scispace - formally typeset
Search or ask a question

Showing papers in "BRICS Report Series in 2003"


Journal ArticleDOI
TL;DR: This work bridge the gap between functional evaluators and abstract machines for the lambda-calculus, using closure conversion, transformation into continuation-passing style, and defunctionalization of continuations to derive Krivine's abstract machine and the CEK machine from an ordinary call-by-name evaluator.
Abstract: We bridge the gap between functional evaluators and abstract machines for the lambda-calculus, using closure conversion, transformation into continuation-passing style, and defunctionalization of continuations. We illustrate this bridge by deriving Krivine's abstract machine from an ordinary call-by-name evaluator and by deriving an ordinary call-by-value evaluator from Felleisen et al.'s CEK machine. The first derivation is strikingly simpler than what can be found in the literature. The second one is new. Together, they show that Krivine's abstract machine and the CEK machine correspond to the call-by-name and call-by-value facets of an ordinary evaluator for the lambda-calculus. We then reveal the denotational content of Hannan and Miller's CLS machine and of Landin's SECD machine. We formally compare the corresponding evaluators and we illustrate some relative degrees of freedom in the design spaces of evaluators and of abstract machines for the lambda-calculus with computational effects. For the purpose of this work, we distinguish between virtual machines, which have an instruction set, and abstract machines, which do not. The Categorical Abstract Machine, for example, has an instruction set, but Krivine's machine, the CEK machine, the CLS machine, and the SECD machine do not; they directly operate on lambda-terms instead. We present the abstract machine that corresponds to the Categorical Abstract Machine.

139 citations


Journal ArticleDOI
TL;DR: In this paper, the authors have developed proof-theoretic techniques for extracting effective uniform bounds from large classes of ineffective existence proofs in functional analysis, where ''uniform'' here means independence from parameters in compact spaces.
Abstract: In previous papers we have developed proof-theoretic techniques for extracting effective uniform bounds from large classes of ineffective existence proofs in functional analysis. `Uniform' here means independence from parameters in compact spaces. A recent case study in fixed point theory systematically yielded uniformity even w.r.t. parameters in metrically bounded (but noncompact) subsets which had been known before only in special cases. In the present paper we prove general logical metatheorems which cover these applications to fixed point theory as special cases but are not restricted to this area at all. Our theorems guarantee under general logical conditions such strong uniform versions of non-uniform existence statements. Moreover, they provide algorithms for actually extracting effective uniform bounds and transforming the original proof into one for the stronger uniformity result. Our metatheorems deal with general classes of spaces like metric spaces, hyperbolic spaces, normed linear spaces, uniformly convex spaces as well as inner product spaces.

97 citations


Journal ArticleDOI
TL;DR: It is shown how to derive a compiler and a virtual machine from a compositional interpreter and the derivation provides a non-trivial illustration of Reynolds's warning about the evaluation order of a meta-language.
Abstract: We show how to derive a compiler and a virtual machine from a compositional interpreter. We first illustrate the derivation with two evaluation functions and two normalization functions. We obtain Krivine's machine, Felleisen et al.'s CEK machine, and a generalization of these machines performing strong normalization, which is new. We observe that several existing compilers and virtual machines--e.g., the Categorical Abstract Machine (CAM), Schmidt's VEC machine, and Leroy's Zinc abstract machine--are already in derived form and we present the corresponding interpreter for the CAM and the VEC machine. We also consider Hannan and Miller's CLS machine and Landin's SECD machine. We derived Krivine's machine via a call-by-name CPS transformation and the CEK machine via a call-by-value CPS transformation. These two derivations hold both for an evaluation function and for a normalization function. They provide a non-trivial illustration of Reynolds's warning about the evaluation order of a meta-language.

60 citations


Journal ArticleDOI
TL;DR: A novel notion of trust structures which, building on concepts from trust management and domain theory, feature at the same time a trust and an information partial order are proposed.
Abstract: We propose a formal model of trust informed by the Global Computing scenario and focusing on the aspects of trust formation, evolution, and propagation. The model is based on a novel notion of trust structures which, building on concepts from trust management and domain theory, feature at the same time a trust and an information partial order.

59 citations


Journal ArticleDOI
TL;DR: This paper considers the case of succinct representations where s = n + r for some redundancy r (r + 1) t >= Omega(n/log n) and gets an almost optimal lower bound stating that the query algorithm has to inspect almost the entire data structure.
Abstract: In the cell probe model with word size 1 (the bit probe model), a static data structure problem is given by a map f : {0,1}^n * {0,1}^m -> {0,1}, where {0,1}^n is a set of possible data to be stored, {0,1}^m is a set of possible queries (for natural problems, we have m A solution is given by a representation phi : {0,1}^n -> {0,1}^s and a query algorithm q so that q(phi(x), y) = f(x,y). The time t of the query algorithm is the number of bits it reads in phi(x). In this paper, we consider the case of succinct representations where s = n + r for some redundancy r (r + 1) t >= Omega(n/log n). In particular, for very small redundancies r, we get an almost optimal lower bound stating that the query algorithm has to inspect almost the entire data structure (up to a logarithmic factor). We show similar lower bounds for problems satisfying a certain combinatorial property of a coding theoretic flavor. Previously, no omega(m) lower bounds were known on t in the general model for explicit functions, even for very small redundancies. By restricting our attention to systematic or index structures phi satisfying phi(x) = x · phi*(x) for some map phi* (where · denotes concatenation) we show similar lower bounds on the redundancy-query time trade-off for the natural data structuring problems of Prefix Sum and Substring Search.

51 citations


Journal ArticleDOI
TL;DR: In this paper, a continuation-based interpreter for propositional Prolog with cut is derived in the form of an abstract machine, based on Reynolds's defunctionalization that transforms a tail-recursive, continuation-passing interpreter into a transition system.
Abstract: Starting from a continuation-based interpreter for a simple logic programming language, propositional Prolog with cut, we derive the corresponding logic engine in the form of an abstract machine. The derivation originates in previous work (our article at PPDP 2003) where it was applied to the lambda-calculus. The key transformation here is Reynolds’s defunctionalization that transforms a tail-recursive, continuation-passing interpreter into a transition system, i.e., an abstract machine. Similar denotational and operational semantics were studied by de Bruin and de Vink (their article at TAPSOFT 1989), and we compare their study with our derivation. Additionally, we present a direct-style interpreter of propositional Prolog expressed with control operators for delimited continuations.

43 citations


Journal ArticleDOI
TL;DR: In this article, the authors established explicit quantitative bounds on the computation of approximate fixed points of asymptotically (quasi-) nonexpansive mappings f by means of iterative processes.
Abstract: This paper establishes explicit quantitative bounds on the computation of approximate fixed points of asymptotically (quasi-) nonexpansive mappings f by means of iterative processes. Here f is a selfmapping of a convex subset C of a uniformly convex normed space X. We consider general Krasnoselski-Mann iterations with and without error terms. As a consequence of our quantitative analysis we also get new qualitative results which show that the assumption on the existence of fixed points of f can be replaced by the existence of approximate fixed points only. We explain how the existence of effective uniform bounds in this context can be inferred already a-priorily by a logical metatheorem recently proved by the first author. Our bounds were in fact found with the help of the general logical machinery behind the proof of this metatheorem. The proofs we present here are, however, completely self-contained and do not require any tools from logic.

39 citations


Journal ArticleDOI
TL;DR: A framework, an algorithm and a new tool for online testing of real-time systems based on symbolic techniques used in UPPAAL model checker are presented and experiments carried out to examine the correctness and performance of the tool.
Abstract: In this paper we present a framework, an algorithm and a new tool for online testing of real-time systems based on symbolic techniques used in UPPAAL model checker. We extend UPPAAL timed automata network model to a test specification which is used to generate test primitives and to check the correctness of system responses including the timing aspects. We use timed trace inclusion as a conformance relation between system and specification to draw a test verdict. The test generation and execution algorithm is implemented as an extension to UPPAAL and experiments carried out to examine the correctness and performance of the tool. The experiment results are promising.

37 citations


Journal ArticleDOI
Olivier Danvy1
TL;DR: This article deconstructs the SECD machine into a lambda-interpreter, i.e., an evaluation function, and it is reconstructed into a variety of SECD-like machines.
Abstract: Landin's SECD machine was the first abstract machine for the lambda-calculus viewed as a programming language. Both theoretically as a model of computation and practically as an idealized implementation, it has set the tone for the subsequent development of abstract machines for functional programming languages. However, and even though variants of the SECD machine have been presented, derived, and invented, the precise rationale for its architecture and modus operandi has remained elusive. In this article, we deconstruct the SECD machine into a lambda-interpreter, i.e., an evaluation function, and we reconstruct lambda-interpreters into a variety of SECD-like machines. The deconstruction and reconstructions are transformational: they are based on equational reasoning and on a combination of simple program transformations--mainly closure conversion, transformation into continuation-passing style, and defunctionalization. The evaluation function underlying the SECD machine provides a precise rationale for its architecture: it is an environment-based eval-apply evaluator with a callee-save strategy for the environment, a data stack of intermediate results, and a control delimiter. Each of the components of the SECD machine (stack, environment, control, and dump) is therefore rationalized and so are its transitions. The deconstruction and reconstruction method also applies to other abstract machines and other evaluation functions. It makes it possible to systematically extract the denotational content of an abstract machine in the form of a compositional evaluation function, and the (small-step) operational content of an evaluation function in the form of an abstract machine.

32 citations


Journal ArticleDOI
TL;DR: An abstract machine is derived that corresponds to a definitional interpreter for the control operators shift and reset and a syntactic theory of delimited continuations is constructed, which describes the construction and derivation of the family of control operatorsshift_n and reset_n.
Abstract: We derive an abstract machine that corresponds to a definitional interpreter for the control operators shift and reset. Based on this abstract machine, we construct a syntactic theory of delimited continuations. Both the derivation and the construction scale to the family of control operators shift_n and reset_n. The definitional interpreter for shift_n and reset_n has n + 1 layers of continuations, the corresponding abstract machine has n + 1 layers of control stacks, and the corresponding syntactic theory has n + 1 layers of evaluation contexts. See also BRICS-RS-05-24.

28 citations


Journal ArticleDOI
TL;DR: In this article, a 2-categorical theory of G-relative pushouts (GRPOs) is proposed, based on Leifer and Milner's approach to derive labelled bisimulation congruences from reduction systems.
Abstract: G-relative pushouts (GRPOs) have recently been proposed by the authors as a new foundation for Leifer and Milner's approach to deriving labelled bisimulation congruences from reduction systems. This paper develops the theory of GRPOs further, arguing that they provide a simple and powerful basis towards a comprehensive solution. As an example, we construct GRPOs in a category of `bunches and wirings.' We then examine the approach based on Milner's precategories and Leifer's functorial reactive systems, and show that it can be recast in a much simpler way into the 2-categorical theory of GRPOs.

Journal ArticleDOI
TL;DR: This work performs static analysis of Java programs to answer a simple question: which values may occur as results of string expressions?
Abstract: We perform static analysis of Java programs to answer a simple question: which values may occur as results of string expressions? The answers are summarized for each expression by a regular language that is guaranteed to contain all possible values. We present several applications of this analysis, including statically checking the syntax of dynamically generated expressions, such as SQL queries. Our analysis constructs flow graphs from class files and generates a context-free grammar with a nonterminal for each string expression. The language of this grammar is then widened into a regular language through a variant of an algorithm previously used for speech recognition. The collection of resulting regular languages is compactly represented as a special kind of multi-level automaton from which individual answers may be extracted. If a program error is detected, examples of invalid strings are automatically produced. We present extensive benchmarks demonstrating that the analysis is efficient and produces results of useful precision.

Journal ArticleDOI
TL;DR: A framework of Plotkin and Turi's, originally aimed at providing an abstract notion of bisimulation, is modified to cover other operational equivalences and preorders and yields a technique for the derivation of syntactic formats for transition system specifications which guarantee operational preorders to be precongruences.
Abstract: A framework of Plotkin and Turis, originally aimed at providing an abstract notion of bisimulation, is modified to cover other operational equivalences and preorders Combined with bialgebraic methods, it yields a technique for deriving syntactic formats for transition system specifications, which guarantee operational preorders to be precongruences The technique is applied to the trace prorder, the completed trace preorder and the failures preorder In the latter two cases, new syntactic formats guaranteeing precongruence properties are introduced

Journal ArticleDOI
TL;DR: This work shows how to derive new abstract machines from monadic evaluators for the computational lambda-calculus by inline the components of the monad in the evaluator and derives the corresponding abstract machine by closure-converting, CPS-transforming, and defunctionalizing this inlined interpreter.
Abstract: We extend our correspondence between evaluators and abstract machines from the pure setting of the lambda-calculus to the impure setting of the computational lambda-calculus. Specifically, we show how to derive new abstract machines from monadic evaluators for the computational lambda-calculus. Starting from a monadic evaluator and a given monad, we inline the components of the monad in the evaluator and we derive the corresponding abstract machine by closure-converting, CPS-transforming, and defunctionalizing this inlined interpreter. We illustrate the construction first with the identity monad, obtaining yet again the CEK machine, and then with a state monad, an exception monad, and a combination of both. In addition, we characterize the tail-recursive stack inspection presented by Clements and Felleisen at ESOP 2003 as a canonical state monad. Combining this state monad with an exception monad, we construct an abstract machine for a language with exceptions and properly tail-recursive stack inspection. The construction scales to other monads--including one more properly dedicated to stack inspection than the state monad--and other monadic evaluators.

Journal ArticleDOI
TL;DR: XACT as discussed by the authors is a high-level approach for Java using XML templates as a first-class data type with operations for manipulating XML values based on XPath, which allows static type checking using DTD schemas as types.
Abstract: XML documents generated dynamically by programs are typically represented as text strings or DOM trees. This is a low-level approach for several reasons: 1) traversing and modifying such structures can be tedious and error prone, 2) although schema languages, e.g., DTD, allow classes of XML documents to be defined, there are generally no automatic mechanisms for statically checking that a program transforms from one class to another as intended. We introduce XACT, a high-level approach for Java using XML templates as a first-class data type with operations for manipulating XML values based on XPath. In addition to an efficient runtime representation, the data type permits static type checking using DTD schemas as types. By specifying schemes for the input and output of a program, our analysis algorithm will statically verify that valid input data is always transformed into valid output data and that the operations are used consistently.

Journal ArticleDOI
TL;DR: This paper presents algorithms for Exact Satisfiability and Exact 3-Satisfiability running in time O(2^{0.2325n}) and O(1.1379n}), respectively, and observes, that a formula not satisfying any of the authors' cases has a small number of variables.
Abstract: The Exact Satisfiability problem is to determine if a CNF-formula has a truth assignment satisfying exactly one literal in each clause; Exact 3-Satisfiability is the version in which each clause contains at most three literals. In this paper, we present algorithms for Exact Satisfiability and Exact 3-Satisfiability running in time O(2^{0.2325n}) and O(2^{0.1379n}), respectively. The previously best algorithms have running times O(2^{0.2441n}) for Exact Satisfiability (Monien, Speckenmeyer and Vornberger (1981)) and O(2^{0.1626n}) for Exact 3-Satisfiability (Kulikov and independently Porschen, Randerath and Speckenmeyer (2002)). We extend the case analyses of these papers and observe, that a formula not satisfying any of our cases has a small number of variables, for which we can try all possible truth assignments and for each such assignment solve the remaining part of the formula in polynomial time.

Journal ArticleDOI
TL;DR: A process calculus with recursion which allows us to express an unbounded number of runs of the ping-pong protocols introduced by Dolev and Yao and is Turing powerful, assuming that at least three principals are involved.
Abstract: This paper introduces a process calculus with recursion which allows us to express an unbounded number of runs of the ping-pong protocols introduced by Dolev and Yao. We study the decidability issues associated with two common approaches to checking security properties, namely reachability analysis and bisimulation checking. Our main result is that our channel-free and memory-less calculus is Turing powerful, assuming that at least three principals are involved. We also investigate the expressive power of the calculus in the case of two participants. Here, our main results are that reachability and, under certain conditions, also strong bisimilarity become decidable.

Journal ArticleDOI
TL;DR: It is shown how to apply the Paillier cryptosystem to build a self-tallying election scheme with perfect ballot secrecy, a length-flexible mix-net which is universally verifiable, and is robust against a corrupt minority.
Abstract: We propose a public-key cryptosystem which is derived from the Paillier cryptosystem. The scheme inherits the attractive homomorphic properties of Paillier encryption. In addition, we achieve two new properties: First, all users can use the same modulus when generating key pairs, this allows more efficient proofs of relations between different encryptions. Second, we can construct a threshold decryption protocol for our scheme that is length flexible, i.e., it can handle efficiently messages of arbitrary length, even though the public key and the secret key shares held by decryption servers are of fixed size. We show how to apply this cryptosystem to build: 1) a self-tallying election scheme with perfect ballot secrecy. This is a small voting system where the result can be computed from the submitted votes without the need for decryption servers. The votes are kept secret unless the cryptosystem can be broken, regardless of the number of cheating parties. This is in contrast to other known schemes that usually require a number of decryption servers, the majority of which must be honest. 2) a length-flexible mix-net which is universally verifiable, where the size of keys and ciphertexts do not depend on the number of mix servers, and is robust against a corrupt minority. Mix-nets can provide anonymity by shuffling messages to provide a random permutation of input ciphertexts to the output plaintexts such that no one knows which plaintexts relate to which ciphertexts. The mix-net inherits several nice properties from the underlying cryptosystem, thus making it useful for a setting with small messages or high computational power, low-band width and that anyone can verify that the mix have been done correctly.

Journal ArticleDOI
TL;DR: This article derives a lazy abstract machine from an ordinary call-by-need evaluator that threads a heap of updatable cells, using closure conversion, transformation into continuation-passing style, and defunctionalization of continuations.
Abstract: We bridge the gap between compositional evaluators and abstract machines for the lambda-calculus, using closure conversion, transformation into continuation-passing style, and defunctionalization of continuations. This article is a followup of our article at PPDP 2003, where we consider call by name and call by value. Here, however, we consider call by need. We derive a lazy abstract machine from an ordinary call-by-need evaluator that threads a heap of updatable cells. In this resulting abstract machine, the continuation fragment for updating a heap cell naturally appears as an `update marker', an implementation technique that was invented for the Three Instruction Machine and subsequently used to construct lazy variants of Krivine's abstract machine. Tuning the evaluator leads to other implementation techniques such as unboxed values. The correctness of the resulting abstract machines is a corollary of the correctness of the original evaluators and of the program transformations used in the derivation.

Journal ArticleDOI
TL;DR: A session based public verifiable key escrow system that greatly improves the amount of key material the escrow servers has to keep in order to decrypt an encryption.
Abstract: We propose a cryptosystem that has an inherent key escrow mechanism. This leads us to propose a session based public verifiable key escrow system that greatly improves the amount of key material the escrow servers has to keep in order to decrypt an encryption. In our scheme the servers will only have a single secret sharing, as opposed to a single key from every escrowed player. This is done while still having the properties: 1) public verifiable: the user proves to everyone that the encryption can indeed be escrowed, and 2) no secret leakage: no matter how many decryptions a law enforcement agency is presented, it will gain no more information on the users private key, than it couldn’t have calculated itself.

Journal ArticleDOI
TL;DR: A new approach to computability of realNumbers in which real functions have type-1 representations, which also includes the ability to reason about the complexity of real numbers and functions is presented.
Abstract: We present a new approach to computability of real numbers in which real functions have type-1 representations, which also includes the ability to reason about the complexity of real numbers and functions. We discuss how this allows efficient implementations of exact real numbers and also present a new real number system that is based on it.

Journal ArticleDOI
TL;DR: Simple and efficient algorithms for computing gcd and cubic residuosity in the ring of Eisenstein integers, Z[zeta] , i.e. the integers extended with zeta, a complex primitive third root of unity, are presented.
Abstract: We present simple and efficient algorithms for computing gcd and cubic residuosity in the ring of Eisenstein integers, Z[zeta] , i.e. the integers extended with zeta , a complex primitive third root of unity. The algorithms are similar and may be seen as generalisations of the binary integer gcd and derived Jacobi symbol algorithms. Our algorithms take time O(n^2) for n bit input. This is an improvement from the known results based on the Euclidian algorithm, and taking time O(n· M(n)), where M(n) denotes the complexity of multiplying n bit integers. The new algorithms have applications in practical primality tests and the implementation of cryptographic protocols. The technique underlying our algorithms can be used to obtain equally fast algorithms for gcd and quartic residuosity in the ring of Gaussian integers, Z[i].

Journal ArticleDOI
TL;DR: Jeeg, a dialect of Java based on a declarative replacement of the synchronization mechanisms of Java that results in a complete decoupling of the `business' and the `synchronization' code of classes is introduced.
Abstract: We introduce Jeeg, a dialect of Java based on a declarative replacement of the synchronization mechanisms of Java that results in a complete decoupling of the `business' and the `synchronization' code of classes. Synchronization constraints in Jeeg are expressed in a linear temporal logic which allows to effectively limit the occurrence of the inheritance anomaly that commonly affects concurrent object oriented languages. Jeeg is inspired by the current trend in aspect oriented languages. In a Jeeg program the sequential and concurrent aspects of object behaviors are decoupled: specified separately by the programmer these are then weaved together by the Jeeg compiler.

Journal ArticleDOI
TL;DR: In this article, the authors present a survey of computability and definability over continuous data types such as the real numbers, real-valued functions and functionals over real numbers without equality.
Abstract: The purpose of this paper is to survey our recent research in computability and definability over continuous data types such as the real numbers, real-valued functions and functionals. We investigate the expressive power and algorithmic properties of the language of Sigma-formulas intended to represent computability over the real numbers. In order to adequately represent computability we extend the reals by the structure of hereditarily finite sets. In this setting it is crucial to consider the real numbers without equality since the equality test is undecidable over the reals. We prove Engeler's Lemma for Sigma-definability over the reals without the equality test which relates Sigma-definability with definability in the constructive infinitary language L_{omega_1 omega}. Thus, a relation over the real numbers is Sigma-definable if and only if it is definable by a disjunction of a recursively enumerable set of quantifier free formulas. This result reveals computational aspects of Sigma-definability and also gives topological characterisation of Sigma-definable relations over the reals without the equality test. We also illustrate how computability over the real numbers can be expressed in the language of Sigma-formulas.

Journal ArticleDOI
TL;DR: The first quantum black-box reduction for the security of QMC to the binding property of the string commitment is given, which provides a construction for 1--2-oblivious transfer that is computationally secure against the receiver and unconditionally secureagainst the sender from any string commitment scheme satisfying a weak binding property.
Abstract: We analyze the situation where computationally binding string commitment schemes are used to force the receiver of a BB84 encoding of a classical bitstring to measure upon reception. Since measuring induces an irreversible collapse to the received quantum state, even given extra information after the measurement does not allow the receiver to evaluate reliably some predicates apply to the classical bits encoded in the state. This fundamental quantum primitive is called quantum measure commitment (QMC) and allows for secure two-party computation of classical functions. An adversary to QMC is one that can both provide valid proof of having measured the received states while still able to evaluate a predicate applied to the classical content of the encoding. We give the first quantum black-box reduction for the security of QMC to the binding property of the string commitment. We characterize a class of quantum adversaries against QMC that can be transformed into adversaries against a weak form for the binding property of the string commitment. Our result provides a construction for 1--2-oblivious transfer that is computationally secure against the receiver and unconditionally secure against the sender from any string commitment scheme satisfying a weak binding property.

Journal ArticleDOI
TL;DR: This paper gives some illustrative examples of the use of the Modular SOS framework, and discusses various pragmatic aspects.
Abstract: Modular SOS is a recently-developed variant of Plotkin's Structural Operational Semantics (SOS) framework. It has several pragmatic advantages over the original framework--the most significant being that rules specifying the semantics of individual language constructs can be given definitively , once and for all. Modular SOS is being used for teaching operational semantics at the undergraduate level. For this purpose, the meta-notation for modular SOS rules has been made more user-friendly, and derivation of computations according to the rules is simulated using Prolog. After giving an overview of the foundations of Modular SOS, this paper gives some illustrative examples of the use of the framework, and discusses various pragmatic aspects.

Journal ArticleDOI
TL;DR: It is shown that none of these semantics affords finite (in)equational axiomatizations over BCCSP, a basic formalism to express finite process behaviour.
Abstract: This paper studies nested simulation and nested trace semantics over the language BCCSP, a basic formalism to express finite process behaviour. It is shown that none of these semantics affords finite (in)equational axiomatizations over BCCSP. In particular, for each of the nested semantics studied in this paper, the collection of sound, closed (in)equations over a singleton action set is not finitely based.

Journal ArticleDOI
TL;DR: It is shown that it is possible to extend a general-purpose programming language with a convenient high-level data-type for manipulating XML documents while permitting (1) precise static analysis for guaranteeing validity of the constructed XML documents relative to the given DTD schemas, and (2) a runtime system where the operations can be performed efficiently.
Abstract: We show that it is possible to extend a general-purpose programming language with a convenient high-level data-type for manipulating XML documents while permitting (1) precise static analysis for guaranteeing validity of the constructed XML documents relative to the given DTD schemas, and (2) a runtime system where the operations can be performed efficiently. The system, named Xact, is based on a notion of immutable XML templates and uses XPath for deconstructing documents. A companion paper presents the program analysis; this paper focuses on the efficient runtime representation.

Journal ArticleDOI
TL;DR: This paper utilises the Pi calculus to reason about access control policies and mechanism, and an equivalence of different policy implementations, as well as access control mechanism will be shown.
Abstract: The Pi-calculus has been developed to reason about behavioural equivalence. Different notions of equivalence are defined in terms of process interactions, as well as the context of processes. There are various extensions of the Pi-calculus, such as the SPI calculus, which has primitives to facilitate security protocol design. Another area of computer security is access control research, which includes problems of access control models, policies and access control mechanism. The design of a unified framework for access control requires that all policies are supported and different access control models are instantiated correctly. In this paper we will utilise the Pi calculus to reason about access control policies and mechanism. An equivalence of different policy implementations, as well as access control mechanism will be shown. Finally some experiences regarding the use of Pi-calculus are presented.

Journal ArticleDOI
TL;DR: It is proved in this paper that any OT protocol that can be constructed based on a PassiveUNC and is secure against a passive adversary can be transformed using a generic "compiler'' into an OT protocolbased on a UNC which is secureagainst an active adversary.
Abstract: In a paper from EuroCrypt'99, Damgard, Kilian and Salvail show various positive and negative results on constructing Bit Commitment (BC) and Oblivious Transfer (OT) from Unfair Noisy Channels (UNC), i.e., binary symmetric channels where the error rate is only known to be in a certain interval [gamma ..delta] and can be chosen adversarily. They also introduce a related primitive called PassiveUNC. We prove in this paper that any OT protocol that can be constructed based on a PassiveUNC and is secure against a passive adversary can be transformed using a generic "compiler'' into an OT protocol based on a UNC which is secure against an active adversary. Apart from making positive results easier to prove in general, this also allows correcting a problem in the EuroCrypt'99 paper: There, a positive result was claimed on constructing from UNC an OT that is secure against active cheating. We point out that the proof sketch given for this was incomplete, and we show that a correct proof of a much stronger result follows from our general compilation result and a new technique for transforming between weaker versions of OT with different parameters.