Martijn Warnier

Preventing Timing Leaks Through Transactional Branching Instructions

Timing channels constitute one form of covert channels through which programs may be leaking information about the confidential data they manipulate. Such timing channels are typically eliminated by design, employing ad-hoc techniques to avoid information leaks through execution time, or by program transformation techniques, that transform programs that satisfy some form of noninterference property into programs that are time-sensitive termination-sensitive non-interfering. However, existing program transformations are thus far confined to simple languages without objects nor exceptions. We introduce a program transformation that uses transaction mechanisms to prevent timing leaks in sequential object-oriented programs. Under some strong but reasonable hypotheses, the transformation preserves the semantics of programs and yields for every termination-sensitive noninterfering program a time-sensitive termination-sensitive non-interfering program.

Managing Violations in Service Level Agreements

A Service Level Agreement (SLA) represents an agreement between a service user and a provider in the context of a particular service provision. SLAs contain Quality of Service properties that must be maintained by a provider. These are generally defined as a set of Service Level Objectives (SLOs). These properties need to be measurable and must be monitored during the provision of the service that has been agreed in the SLA. The SLA must also contain a set of penalty clauses specifying what happens when service providers fail to deliver the preagreed quality. Although significant work exists on how SLOs may be specified and monitored, not much work has focused on actually identifying how SLOs may be impacted by the choice of specific penalty clauses. The participation of a trusted mediator may be necessary to resolve conflicts between involved parties. The main focus of the paper is on identifying particular penalty clauses that can be associated with an SLA.

Monitoring and Reputation Mechanisms for Service Level Agreements

A Service Level Agreement (SLA) is an electronic contract between a service user and a provider, and specifies the service to be provided, Quality of Service (QoS) properties that must be maintained by a provider during service provision (generally defined as a set of Service Level Objectives (SLOs)), and a set of penalty clauses specifying what happens when service providers fail to deliver the QoS agreed. Although significant work exists on how SLOs may be specified and monitored, not much work has focused on actually identifying how SLOs may be impacted by the choice of specific penalty clauses. A trusted mediator may be used to resolve conflicts between the parties involved. The objectives of this work are to: (i) identify classes of penalty clauses that can be associated with an SLA; (ii) define how to specify penalties in an extension of WS-Agreement; and (iii) specify to what extent penalty clauses can be enforced based on monitoring of an SLA.

The impact of the topology on cascading failures in a power grid model

Cascading failures are one of the main reasons for large scale blackouts in power transmission grids. Secure electrical power supply requires, together with careful operation, a robust design of the electrical power grid topology. Currently, the impact of the topology on grid robustness is mainly assessed by purely topological approaches, that fail to capture the essence of electric power flow. This paper proposes a metric, the effective graph resistance, to relate the topology of a power grid to its robustness against cascading failures by deliberate attacks, while also taking the fundamental characteristics of the electric power grid into account such as power flow allocation according to Kirchhoff laws. Experimental verification on synthetic power systems shows that the proposed metric reflects the grid robustness accurately. The proposed metric is used to optimize a grid topology for a higher level of robustness. To demonstrate its applicability, the metric is applied on the IEEE 118 bus power system to improve its robustness against cascading failures.

Java Program Verification Challenges

This paper aims to raise the level of verification challenges by presenting a collection of sequential Java programs with correctness annotations formulated in JML. The emphasis lies more on the underlying semantical issues than on verification.

Privacy Regulations for Cloud Computing: Compliance and Implementation in Theory and Practice

Cloud Computing is a new paradigm in the world of IT. In traditional IT environments, clients connected to a number of servers located on company premises. In Cloud Computing, users connect to the ’Cloud’, appearing as a single entity as opposed to multiple servers. Outsourcing data to the Cloud Service Provider (CSP), an external party involves giving the CSP some form of control over the data. Privacy regulations put requirements on organizations regarding storage, processing and transmission of data. Outsourcing this data to a CSP involves outsourcing partial control over the storage, processing and transmission of data and privacy regulations become relevant. This paper addresses the questions as to how existing regulations in the area of privacy affect the implementation of Cloud Computing technologies and how the implementation of Cloud Computing technologies affect compliance with these regulations.

Structural vulnerability assessment of electric power grids

Cascading failures are the typical reasons of blackouts in power grids. The grid topology plays an important role in determining the dynamics of cascading failures in power grids. Measures for vulnerability analysis are crucial to assure a higher level of robustness of power grids. Metrics from Complex Networks are widely used to investigate the grid vulnerability. Yet, these purely topological metrics fail to capture the real behaviour of power grids. This paper proposes a metric, the effective graph resistance, as a vulnerability measure to determine the critical components in a power grid. Differently than the existing purely topological measures, the effective graph resistance accounts for the electrical properties of power grids such as power flow allocation according to Kirchoff laws. To demonstrate the applicability of the effective graph resistance, a quantitative vulnerability assessment of the IEEE 118 buses power system is performed. The simulation results verify the effectiveness of the effective graph resistance to identify the critical transmission lines in a power grid.

A robustness metric for cascading failures by targeted attacks in power networks

Cascading failures are the main reason blackouts occur in power networks. The economic cost of such failures is in the order of tens of billion dollars annually. In a power network, the cascading failure phenomenon is related to both topological properties (number and types of buses, density of transmission lines and interconnection of components) and flow dynamics (load distribution and loading level). Existing studies most often focus on network topology, and not on flow dynamics. This paper proposes a new metric to assess power network robustness with respect to cascading failures, in particular for cascading effects due to line overloads and caused by targeted attacks. The metric takes both the effect of topological features and the effect of flow dynamics on network robustness into account, using an entropy-based approach. Experimental verification shows that the proposed robustness metric quantifies a power grid robustness with respect to cascading failures.

Local agent-based self-stabilisation in global resource utilisation

Distributed management of complex large-scale infrastructures, such as power distribution systems, is challenging. Sustainability of these systems can be achieved by enabling stabilisation in global resource utilisation. This paper proposes the Energy Plan Overlay Self-stabilisation system (EPOS), for this purpose. EPOS is an agent-based approach that performs self-stabilisation over a tree overlay, as an instance of a hierarchical virtual organisation. The global goal of stabilisation emerges through local knowledge, local decisions and local interactions among software agents organised in a tree. Two fitness functions are proposed to stabilise global resource utilisation. The first proactively keeps deviations minimised and the second reactively reverses deviations. Extensive experimentation reveals that EPOS outperforms a system that utilises resources in a greedy manner. Finally, this paper also investigates and evaluates factors that influence the effectiveness of EPOS.

MATCASC: A tool to analyse cascading line outages in power grids

Blackouts in power grids typically result from cascading failures. The key importance of the electric power grid to society encourages further research into sustaining power system reliability and developing new methods to manage the risks of cascading blackouts. Adequate software tools are required to better analyse, understand, and assess the consequences of the cascading failures. This paper presents MATCASC, an open source MATLAB based tool to analyse cascading failures in power grids. Cascading effects due to line overload outages are considered. The applicability of the MATCASC tool is demonstrated by assessing the robustness of IEEE test systems and real-world power grids with respect to cascading failures.