Ross Horne


I am a Postdoctoral researcher, under Prof. Dr. Sjouke Mauw, within the Security and Trust of Software Systems (SaToSS) research group at the University of Luxembourg.

News 2020. I am editor of the newly created corner Logic for Security and Privacy within the Journal of Logic and Computation. We welcome submisions presenting diverse logical approaches to security and privacy problems.

News 2019. We are involved in running a new Interdisciplinary Master Program in Space Resources.


I summarise key results and research directions.

Equivalence checking and privacy. In my previous post as senior research fellow at Nanyang Technological University, Singapore, we solved several problems in protocol verification which use logic to give us a better understanding of congruences for process calculi [CONCUR'17, LICS'18, LMCS'21, ICTAC'21]. These breakthroughs enable us to define medods for verifying privacy properties using cryptographic calculi. The methodology was used to discover a privacy vulnerability for ePassports [ESORICS'19, LMCS'21].

Linked Data. My PhD thesis at University of Southampton was on high-level languages for consuming data published on the Web. Such language abstractions [Sci.Comp.Prog.'14, JLAMP'15, JLAMP'16] allow programs to engage in sessions, where information discovered in queries can be used to form new queries, thereby navigating an interlinked Web of Data. Providing high-level language abstractions makes such programming tasks easier. This led me to the notion of a descriptive type system, which assists the data consumer during such interactions by generating suggestions for how inconsistencies in data may be resolved. Currently, related to this topic, I represent Luxembourg in an EU COST Action on Distributed Knowledge Graphs.

On session types and proof theory. I have proposed a proof theoretic approach to multi-party session types [PSI'15, SACS'15, CONCUR'20, TCS'20]. This work perhaps challenges the culture of type theorists, who, at times, may equate proof theory for types with the Curry-Howard correspondence. While the Curry-Howard correspondence is a remarkable achievement; my message to the session type community is that structural proof theory has much more to offer. I explain this in a video presented at CONCUR'20.

Attack trees. Attack trees, employed for security assessment, are also amenable to proof theoretic techniques [Fund.Inf.'16, GramSec'18, GramSec'20]. This is natural, since there are explanations of the logical systems in terms of game semantics and argumentation, which account for tensions between an attacker and defender competing on an attack surface.

Logic on Graphs. This is just too cool! We prove you can generalise the foundations of logic, so that the arguments we reason about in logic are graphs rather than formulae [LICS'20].

News on Selected Publications

ePassport Vulnerabilities

September 2019: Our papers presented at ESORICS 2019 and communicated in LMCS report on a privacy vulnerability in the ICAO 9303 standard used by ePassports. The vulnerability allows an individual who has recently passed through a passport control point to be reidentified, even without opening their passport.

Here are the slides presented at ESORICS 2019. Also we have a repository providing practical evidence for the vulnerability and the following video (featuring Ihor Filimonov, Zach Smith, Sevdenur Baloglu, and Husam Al-Jawaheri) suggesting how the vulnerability may be exploited.

Note, for this proof of concept, this demonstration uses phones but an attacker may use more discrete and powerful devices.

Responsible disclosure: The vulnerability has been reported to ICAO, along with our recommendation for how ePassport readers may mitigate the vulnerability. ICAO issued a public response both confirming the vulnerability and reassuring the public that the scope of the vulnerability is limited. Their response was reported in Delano magazine and Paperjam.

The press release on this privacy vulnerability was also reported in news outlets including the Luxembourg Times , the Luxemburger Wort , and the magazine of FNR: The resulting public interest caused a motion to be submitted to the Luxembourg parliament, leading to a joint response from the prime minister Xavier Bettel and foreign affairs minister Jean Asselborn. The vulnerability was also reported on the 100komma7 radio station and RTL TV stations. The video from RTL (in Luxembourgish) is reproduced below.

Open Bisimilarity is Intuitionistic

September 2017: A paper on modal logics for processes was awarded best paper at CONCUR 2017. See the press release for the award. The paper concerns a process equivalence called open bisimilarity which is easily automated and has desirable algebraic properties. Open bisimilarity treats input values in a call-by-need fashion. For example, if you receive a notification that an e-mail has arrived, there is no need to immediately check the email; you can continue working and later read the email when you need a detail contained within. The surprising insight of our paper is that there is a fundamentally intuitionistic logical characterisation of open bisimilarity (due to the call-by-need treatment of inputs inducing ``intuitionistic hereditary'').

March 2018: A follow up paper, presented at LICS 2018, explains why the else branch in a statement such as "if M = N then P else Q" should be treated intuitionistically when reasoning about processes compositionally. In particular, we introduce the coarsest bisimilarity congruence for processes with if-then-else branching. The logical characterisation of this congruence is intuitionistic, but private information is treated classically. We highlight that this congruence and logic have impact in the area of verifying privacy protocols, where "else" branches avoid inadvertent leaks by providing dummy data.

A technical report explains how the technique (quasi-open bisimilarity) lifts to the full applied π-calculus. Lifting to the applied π-calculus, makes it possible to verify privacy properties of real-world cryptographic protocols.

Session Types

June 2021: There are many fairness assumptions to chose from when verifying liveness properties. In this paper, communicated at LICS'21, we systematically investigate how fairness assumptions impact a liveness property targeted by session type systems, called lock-freedom. We identify one particular notion of fairness, called justness, that gives rise to "just lock-freedom" which is the tightest match for session types.

The slides are available here.

I have a series of papers on multiparty session types employing analytic proof calculi developed using methods from structural proof theory:

These papers present a purely logical approach to a rich multiparty subtype system that also captures multiparty compatibility. The videos lectures presented at CONCUR 2020 explain the connections with proof theory and provide a compelling real-world example.

There are also older slides from 2015: Designing, Verifying and Monitoring Protocols inspired by Scribble.

September 2019. We have proposed a propositional approach to delegation in session types, called internal delebation. Delegation allows a participant in a protocol to delegate to another participant the ability to act on their behalf. I emphasise that we work at a propositional level, since previous approaches to deligation make use of more complex higher-order mechanisms leading to complications that we can avoid.

Analytic Proof Calculi on Graphs

July 2020. In logic we are accustomed to reasoning about arguments expressed as formulae. Even graphical syntaxes (e.g., co-graphs, knowledge graphs and argumentation frames), are typically graphical representations of formulas. In this work we prove that it is possible to design a logical systems where the arguments are more general graphs with an expressive power beyond that which can be expressed using formulas. This initial study focussing on a minimal setting in which we generalise conjunction and disjunction. This method will enable us to build additional expressive power into various logics, while retaining computational properties of proofs (analyticity).

Here are two videos presented at LICS 2020.

Video above: an informal chat on logic beyond formulas.

Video above: a long (uncool) presentation, explaining details to experts.

Causal Attack Trees and Attack-Defence Frameworks

November 2020 We have a position paper on argumentation-based semantics for attack-defence trees. Argumentation, arrising from the systematisation of conflict in legal arguments, and attack-defence tree, inspired by fault trees, are both based on around 50 years of research. They have obvious parallels, since both deal symoblically with conflict, cooperation and competition, that we draw attention to here. The semantics we propose combines several models of argumentation in a new way, permitting more flexible generalisations of attack-defence trees. An argumentation-based semantics can be used to turn attack trees into decision making mecahnisms, which means that it plays quite a different role from the semantics of attack trees that preserve attribute domains.

March 2017: A paper on causal attack trees has been published in Fundamenta Informaticae. Causal attack trees profile the sub-goals of the proponent of an attack, by refining goals disjunctively, conjunctively and sequentially. We provide the machinery for determining whether one attack specialises another attack. Specialisation preserves correlations between answers to quantitative questions concerning attacks such as the "minimum attack time".

Slides: Specialisation of Attack Trees with Sequential Refinement

A supporting technical report includes proofs omitted from the journal version.

The game semantics behind such attack trees is explored in a paper presented at GraMSec'18. We emphasise the difference between when an attacker making a choice and when the environment or defender makes a choice in an attack scenario.

Processes as Formulae

September 2019: A series of papers on logical systems for process calculi has been published in the proceedings of CONCUR 2016, FSCD 2019 and in the journals TOCL and MSCS. These papers introduce new logical systems, directly embedding various process calculi, not limited to Robin Milner's famous π-calculus. To model private names in the π-calculus, the trick is to decompose established self-dual nominal quantifiers into a De Morgan dual pair of nominal quantifiers. We use Cyrillic vowels И and Э, pronounced `new' and `wen' respectively, for our pair of nominal quantifiers.

Slides CONCUR'16: Private Names in Non-Commutative Logic

Slides FSCD'19: The Sub-Additives: A Proof Theory for Probabilistic Choice extending Linear Logic.

The paper published in Mathematical Structures in Computer Science develops proof normalisation techniques allowing us to extract executions of processes from proofs. We prove that linear implication is strictly finer than established weak simulation preorders (and hence probabilistic may testing). The technique lifts to a range of process calculi, not only the π-calculus.

The paper published in FSCD'19 shows that the techniques extend to probabilistic choice and probabilistic simulation. To achieve this we introduce the (probabilistic) sub-additives --- logical operators which lie between conjunction and disjunction that forbid weakening.

Web of Linked Data

February 2016: The second of two journal papers on RDF Schema from the perspective of type systems is published in Journal of Logical and Algebraic Methods in Programming. These two papers represent a mature line of work that is ready to be implemented by a graduate student interested in making data on the Web easier to consume.

Gabriel Ciobanu, Ross Horne, and Vladimiro Sassone. Minimal type inference for Linked Data consumers. Journal of Logical and Algebraic Methods in Programming 84.4 (2015): 485-504. DOI:10.1016/j.jlamp.2014.12.005

Gabriel Ciobanu, Ross Horne, and Vladimiro Sassone. A descriptive type foundation for RDF Schema. Journal of Logical and Algebraic Methods in Programming 85.5 (2016): 681-706. DOI:10.1016/j.jlamp.2016.02.006

The first of the two papers provides a gentle introduction to consuming data on the Web called Linked Data and introduces a simple scripting language, with a conventional "prescriptive" type system, that makes the consumer's life easier.

The second of the two papers addresses more challenging aspects of RDF Schema types. The paper introduces a novel "descriptive" type system that evolves to describe data discovered at run-time by the Linked Data consumer. The descriptive type system can adapt to several modes of inference ranging from W3C standard compliant RDF Schema inference to something more accommodating. When the descriptive type system is unsure about the appropriate mode of inference, a warning with a menu of options is generated for the consumer reflecting the subjective nature of knowledge published on the Web.

First part on prescriptive types.

Second part on descriptive types.

The slides are available.

Developing Research in Computer Science

Before joining the "Security and Trust of Software Systems" group at University of Luxembourg, I was a senior research fellow in the Cyber Security Lab at Nanyang Technological University Singapore. There I was driving a project, lead by Ass.Prof. Alwen Tiu, that advanced the state of the art for symbolic analysis of security protocols. I also had the pleasure to contribute to projects under Ass.Prof. Shang-Wei Lin and Assoc.Prof. Liu Yang.

From 2012 to 2016, I was associate professor at Kazakh-British Technical University and a research associate at Romanian Academy.

The proceedings of the workshop Embracing Global Computing in Emerging Economies (EGC2015) represents my effort to galvanise grass roots computer science research in Almaty and across the region.

Almaty, the cosmopolitan hub of Central Asia, is a magical city for winter sports, the steppe in spring, the mountains in summer and fruits of autumn.

Background and Contacts

I defended my PhD in computer science, with a thesis titled Programming Languages and Principles for Read-Write Linked Data, in 2011 under the supervision of Prof Vladimiro Sassone at University of Southampton, UK. My BA in Mathematics and Computer Science, with first class honours and a thesis titled Computable Cyclic Functions, was awarded by Oxford University, UK, in 2005.

I have had the honour and pleasure to collaborate with Matteo Acclavio, Ki Yung Ahn, Bogdan Aman, Ilaria Castellani, Gabriel Ciobanu, Mariangiola Dezani-Ciancaglini, Ihor Filimonov, Dov M. Gabbay, Paola Giannini, Nicholas Gibbins, Rob van Glabbeek Peter Höfner Shang-wei Lin, Sjouke Mauw, Vladimiro Sassone, Zach Smith, Lutz Straßburger, Alwen Tiu, Cristian Văideanu, and Leon van der Torre. I look forward to future collaborations.