation. The feasibility of the proposed approach is demonstrated with a case study based on a tunnel diode oscillator. Since the device characteristic of a tunnel diode is highly non-linear with a negative resistance region, dynamic behavior of circuits in which it is employed as an element is difficult to model, analyze and verify within a general hybrid system formal verification tool. In the case study presented the formal model and the proposed computational techniques have been incorporated into CheckMate, a formal verification tool based on MATLAB and Simulink-Stateflow Framework from MathWorks.

Formal specification and refinement of a safe train control function

Motivated by the design and development challenges of the BART case study, an approach for developing and analyzing a formal model for reactive systems is presented. The approach makes use of a domain specific language for specifying control algorithms able to satisfy competing properties such as safety and optimality. The domain language, called SPC, offers several key abstractions such as the state, the profile, and the constraint to facilitate problem specification. Using a high-level program transformation system such as HATS being developed at the University of Nebraska at Omaha, specifications in this modelling language can be transformed to ML code. The resulting executable specification can be further refined by applying generic transformations to the abstractions provided by the domain language. Problem dependent transformations utilizing the domain specific knowledge and properties may also be applied. The result is a significantly more efficient implementation which can be used for simulation and gaining deeper insight into design decisions and various control policies. The correctness of transformations can be established using a rewrite-rule based induction theorem prover Rewrite Rule Laboratory developed at the University of New Mexico.

Integration of shading and texture cues: testing the linear model

One of the first attempts to develop a formal model of depth cue integration is to be found in Maloney and Landy's (1989) "human depth combination rule". They advocate that the combination of depth cues by the visual sysetem is best described by a weighted linear model. The present experiments tested whether the linear combination rule applies to the integration of texture and shading. As would be predicted by a linear combination rule, the weight assigned to the shading cue did vary as a function of its curvature value. However, the weight assigned to the texture cue varied systematically as a function of the curvature value of both cues. Here we descrive a non-linear model which provides a better fit to the data. Redescribing the stimuli in terms of depth rather than curvature reduced the goodness of fit for all models tested. These results support the hypothesis that the locus of cue integration is a curvature map, rather than a depth map. We conclude that the linear comination rule does not generalize to the integration of shading and texture, and that for these cues it is likely that integration occurs after the recovery of surface curvature.

Ateliê caderneta de cromos : estudo sobre a relação de uma prática artística visual não formal e inclusão

Esta investigação teve como objeto de estudo o Ateliê Caderneta de Cromos, do projeto Geração Cool, fruto de uma parceria entre várias instituições do concelho de Almada. Trata--se de um projeto de desenvolvimento social comunitário, multicultural, associado a uma escola. Através de um estudo de caso, pretendeu analisar-se, criticamente, um modelo não formal de práticas ligadas às artes visuais, vocacionado para jovens em risco e mostrar como as aprendizagens desenvolvidas num ateliê de artes visuais contribuem para o processo de inclusão desses jovens. Desenvolveu-se um quadro teórico abrangente, no sentido de sustentar as perguntas iniciais, referenciando questões consideradas pertinentes tais como: visões contemporâneas das realidades multiculturais das periferias urbanas; perspetivas pós-modernistas de ensino artístico, defensoras de uma construção cognitiva; ação dos projetos artísticos de desenvolvimento social e ainda, a importância ética e social dos currículos artísticos atuais. Tendo como referência a hipótese de antagonismo e/ou complementaridade entre o ato pedagógico não formal e o institucional, o estudo procurou estabelecer uma relação entre essa prática e a inclusão, ao identificar e desmontar um roteiro estratégico de aprendizagens. O ato pedagógico no Ateliê mostrou potenciar uma aprendizagem construtiva nas respostas produzidas, sendo também significativa pelo caráter experiencial vivido e cognitiva no sentido em que determina a construção de um significado, assumido como a própria assunção identitária.