Shiu-Kai Chin

Reliability analysis of healthcare information systems: State of the art and future directions

Testing and verification of healthcare information systems is a challenging and important issue since faults in these critical systems may lead to loss of lives, and in the best cases, loss of money and reputations. However, due to the complexity of these systems, and the increasing demand for new products and new technologies in this domain, there are several methods and technologies being used for testing these systems. In this paper, we review the state of the art on testing and verification of healthcare information systems, and then we identify several open issues and challenges in the area. We divide the exiting methods into three categories: simulation based methods, formal methods, and other techniques such as semi-formal methods. Then, we discuss challenging and open issues in the domain.

Parallel implementation of BDD algorithms using a distributed shared memory

Binary Decision Diagrams (BDDs) are used extensively in VLSI CAD for verification, synthesis, logic minimization and testing. Parallel algorithms for Boolean Function Manipulation using BDDs have been proposed and implemented on a Connection Machine (CM-5). Abstractions have been developed to support the design of these algorithms using the message passing model of parallel programming. A Distributed Shared Memory (DSM) has been built for sharing date. Fine grained load balancing is achieved using a Distributed Stack. Experimental results are shown for the DSM and the BDD algorithms. These results demonstrate the feasibility of using parallel computing for irregular and memory intensive CAD applications such as the BDD algorithms. Improvements to the current implementation are identified for future work.<<ETX>>

Formal Methods for Assuring Security of Protocols

Establishing the security of a system is an intricate problem with subtle nuances: it requires a careful examination of the underlying assumptions, abstractions, and possible actions. Consequently, assuring that a system behaves securely is virtually impossible without the use of rigorous analytical techniques. In this article, we focus on a single cryptographic protocol (Needham–Schroeder) and show how several different formal methods can be used to identify its various vulnerabilities. These vulnerabilities include susceptibility to freshness attacks and impersonations.

Formal development of secure email

Developing systems that are assured to be secure requires precise and accurate descriptions of specifications, designs, implementations, and security properties. Formal specification and verification have long been recognized as giving the highest degree of assurance. In this paper, we describe a software development process that integrates formal verification and synthesis. We demonstrate this process by developing assured sender and receiver C++ code for a secure electronic mail system, Privacy Enhanced Mail. We use higher-order logic for system-requirements specification, design specifications and design verification. We use a combination of higher-order logic and category theory and tools supporting these formalism to refine specifications and synthesize code. Much of our work is applicable to other secure email protocols, as our development is parameter used, component-based, and reusable.

Formal specification and verification of communication protocols using automated tools

The paper compares and contrasts various methods presently available for specification, validation and verification, with emphasis on verification. We describe an application of formal methods to protocol specification, validation, and verification, using an actual protocol as an example. We use a process algebra to build models of an OSI protocol and test these models using a model checker. Model checking allows us to verify large and complex models and use formal methods as practical solutions. We also show an example with an automated theorem prover.

Access Control, Security, and Trust: A Logical Approach

and trust are among the greatest risks—compliance and otherwise—facing corporations today. Controlling access to protected objects is central to any security program, and the foundation of Access Control, Security, and Trust: A Logical Approach is straightforward: Reference monitors are the means to protect objects of value in systems. Access Control, Security, and Trust: A Logical Approach is intended to serve the needs of computer engineers and computer scientists who are responsible for specifying, designing, implementing, building, and verifying or certifying secure computer and information systems. However, beginners to the study of access security will be enlightened by the education presented, as the authors remain cognizant throughout the book of the reader’s need to understand the basic concepts of authentication and authorization. The book provides answers to the following dilemmas: • Who or what are access-protected resources? • How can one protect the access control confidentiality, integrity and availability (CIA) triangle? • Who or what is trusted or believed? • How one can conclude that a system is worthy of trust? The publication aims to fill a gap left by many books on computer and network security. The book lays out algorithm logic, but does not require a highly mathematical intellect to understand its contents. The publication’s methodical focus on access control and reference monitors introduces a language for describing access-control scenarios, inference rules and resulting formulas. The authors explain the concepts in elementary, easy-to-understand language and leave in-depth understanding of the mathematical concepts optional for later reading. Access Control, Security, and Trust: A Logical Approach is divided into four parts: Preliminaries, Distributed Access Control, Isolation and Sharing, and Access Policies. Part I explains the language and basics of access control, reasoning and reference rules. Building on these concepts of security mechanisms, this part also differentiates among and describes security policy types. Part II explores distributed access control in network environments, digital authentication, and delegation concepts and protocols. Part III ties the logical lessons of the first two sections into the core of cybersecurity: hardware security. Part IV expands on the security policies discussed in part I and introduces a richer notion of confidentiality and integrity levels, models and policies based on principles, objects and roles. The unique strength of the 326-page book is its plethora of tables and exercises, converting its mathematical logic into real-world, nonmathematical language and visuals. Chapter summaries recap the line-by-line mathematical formulas in unambiguous statements.

Verified functions for generating signed-binary arithmetic hardware

Formally verified metafunctions which synthesize array multipliers and inner product hardware of arbitrary size and structure are presented. The metafunctions operate on signed-binary inputs in general and twos-complement in particular, and are higher order. They are shown to be equivalence-preserving transformations and correctly produce multipliers and inner product hardware of arbitrary size and structure. All the metafunctions, their associated correctness theorems, and their correctness proofs are machine executable within the higher order logic (HOL) theorem prover. The function expressions produced by the metafunctions can be used as hardware synthesis descriptions or as comparison functions for Boolean-comparison-based systems. In addition to the definitions written in higher-order logic, the major definitions are written in a more informal functional programming language-like notation which should facilitate translation of the synthesis functions to other hardware description languages. >

Synthesis of arithmetic hardware using hardware metafunctions

The development of theorem-based design methods is considered. Theorem-based design uses formal logic to create provably correct implementations. Past work has focused on using formal logic and post-hoc proof for design verification. Here, the focus is on hardware synthesis functions, called hardware metafunctions, which synthesize hardware in a provably correct manner. Designs produced using the metafunctions are correct-by-construction and are formally related to their specifications by simple substitution or rewriting of terms within the correctness theorem for each metafunction. Typically, the metafunctions are parametric and, once proven correct, validate an entire class of designs. Theorem-based design is practical when the metafunctions and their proofs of correctness are machine-executable. This is accomplished using appropriate declarative languages with a strong formal basis and by developing the proofs of correctness using automatic theorem provers. The functional language SCHEME is used along with the Higher Order Logic (HOL) proof checker. An introduction to the use of higher-order logic as a design along with the verification of an adder array metafunction for an array multiplier is presented. >

A modal logic for role-based access control

The access-control logic of Lampson, Abadi, and their colleagues [LABW92, ABLP93] makes it possible to assure the correctness of access-control decisions by accounting correctly for identity, credentials, authority, delegation, and privileges. It can be used to describe a variety of access-control policies and to reason about their access-control decisions. However, it lacks an ability to reason about role-based access control (RBAC) [FSG+01, FBK99, FKC03, SCFY96], which is a popular technique for reducing the administrative complexity of associating users and privileges. This dissertation introduces extensions to the access-control logic that can be used to assure the correctness of RBAC access-control decisions. By implementing and extending the access-control logic in a computer-assisted reasoning tool such as the Higher Order Logic (HOL) theorem prover [GM93], the access-control logic and its extensions are proved to be sound. The result is a tool for design and verification engineers to reason about access-control policies including RBAC. In this dissertation, we explain how to use the logic to describe RBAC components, such as user assignments, permission assignments, role inheritance, role activations, and users’ requests. We also describe in detail the steps of implementing the access-control logic and its extensions in the HOL theorem prover. Administrative RBAC systems are also explored to see how the HOL theorem prover can be used to formally verify their properties and policies.

Reasoning About Delegation and Account Access in Retail Payment Systems

Delegation and trust are essential to the smooth operation of large, geographically distributed systems, such as the US electronic retail payment system. This system supports billions of electronic transactions— from routine banking and store purchases to electronic commerce on the Internet. Because such systems provide the electronic fabric of our networked information society, it is crucial to understand rigorously and precisely the basis for the delegation and trust relationships in them. In this paper, we use a modal logic for access control to analyze these relationships in the context of checks (and their electronic equivalents) as payment instruments. While not free from risk, the retail payment system effectively balances trust, delegation, and risk on billions of transactions. Our logic allows us to explore with rigor the details of trust, delegation, and risk in these transactions.