Approximate Relational Reasoning for Probabilistic Programs

La seguridad verificada es una metodología para demostrar propiedades de seguridad de los sistemas informáticos que se destaca por las altas garantías de corrección que provee. Los sistemas informáticos se modelan como programas probabilísticos y para probar que verifican una determinada propiedad de seguridad se utilizan técnicas rigurosas basadas en modelos matemáticos de los programas. En particular, la seguridad verificada promueve el uso de demostradores de teoremas interactivos o automáticos para construir demostraciones completamente formales cuya corrección es certificada mecánicamente (por ordenador). La seguridad verificada demostró ser una técnica muy efectiva para razonar sobre diversas nociones de seguridad en el área de criptografía. Sin embargo, no ha podido cubrir un importante conjunto de nociones de seguridad “aproximada”. La característica distintiva de estas nociones de seguridad es que se expresan como una condición de “similitud” entre las distribuciones de salida de dos programas probabilísticos y esta similitud se cuantifica usando alguna noción de distancia entre distribuciones de probabilidad. Este conjunto incluye destacadas nociones de seguridad de diversas áreas como la minería de datos privados, el análisis de flujo de información y la criptografía. Ejemplos representativos de estas nociones de seguridad son la indiferenciabilidad, que permite reemplazar un componente idealizado de un sistema por una implementación concreta (sin alterar significativamente sus propiedades de seguridad), o la privacidad diferencial, una noción de privacidad que ha recibido mucha atención en los últimos años y tiene como objetivo evitar la publicación datos confidenciales en la minería de datos. La falta de técnicas rigurosas que permitan verificar formalmente este tipo de propiedades constituye un notable problema abierto que tiene que ser abordado. En esta tesis introducimos varias lógicas de programa quantitativas para razonar sobre esta clase de propiedades de seguridad. Nuestra principal contribución teórica es una versión quantitativa de una lógica de Hoare relacional para programas probabilísticos. Las pruebas de correción de estas lógicas son completamente formalizadas en el asistente de pruebas Coq. Desarrollamos, además, una herramienta para razonar sobre propiedades de programas a través de estas lógicas extendiendo CertiCrypt, un framework para verificar pruebas de criptografía en Coq. Confirmamos la efectividad y aplicabilidad de nuestra metodología construyendo pruebas certificadas por ordendor de varios sistemas cuyo análisis estaba fuera del alcance de la seguridad verificada. Esto incluye, entre otros, una meta-construcción para diseñar funciones de hash “seguras” sobre curvas elípticas y algoritmos diferencialmente privados para varios problemas de optimización combinatoria de la literatura reciente. ABSTRACT The verified security methodology is an emerging approach to build high assurance proofs about security properties of computer systems. Computer systems are modeled as probabilistic programs and one relies on rigorous program semantics techniques to prove that they comply with a given security goal. In particular, it advocates the use of interactive theorem provers or automated provers to build fully formal machine-checked versions of these security proofs. The verified security methodology has proved successful in modeling and reasoning about several standard security notions in the area of cryptography. However, it has fallen short of covering an important class of approximate, quantitative security notions. The distinguishing characteristic of this class of security notions is that they are stated as a “similarity” condition between the output distributions of two probabilistic programs, and this similarity is quantified using some notion of distance between probability distributions. This class comprises prominent security notions from multiple areas such as private data analysis, information flow analysis and cryptography. These include, for instance, indifferentiability, which enables securely replacing an idealized component of system with a concrete implementation, and differential privacy, a notion of privacy-preserving data mining that has received a great deal of attention in the last few years. The lack of rigorous techniques for verifying these properties is thus an important problem that needs to be addressed. In this dissertation we introduce several quantitative program logics to reason about this class of security notions. Our main theoretical contribution is, in particular, a quantitative variant of a full-fledged relational Hoare logic for probabilistic programs. The soundness of these logics is fully formalized in the Coq proof-assistant and tool support is also available through an extension of CertiCrypt, a framework to verify cryptographic proofs in Coq. We validate the applicability of our approach by building fully machine-checked proofs for several systems that were out of the reach of the verified security methodology. These comprise, among others, a construction to build “safe” hash functions into elliptic curves and differentially private algorithms for several combinatorial optimization problems from the recent literature.

Evaluating social choice techniques into intelligent environments by agent based social simulation

The primary hypothesis stated by this paper is that the use of social choice theory in Ambient Intelligence systems can improve significantly users satisfaction when accessing shared resources. A research methodology based on agent based social simulations is employed to support this hypothesis and to evaluate these benefits. The result is a six-fold contribution summarized as follows. Firstly, several considerable differences between this application case and the most prominent social choice application, political elections, have been found and described. Secondly, given these differences, a number of metrics to evaluate different voting systems in this scope have been proposed and formalized. Thirdly, given the presented application and the metrics proposed, the performance of a number of well known electoral systems is compared. Fourthly, as a result of the performance study, a novel voting algorithm capable of obtaining the best balance between the metrics reviewed is introduced. Fifthly, to improve the social welfare in the experiments, the voting methods are combined with cluster analysis techniques. Finally, the article is complemented by a free and open-source tool, VoteSim, which ensures not only the reproducibility of the experimental results presented, but also allows the interested reader to adapt the case study presented to different environments.

Improved static analysis and verification of energy consumption and other resources via abstract interpretation

Resource analysis aims at inferring the cost of executing programs for any possible input, in terms of a given resource, such as the traditional execution steps, time ormemory, and, more recently energy consumption or user defined resources (e.g., number of bits sent over a socket, number of database accesses, number of calls to particular procedures, etc.). This is performed statically, i.e., without actually running the programs. Resource usage information is useful for a variety of optimization and verification applications, as well as for guiding software design. For example, programmers can use such information to choose different algorithmic solutions to a problem; program transformation systems can use cost information to choose between alternative transformations; parallelizing compilers can use cost estimates for granularity control, which tries to balance the overheads of task creation and manipulation against the benefits of parallelization. In this thesis we have significatively improved an existing prototype implementation for resource usage analysis based on abstract interpretation, addressing a number of relevant challenges and overcoming many limitations it presented. The goal of that prototype was to show the viability of casting the resource analysis as an abstract domain, and howit could overcome important limitations of the state-of-the-art resource usage analysis tools. For this purpose, it was implemented as an abstract domain in the abstract interpretation framework of the CiaoPP system, PLAI.We have improved both the design and implementation of the prototype, for eventually allowing an evolution of the tool to the industrial application level. The abstract operations of such tool heavily depend on the setting up and finding closed-form solutions of recurrence relations representing the resource usage behavior of program components and the whole program as well. While there exist many tools, such as Computer Algebra Systems (CAS) and libraries able to find closed-form solutions for some types of recurrences, none of them alone is able to handle all the types of recurrences arising during program analysis. In addition, there are some types of recurrences that cannot be solved by any existing tool. This clearly constitutes a bottleneck for this kind of resource usage analysis. Thus, one of the major challenges we have addressed in this thesis is the design and development of a novel modular framework for solving recurrence relations, able to combine and take advantage of the results of existing solvers. Additionally, we have developed and integrated into our novel solver a technique for finding upper-bound closed-form solutions of a special class of recurrence relations that arise during the analysis of programs with accumulating parameters. Finally, we have integrated the improved resource analysis into the CiaoPP general framework for resource usage verification, and specialized the framework for verifying energy consumption specifications of embedded imperative programs in a real application, showing the usefulness and practicality of the resulting tool.---ABSTRACT---El Análisis de recursos tiene como objetivo inferir el coste de la ejecución de programas para cualquier entrada posible, en términos de algún recurso determinado, como pasos de ejecución, tiempo o memoria, y, más recientemente, el consumo de energía o recursos definidos por el usuario (por ejemplo, número de bits enviados a través de un socket, el número de accesos a una base de datos, cantidad de llamadas a determinados procedimientos, etc.). Ello se realiza estáticamente, es decir, sin necesidad de ejecutar los programas. La información sobre el uso de recursos resulta muy útil para una gran variedad de aplicaciones de optimización y verificación de programas, así como para asistir en el diseño de los mismos. Por ejemplo, los programadores pueden utilizar dicha información para elegir diferentes soluciones algorítmicas a un problema; los sistemas de transformación de programas pueden utilizar la información de coste para elegir entre transformaciones alternativas; los compiladores paralelizantes pueden utilizar las estimaciones de coste para realizar control de granularidad, el cual trata de equilibrar el coste debido a la creación y gestión de tareas, con los beneficios de la paralelización. En esta tesis hemos mejorado de manera significativa la implementación de un prototipo existente para el análisis del uso de recursos basado en interpretación abstracta, abordando diversos desafíos relevantes y superando numerosas limitaciones que éste presentaba. El objetivo de dicho prototipo era mostrar la viabilidad de definir el análisis de recursos como un dominio abstracto, y cómo se podían superar las limitaciones de otras herramientas similares que constituyen el estado del arte. Para ello, se implementó como un dominio abstracto en el marco de interpretación abstracta presente en el sistema CiaoPP, PLAI. Hemos mejorado tanto el diseño como la implementación del mencionado prototipo para posibilitar su evolución hacia una herramienta utilizable en el ámbito industrial. Las operaciones abstractas de dicha herramienta dependen en gran medida de la generación, y posterior búsqueda de soluciones en forma cerrada, de relaciones recurrentes, las cuales modelizan el comportamiento, respecto al consumo de recursos, de los componentes del programa y del programa completo. Si bien existen actualmente muchas herramientas capaces de encontrar soluciones en forma cerrada para ciertos tipos de recurrencias, tales como Sistemas de Computación Algebraicos (CAS) y librerías de programación, ninguna de dichas herramientas es capaz de tratar, por sí sola, todos los tipos de recurrencias que surgen durante el análisis de recursos. Existen incluso recurrencias que no las puede resolver ninguna herramienta actual. Esto constituye claramente un cuello de botella para este tipo de análisis del uso de recursos. Por lo tanto, uno de los principales desafíos que hemos abordado en esta tesis es el diseño y desarrollo de un novedoso marco modular para la resolución de relaciones recurrentes, combinando y aprovechando los resultados de resolutores existentes. Además de ello, hemos desarrollado e integrado en nuestro nuevo resolutor una técnica para la obtención de cotas superiores en forma cerrada de una clase característica de relaciones recurrentes que surgen durante el análisis de programas lógicos con parámetros de acumulación. Finalmente, hemos integrado el nuevo análisis de recursos con el marco general para verificación de recursos de CiaoPP, y hemos instanciado dicho marco para la verificación de especificaciones sobre el consumo de energía de programas imperativas embarcados, mostrando la viabilidad y utilidad de la herramienta resultante en una aplicación real.

Methods for the analysis of multi-scale cell dynamics from fluorescence microscopy images

La embriogénesis es el proceso mediante el cual una célula se convierte en un ser un vivo. A lo largo de diferentes etapas de desarrollo, la población de células va proliferando a la vez que el embrión va tomando forma y se configura. Esto es posible gracias a la acción de varios procesos genéticos, bioquímicos y mecánicos que interaccionan y se regulan entre ellos formando un sistema complejo que se organiza a diferentes escalas espaciales y temporales. Este proceso ocurre de manera robusta y reproducible, pero también con cierta variabilidad que permite la diversidad de individuos de una misma especie. La aparición de la microscopía de fluorescencia, posible gracias a proteínas fluorescentes que pueden ser adheridas a las cadenas de expresión de las células, y los avances en la física óptica de los microscopios han permitido observar este proceso de embriogénesis in-vivo y generar secuencias de imágenes tridimensionales de alta resolución espacio-temporal. Estas imágenes permiten el estudio de los procesos de desarrollo embrionario con técnicas de análisis de imagen y de datos, reconstruyendo dichos procesos para crear la representación de un embrión digital. Una de las más actuales problemáticas en este campo es entender los procesos mecánicos, de manera aislada y en interacción con otros factores como la expresión genética, para que el embrión se desarrolle. Debido a la complejidad de estos procesos, estos problemas se afrontan mediante diferentes técnicas y escalas específicas donde, a través de experimentos, pueden hacerse y confrontarse hipótesis, obteniendo conclusiones sobre el funcionamiento de los mecanismos estudiados. Esta tesis doctoral se ha enfocado sobre esta problemática intentando mejorar las metodologías del estado del arte y con un objetivo específico: estudiar patrones de deformación que emergen del movimiento organizado de las células durante diferentes estados del desarrollo del embrión, de manera global o en tejidos concretos. Estudios se han centrado en la mecánica en relación con procesos de señalización o interacciones a nivel celular o de tejido. En este trabajo, se propone un esquema para generalizar el estudio del movimiento y las interacciones mecánicas que se desprenden del mismo a diferentes escalas espaciales y temporales. Esto permitiría no sólo estudios locales, si no estudios sistemáticos de las escalas de interacción mecánica dentro de un embrión. Por tanto, el esquema propuesto obvia las causas de generación de movimiento (fuerzas) y se centra en la cuantificación de la cinemática (deformación y esfuerzos) a partir de imágenes de forma no invasiva. Hoy en día las dificultades experimentales y metodológicas y la complejidad de los sistemas biológicos impiden una descripción mecánica completa de manera sistemática. Sin embargo, patrones de deformación muestran el resultado de diferentes factores mecánicos en interacción con otros elementos dando lugar a una organización mecánica, necesaria para el desarrollo, que puede ser cuantificado a partir de la metodología propuesta en esta tesis. La metodología asume un medio continuo descrito de forma Lagrangiana (en función de las trayectorias de puntos materiales que se mueven en el sistema en lugar de puntos espaciales) de la dinámica del movimiento, estimado a partir de las imágenes mediante métodos de seguimiento de células o de técnicas de registro de imagen. Gracias a este esquema es posible describir la deformación instantánea y acumulada respecto a un estado inicial para cualquier dominio del embrión. La aplicación de esta metodología a imágenes 3D + t del pez zebra sirvió para desvelar estructuras mecánicas que tienden a estabilizarse a lo largo del tiempo en dicho embrión, y que se organizan a una escala semejante al del mapa de diferenciación celular y con indicios de correlación con patrones de expresión genética. También se aplicó la metodología al estudio del tejido amnioserosa de la Drosophila (mosca de la fruta) durante el cierre dorsal, obteniendo indicios de un acoplamiento entre escalas subcelulares, celulares y supracelulares, que genera patrones complejos en respuesta a la fuerza generada por los esqueletos de acto-myosina. En definitiva, esta tesis doctoral propone una estrategia novedosa de análisis de la dinámica celular multi-escala que permite cuantificar patrones de manera inmediata y que además ofrece una representación que reconstruye la evolución de los procesos como los ven las células, en lugar de como son observados desde el microscopio. Esta metodología por tanto permite nuevas formas de análisis y comparación de embriones y tejidos durante la embriogénesis a partir de imágenes in-vivo. ABSTRACT The embryogenesis is the process from which a single cell turns into a living organism. Through several stages of development, the cell population proliferates at the same time the embryo shapes and the organs develop gaining their functionality. This is possible through genetic, biochemical and mechanical factors that are involved in a complex interaction of processes organized in different levels and in different spatio-temporal scales. The embryogenesis, through this complexity, develops in a robust and reproducible way, but allowing variability that makes possible the diversity of living specimens. The advances in physics of microscopes and the appearance of fluorescent proteins that can be attached to expression chains, reporting about structural and functional elements of the cell, have enabled for the in-vivo observation of embryogenesis. The imaging process results in sequences of high spatio-temporal resolution 3D+time data of the embryogenesis as a digital representation of the embryos that can be further analyzed, provided new image processing and data analysis techniques are developed. One of the most relevant and challenging lines of research in the field is the quantification of the mechanical factors and processes involved in the shaping process of the embryo and their interactions with other embryogenesis factors such as genetics. Due to the complexity of the processes, studies have focused on specific problems and scales controlled in the experiments, posing and testing hypothesis to gain new biological insight. However, methodologies are often difficult to be exported to study other biological phenomena or specimens. This PhD Thesis is framed within this paradigm of research and tries to propose a systematic methodology to quantify the emergent deformation patterns from the motion estimated in in-vivo images of embryogenesis. Thanks to this strategy it would be possible to quantify not only local mechanisms, but to discover and characterize the scales of mechanical organization within the embryo. The framework focuses on the quantification of the motion kinematics (deformation and strains), neglecting the causes of the motion (forces), from images in a non-invasive way. Experimental and methodological challenges hamper the quantification of exerted forces and the mechanical properties of tissues. However, a descriptive framework of deformation patterns provides valuable insight about the organization and scales of the mechanical interactions, along the embryo development. Such a characterization would help to improve mechanical models and progressively understand the complexity of embryogenesis. This framework relies on a Lagrangian representation of the cell dynamics system based on the trajectories of points moving along the deformation. This approach of analysis enables the reconstruction of the mechanical patterning as experienced by the cells and tissues. Thus, we can build temporal profiles of deformation along stages of development, comprising both the instantaneous events and the cumulative deformation history. The application of this framework to 3D + time data of zebrafish embryogenesis allowed us to discover mechanical profiles that stabilized through time forming structures that organize in a scale comparable to the map of cell differentiation (fate map), and also suggesting correlation with genetic patterns. The framework was also applied to the analysis of the amnioserosa tissue in the drosophila’s dorsal closure, revealing that the oscillatory contraction triggered by the acto-myosin network organized complexly coupling different scales: local force generation foci, cellular morphology control mechanisms and tissue geometrical constraints. In summary, this PhD Thesis proposes a theoretical framework for the analysis of multi-scale cell dynamics that enables to quantify automatically mechanical patterns and also offers a new representation of the embryo dynamics as experienced by cells instead of how the microscope captures instantaneously the processes. Therefore, this framework enables for new strategies of quantitative analysis and comparison between embryos and tissues during embryogenesis from in-vivo images.

System theory based hazard analysis applied to the process industry

Chemical process accidents still occur and cost billions of dollars and, what is worse, many human lives. That means that traditional hazard analysis techniques are not enough mainly owing to the increase of complexity and size of chemical plants. In the last years, a new hazard analysis technique has been developed, changing the focus from reliability to system theory and showing promising results in other industries such as aeronautical and nuclear. In this paper, we present an approach for the application of STAMP and STPA analysis developed by Leveson in 2011 to the process industry.

Discourses and values underpin public debate on fracking in Spain: a case study at the crossroad

In the EU context extraction of shale and oil gas by hydraulic fracturing (fracking) differs from country to country in terms of legislation and implementation. While fossil fuel extraction using this technology is currently taking place in the UK, Germany and France have adopted respective moratoria. In between is the Spanish case, where hydrocarbon extraction projects through fracking have to undergo mandatory and routine environmental assessment in accordance with the last changes to environmental regulations. Nowadays Spain is at the crossroad with respect to the future of this technology. We presume a social conflictt in our country since the position and strategy of the involved and confronted social actors -national, regional and local authorities, energy companies, scientists, NGO and other social organization- are going to play key and likely divergent roles in its industrial implementation and public acceptance. In order to improve knowledge on how to address these controverted situations from the own engineering context, the affiliated units from the Higher Technical School of Mines and Energy Engineering at UPM have been working on a transversal program to teach values and ethics. Over the past seven years, this pioneering experience has shown the usefulness of applying a consequentialist ethics, based on a case-by-case approach and costs-benefits analysis both for action and inaction. As a result of this initiative a theoretical concept has arisen and crystallized in this field: it is named Inter-ethics. This theoretical perspective can be very helpful in complex situations, with multi-stakeholders and plurality of interests, when ethical management requires the interaction between the respective ethics of each group; professional ethics of a single group is not enough. Under this inter-ethics theoretical framework and applying content analysis techniques, this paper explores the articulation of the discourse in favour and against fracking technology and its underlying values as manifested in the Spanish traditional mass media and emerging social media such as Youtube. Results show that Spanish public discourse on fracking technology includes the costs-benefits analysis to communicate how natural resources from local communities may be affected by these facilities due to environmental, health and economic consequences. Furthermore, this technology is represented as a solution to the "demand of energy" according to the optimistic discourse while, from a pessimistic view, fracking is often framed as a source "environmental problems" and even natural disasters as possible earthquakes. In this latter case, this negative representation could have been influenced by the closure of a macro project to store injected natural gas in the Mediterranean Sea using the old facilities of an oil exploitation in Amposta (Proyecto Cástor). The closure of this project was due to the occurrence of earthquakes whose intensity was higher than the originally expected by the experts in the assessment stage of the project.

A Cloud-based Framework for Security Analysis of Browser Extensions

In today's internet world, web browsers are an integral part of our day-to-day activities. Therefore, web browser security is a serious concern for all of us. Browsers can be breached in different ways. Because of the over privileged access, extensions are responsible for many security issues. Browser vendors try to keep safe extensions in their official extension galleries. However, their security control measures are not always effective and adequate. The distribution of unsafe extensions through different social engineering techniques is also a very common practice. Therefore, before installation, users should thoroughly analyze the security of browser extensions. Extensions are not only available for desktop browsers, but many mobile browsers, for example, Firefox for Android and UC browser for Android, are also furnished with extension features. Mobile devices have various resource constraints in terms of computational capabilities, power, network bandwidth, etc. Hence, conventional extension security analysis techniques cannot be efficiently used by end users to examine mobile browser extension security issues. To overcome the inadequacies of the existing approaches, we propose CLOUBEX, a CLOUd-based security analysis framework for both desktop and mobile Browser EXtensions. This framework uses a client-server architecture model. In this framework, compute-intensive security analysis tasks are generally executed in a high-speed computing server hosted in a cloud environment. CLOUBEX is also enriched with a number of essential features, such as client-side analysis, requirements-driven analysis, high performance, and dynamic decision making. At present, the Firefox extension ecosystem is most susceptible to different security attacks. Hence, the framework is implemented for the security analysis of the Firefox desktop and Firefox for Android mobile browser extensions. A static taint analysis is used to identify malicious information flows in the Firefox extensions. In CLOUBEX, there are three analysis modes. A dynamic decision making algorithm assists us to select the best option based on some important parameters, such as the processing speed of a client device and network connection speed. Using the best analysis mode, performance and power consumption are improved significantly. In the future, this framework can be leveraged for the security analysis of other desktop and mobile browser extensions, too.

Analysis of subpoenaed television data /

March 1978.

Federal program evaluations. A directory for the Congress.

Mode of access: Internet.

Drug alliance program activities in neighborhood-based illicit drug abuse prevention /

"Submitted under contract number 90-043-1003."

Drug alliance program activities in neighborhood-based illicit drug abuse prevention :

"Submitted under contract number 90-043-1003."

Techniques to measure damages to natural resources : final report /

"June 1987."

Retired Senior Volunteer Program activities in alcohol and drug abuse prevention and education /

Mode of access: Internet.

A program evaluation of the Veterans Administration's library service /

"April 1988."

Ion beam modification and analysis of metal/polymer bi-layer thin films

A set of varying-thickness Au-films were thermally evaporated onto poly(styrene-co-acrylonitrile) thin film surfaces. The Au/PSA bi-layer targets were then implanted with 50 keV N+ ions to a fluence of 1 × 1016 ions/cm2 to promote metal-to-polymer adhesion and to enhance their mechanical and electrical performance. Electrical conductivity measurements of the implanted Au/PSA thin films showed a sharp percolation behavior versus the pre-implant Au-film thickness with a percolation threshold near the nominal thickness of 44 Å. The electrical conductivity results are discussed along with the film microstructure and the elemental diffusion/mixing within the Au/PSA interface obtained by scanning electron microscopy (SEM) and ion beam analysis techniques (RBS and ERD).