Latest NICTA Publications

seL4: from General Purpose to a Proof of Information Flow Enforcement

Sun, 19 May 2013 00:00:00 +0000

Authors: Toby Murray, Daniel Matichuk, Matthew Brassil, Peter Gammie, Timothy Bourke, Sean Seefried, Corey Lewis, Xin Gao, Gerwin Klein

Abstract: In contrast to testing, mathematical reasoning and formal verificationcan show the absence of whole classes of security vulnerabilities. Wepresent the, to our knowledge, first complete, formal, machine-checkedverification of information flow security for the implementation of ageneral-purpose microkernel; namely seL4. Unlike previous proofs ofinformation flow security for operating system kernels, ours appliesto the actual 8,830 lines of C code that implement seL4, andso rules out the possibility of invalidation by implementation errorsin this code. We assume correctness of compiler, assembly code,hardware, and boot code. We prove everything else. This proof isstrong evidence of seL4's utility as a separation kernel, anddescribes precisely how the general purpose kernel should beconfigured to enforce isolation and mandatory information flowcontrol. We describe the information flow security statement we proved(a variant of intransitive noninterference), including the assumptionson which it rests, as well as the modifications that had to be made toseL4 to ensure it was enforced. We discuss the practical limitationsand implications of this result, including covert channels not coveredby the formal proof.

IEEE Symposium on Security and Privacy-May 2013

Formal Specifications Better Than Function Points for Code Sizing

Sat, 18 May 2013 00:00:00 +0000

Authors: Mark Staples, Rafal Kolanski, Gerwin Klein, Corey Lewis, June Andronick, Toby Murray, Ross Jeffery, Len Bass

Abstract: Size and effort estimation is a significant challenge for the management of large-scale formal verification projects. We report on an initial study of relationships between the sizes of artefacts from the development of seL4, a formally-verified embedded systems microkernel. For each API function we first determined its COSMIC Function Point (CFP) count (based on the seL4 user manual), then sliced the formal specifications and source code, and performed a normalised line count on these artefact slices. We found strong and significant relationships between the sizes of the artefact slices, but no significant relationships between them and the CFP counts. Our finding that CFP is poorly correlated with lines of code is based on just one system, but is largely consistent with prior literature. We find CFP is also poorly correlated with the size of formal specifications. Nonetheless, lines of formal specification correlate with lines of source code, and this may provide a basis for size prediction in future formal verification projects. In future work we will investigate proof sizing.

International Conference on Software Engineering (ICSE)-May 2013

Building High Assurance Secure Applications using Security Patterns for Capability-based Platforms

Sat, 18 May 2013 00:00:00 +0000

Authors: Paul Rimba

Abstract: Building high assurance secure applications requires the proper use of security mechanisms and assurances provided by the underlying secure platform. However, applications are often built using security patterns and best practices that are agnostic with respect to the intricate specifics of the different underlying platforms. This independence from the underlying platform leaves a gap between security patterns and underlying secure platforms. In this PhD research abstract, we propose a novel approach to bridge this gap. Specifically, we propose reusable platform-specific designs for security patterns using platform-specific design strategies and primitives. The focus is on single-machine systems that can be formally verified to provide desired system-wide security properties. We also discuss assumptions and levels of assurance for these reusable designs and their use in the verification of application designs.

International Conference on Software Engineering (ICSE)-May 2013

Explaining Time-Table-Edge-Finding Propagation for the Cumulative Resource Constraint

Sat, 18 May 2013 00:00:00 +0000

Authors: Andreas Schutt, Thibaut Feydy, Peter Stuckey

Abstract: Cumulative resource constraints can model scarce resources in scheduling problems or a dimension in packing and cutting problems. In order to efficiently solve such problems with a constraint programming solver, it is important to have strong and fast propagators for cumulative resource constraints. Time-table-edge-finding propagators are a recent development in cumulative propagators, that combine the current resource profile (time-table) during the edge-finding propagation. The current state of the art for solving scheduling and cutting problems involving cumulative constraints are lazy clause generation solvers, i.e., constraint programming solvers incorporating nogood learning, have proved to be excellent at solving scheduling and cutting problems. For such solvers, concise and accurate explanations of the reasons for propagation are essential for strong nogood learning. In this paper, we develop a time-table-edge-finding propagator for cumulative that explains its propagations. We give results using this propagator in a lazy clause generation system on resource-constrained project scheduling problems from various standard benchmark suites. On the standard benchmark suite PSPLib, we are able to improve the lower bound of about 60% of the remaining open instances, and close 6 open instances.

International Conference on Integration of Artificial Intelligence and Operations Research Techniques in Constraint Programming for Combinatorial Optimization Problems (CPAIOR)-May 2013

A Lagrangian Relaxation Based Forward-backward Improvement Heuristic for Maximising the Net Present Value of Resource-Constrained Projects

Sat, 18 May 2013 00:00:00 +0000

Authors: Hanyu Gu, Andreas Schutt, Peter Stuckey

Abstract: In this paper we propose a forward-backward improvement heuristic for the variant of resource-constrained project scheduling problem aiming to maximise the net present value of a project. It relies on the Lagrangian relaxation method to generate an initial set of schedules which are then improved by the iterative forward/backward scheduling technique. It greatly improves the performance of the Lagrangian relaxation based heuristics in the literature and is a strong competitor to the best meta-heuristics. We also embed this heuristic into a state-of-the-art CP solver. Experimentation carried out on a comprehensive set of test data indicates we compare favorably with the state of the art.

International Conference on Integration of Artificial Intelligence and Operations Research Techniques in Constraint Programming for Combinatorial Optimization Problems (CPAIOR)-May 2013

Eliciting Operations Requirements for Applications

Sat, 18 May 2013 00:00:00 +0000

Authors: Len Bass, Ross Jeffery, Hiroshi Wada, Ingo Weber, Liming Zhu

Abstract: The Devops community advocates communication between the operations staff and the development staff as a means of ensuring that the developers understand the issues associated with operations. This paper argues that“communication” is too vague and that there are a variety of specific and well known sources that developers can examine to determine requirements to support the installation and operations of an application product. These sources include standards, process descriptions, studies about sources offailure in configuration and upgrade, and models that include both product and process.

International Workshop on Release Engineering 2013-May 2013

Deployment of a Wireless Mesh Network for Traffic Control

Fri, 17 May 2013 00:00:00 +0000

Authors: Kun-chan Lan, Zhe Wang, Mahbub Hassan, Tim Moors, Rodney Berriman, Lavy Libman, Max Ott, Bjorn Landfeldt, Zainab Zaidi, Ching-Ming Chou

Abstract: Wireless mesh networks (WMN) have attracted considerable interest in recent years as a convenient, new technology. However, the suitability of WMN for mission-critical infrastructure applications remains by and large unknown, as protocols typically employed in WMN are, for the most part, not designed for real-time communications. In this chapter, the authors describe a wireless mesh network architecture to solve the communication needs of the traffic control system in Sydney. This system, known as SCATS and used in over 100 cities around the world— from individual traffic light controllers to regional computers and the central TMC —places stringent requirements on the reliability and latency of the data exchanges. The authors discuss experience in the deployment of an initial testbed consisting of 7 mesh nodes placed at intersections with traffic lights, and share the results and insights learned from measurements and initial trials in the process.

Developments in Wireless Network Prototyping, Design, and Deployment: Future Generations-June 2012

Combining MEDLINE and publisher data to create parallel corpora for the automatic translation of biomedical text

Thu, 16 May 2013 00:00:00 +0000

Authors: Antonio Jimeno Yepes,Élise Prieur-Gaston, Aurélie Névéol

Abstract: BackgroundMost institutional and research information in the biomedical domain is available asEnglish text. Even in countries where English is an official language, such as theUnited States, language can be a barrier for accessing biomedical information. Recentprogress in machine translation suggests that these techniques could be used to maketext in English accessible to speakers of other languages. However, the lack ofadequate specialized corpus to train statistical models in the biomedical domainprevents quality automatic translations from being available.ResultsWe show how a large-size parallel corpus can be automatically obtained for thebiomedical domain using the MEDLINE database. The corpus generated in this workcomprises article titles obtained from MEDLINE and abstract text obtainedautomatically from journal websites, substantially extending the corpora used inprevious work. After assessing the quality of the corpus for two language pairs(English/French and English/Spanish) we use the Moses package to train a statisticalmachine translation model that outperforms previous models for automatic translationof biomedical text.ConclusionsWe have built translation data sets in the biomedical which can be easily extended toother languages available from MEDLINE. These sets can be successfully applied totrain statistical machine translation models. While further progress should be made byincorporating out-of-domain corpora and domain specific lexicons, we believe thatthis work paves the way for improved automatic translation in the biomedical domain.

BMC Bioinformatics-April 2013

A New Genetic Algorithm for Simplified Protein Structure Prediction

Wed, 15 May 2013 00:00:00 +0000

Authors: Mahmood Abdur Rashid, M.A.Hakim Newton, Nghia Pham, Abdul Sattar, Md tamjidul Hoque

Abstract: In simplified protein structure prediction, genetic algorithms have not been applied to 3-dimensional face-centred cubic lattice. In this paper, we present a new genetic algorithm for protein structure prediction problem using face-centred cubic lattice and hydrophobic-polar energy model. Our algorithm uses i) an exhaustive generation approach to diversify the search; ii) a novel hydrophobic core-directed macro move to intensify the search; and iii) a random-walk strategy to recover from stagnation. On a set of standard benchmark proteins, our algorithm significantly outperforms the state-of-the-art algorithms for similar models.

Australasian Joint Conference on Artificial Intelligence (AI)-December 2012

Phylogenetic and molecular epidemiological studies reveal evidence of multiple past recombination events between infectious laryngotracheitis viruses

Wed, 15 May 2013 00:00:00 +0000

Authors: , Sang-Won Lee, Joanne Devlin, Amir Noormohammadi, Glenn Browning, Nino Ficorilli, Carol Hartley, Philip Markham

Abstract: In contrast to the RNA viruses, the genome of large DNA viruses such as herpesviruses have been considered to be relatively stable. Intra-specific recombination has been proposed as an important, but underestimated, driving force in herpesvirus evolution. Recently, two distinct field strains of infectious laryngotracheitis virus (ILTV) have been shown to have arisen from independent recombination events between different commercial ILTV vaccines. In this study we sequenced the genomes of additional ILTV strains and also utilized other recently updated complete genome sequences of ILTV to confirm the existence of a number of ILTV recombinants in nature. Multiple recombination events were detected in the unique long and repeat regions of the genome, but not in the unique short region. Most recombinants contained a pair of crossover points between two distinct lineages of ILTV, corresponding to the European origin and the Australian origin vaccine strains of ILTV. These results suggest that there are two distinct genotypic lineages of ILTV and that these commonly recombine in the field.

PLOS ONE-February 2013

Towards sender-based TFRC