Abstract. Group key exchange protocols allow their participants to compute a secret key which can be used to ensure security and privacy for various multi-party applications. The resulting group key should be computed through cooperation of all protocol participants such that none of them is trusted to have any advantage concerning the protocol’s output. This trust relationship states the main difference between group key exchange and group key transport protocols. Obviously, misbehaving participants in group key exchange protocols may try to influence the resulting group key, thereby disrupting this trust relationship, and also causing further security threats. This paper analyzes the currently known security models for group key exchange protocols with respect to this kind of attacks by malicious participants and proposes an extended model to remove the identified limitations. Additionally, it proposes an efficient and provably secure generic solution, a compiler, to guarantee these additional security goals for group keys exchanged in the presence of malicious participants. Key words: group key exchange, malicious participants, key control, contributiveness, security model, compiler 1

2.1 UltraLight Research and Development Goals................................................................ 5

Synchronization languages are a model used to describe the behaviors of distributed applications whose synchronization constraints are expressed by synchronization expressions. Synchronization languages were conjectured by Guo, Salomaa and Yu to be characterized by a rewriting system. We have shown that this conjecture is not true. This negative result has led us to extend the rewriting system and Salomaa and Yu to extend the definition of synchronization languages. The aim of this paper is to establish the link between these two extensions, we show that the behaviors expressed by the two families of synchronization languages are only separated by morphisms. 1 Introduction Synchronization languages, introduced in [5], are regular languages which correspond to synchronization expressions introduced by Govindarajan, Guo, Yu and Wang [4] within the framework of the ParC project. These expressions allow a programmer to express minimal synchronization constraints of a program in a distribu...

Abstract. We revisit the notion of the anonymous signature, first formalized by Yang, Wong, Deng and Wang [12], and then further developed by Fischlin [6] and Zhang and Imai [13]. We present a new formalism of anonymous signature, where instead of the message, a part of the signature is withheld to maintain anonymity. We introduce the notion unpretendability to guarantee infeasibility for someone other than the correct signer to pretend authorship of the message and signature. Our definition retains applicability for all previous applications of the anonymous signature, provides stronger security, and is conceptually simpler. We give a generic construction from any ordinary signature scheme, and also show that the short signature scheme by Boneh and Boyen [4] can be naturally regarded as such a secure anonymous signature scheme according to our formalism.

We develop general algorithms for reasoning about numerical properties of programs manipulating the heap via pointers. We automatically infer quantified invariants regarding unbounded sets of memory locations and unbounded numeric values. As an example, we can infer that for every node in a data structure, the node’s length field is less than its capacity field. We can also infer per-node statements about cardinality, such as that each node’s count field is equal to the number of elements reachable from it. This additional power allows us to prove properties about reference counted data structures and B-trees that were previously unattainable. Besides the ability to verify more programs, we believe that our work sheds new light on the interaction between heap and numerical reasoning. Our algorithms are parametric in the heap and the numeric abstractions. They permit heap and numerical abstractions to be combined into a single abstraction while maintaining correlations between these abstractions. In certain combinations not involving cardinality, we prove that our combination technique is complete, which is surprising in the presence of quantification. 1.

Abstract not found

Abstract. We revisit the connection between equality assertion check-ing in programs and unification that was recently described in [8]. Using a general formalization of this connection, we establish interesting con-nections between the complexity of assertion checking in programs and unification theory of the underlying program expressions. In particular, we show that assertion checking is: (a) PTIME for programs with nonde-terministic conditionals that use expressions from a strict unitary theory, (b) coNP-hard for programs with nondeterministic conditionals that use expressions from a bitary theory, and (c) decidable for programs with disequality guards that use expressions from a convex finitary theory. These results generalize several recently published results and also es-tablish several new results. In essence, they provide new techniques for backward analysis of programs based on novel integration of theorem proving technology in program analysis. 1

A major problem in detecting events in streams of data is that the data can be imprecise (e.g. RFID data). However, current state-of-the-art event detection systems such as Cayuga [14], SASE [46] or SnoopIB[1], assume the data is precise. Noise in the data can be captured using techniques such as hidden Markov models. Infer-ence on these models creates streams of probabilistic events which cannot be directly queried by existing systems. To address this challenge we propose Lahar1, an event processing system for prob-abilistic event streams. By exploiting the probabilistic nature of the data, Lahar yields a much higher recall and precision than deter-ministic techniques operating over only the most probable tuples. By using a novel static analysis and novel algorithms, Lahar pro-cesses data orders of magnitude more efficiently than a naïve ap-proach based on sampling. In this paper, we present Lahar’s static analysis and core algorithms. We demonstrate the quality and per-formance of our approach through experiments with our prototype implementation and comparisons with alternate methods.

Several recent studies have introduced lightweight versions of Java: reduced languages in which complex features like threads and reflection are dropped to enable rigorous arguments about key properties such as type safety. We carry this process a step further, omitting almost all features

to select a parsimonious set for the efficient prediction of a response variable. Least Angle Regression (LARS), a new model selection algorithm, is a useful and less greedy version of traditional forward selection methods. Three main properties are derived: (1) A simple modification of the LARS algorithm