Open Call for Journal Papers. I am editor of the newly created corner Logic for Security and Privacy
within the Journal of Logic and Computation.
We welcome submisions presenting diverse logical approaches to security and privacy problems.
Summary
I summarise key results and research directions.
Equivalence checking and privacy.
My colleagues and I have solved several problems in protocol verification which use logic to give us a better understanding of congruences for process calculi and better awareness of concurrency [CONCUR'17, LICS'18, LMCS'21, ICTAC'21, TCS'23, CONCUR'22, EXPRESS/SOS'22]. These breakthroughs enable us to refine methoods for verifying privacy properties using cryptographic calculi.
The methodology was used to discover a privacy vulnerability for ePassports [ESORICS'19, LMCS'21].
We have also used equivalence checking to develop threat models for contactless payment cards (the cards in your wallet),
and have devised new protocols that better protect our privacy [CSF'22, CCS'23],
as addressed in the
PhD thesis of Semen Yurkov.
Linked Data.
My PhD thesis at University of Southampton was on high-level languages for consuming data published on the Web.
Such language abstractions [Sci.Comp.Prog.'14, JLAMP'15, JLAMP'16] allow programs to engage in sessions, where information discovered in queries can be used to form new queries, thereby navigating an interlinked Web of Data.
Providing high-level language abstractions makes such programming tasks easier.
This led me to the notion of a descriptive type system, which assists the data consumer during such interactions by generating suggestions for how inconsistencies in data may be resolved.
On session types and proof theory.
I have proposed a proof theoretic approach to multi-party session types [PSI'15, SACS'15, CONCUR'20, TCS'20].
Advantage over related proof-theoretic approaches to session types stem
from the fact that
multiplicatives are interpreted in a more direct manner.
Specifically, a non-commutative multiplicative operator is used to model sequentiality,
while commutative operators are used to model commutative concepts (parallel composition), and hence logical equivalence preserves behavioural properties.
I explain this work in a video presented at CONCUR'20.
Attack trees.
Attack trees, employed for security assessment, are also amenable to proof theoretic techniques [Fund.Inf.'16, GramSec'18, GramSec'20].
This is natural, since there are explanations of the logical systems in terms of game semantics and argumentation, which account for tensions between an attacker and defender competing on an attack surface.
Logic on Graphs.
This is just too cool! We prove you can generalise the foundations of logic, so that the arguments we reason about in logic are graphs rather than formulae [LICS'20, LMCS'22, FSCD'22].
News on Selected Publications
ePassport Vulnerabilities
September 2019:
Our papers presented at ESORICS 2019 and communicated in LMCS report on a privacy vulnerability in the ICAO 9303 standard used by ePassports.
The vulnerability allows an individual who has recently passed through a passport control point to be reidentified, even without opening their passport.
Here are the slides presented at ESORICS 2019. Also we have a repository providing practical evidence for the vulnerability and the following video (featuring Ihor Filimonov, Zach Smith, Sevdenur Baloglu, and Husam Al-Jawaheri) suggesting how the vulnerability may be exploited.
Note, for this proof of concept, this demonstration uses phones but an attacker may use more discrete and powerful devices.
Responsible disclosure:
The vulnerability has been reported to ICAO, along with our recommendation for how ePassport readers may mitigate the vulnerability.
ICAO issued a public response both confirming the vulnerability and reassuring the public that the scope of the vulnerability is limited.
Their response was reported in Delano magazine and
Paperjam.
The press release on this privacy vulnerability was also reported in news outlets including the
Luxembourg Times
,
the
Luxemburger Wort
, and the magazine of FNR:
science.lu.
The resulting public interest
caused
a motion to be submitted to the Luxembourg parliament,
leading to a joint
response
from the prime minister Xavier Bettel and foreign affairs minister Jean Asselborn.
The vulnerability was also reported on the 100komma7 radio station and RTL TV stations.
The video from RTL (in Luxembourgish) is reproduced below.
Open Bisimilarity is Intuitionistic
September 2017:
A paper on modal logics for processes was awarded best paper at CONCUR 2017.
The paper concerns a process equivalence called open bisimilarity which is easily automated and has desirable algebraic properties. Open bisimilarity treats input values in a call-by-need fashion. For example, if you receive a notification that an e-mail has arrived, there is no need to immediately check the email; you can continue working and later read the email when you need a detail contained within. The surprising insight of our paper is that there is a fundamentally intuitionistic logical characterisation of open bisimilarity (due to the call-by-need treatment of inputs inducing ``intuitionistic hereditary'').
March 2018:
Follow up papers, presented at LICS 2018,
explains why the else branch in a statement such as "if M = N then P else Q" should be treated intuitionistically when reasoning about processes compositionally.
In particular, we introduce the coarsest bisimilarity congruence for processes with if-then-else branching.
The logical characterisation of this congruence is intuitionistic, but private information is treated classically.
We highlight that this congruence and logic have impact in the area of verifying privacy protocols, where "else" branches avoid inadvertent leaks by providing dummy data.
MAy 2023:
A paper published in Theoretical Computer Science journal explains how the technique (quasi-open bisimilarity) lifts to the full applied π-calculus. Lifting to the applied π-calculus, makes it possible to apply our methodology in order to verify privacy properties of real-world cryptographic protocols.
A preliminary version appeared in ICTAC 2021.
A video of the presentation at ICTAC'21 by PhD student Semen Yurkov is available here:
Session Types
June 2021:
There are many fairness assumptions to chose from when verifying liveness properties.
In this paper, communicated at LICS'21, we systematically investigate how fairness assumptions impact a liveness property targeted by session type systems, called lock-freedom. We identify one particular notion of fairness, called justness, that gives rise to "just lock-freedom" which is the tightest match for session types.
Gabriel Ciobanu and Ross Horne. Behavioural analysis of sessions using
the calculus of structures. In Perspectives of System Informatics,
10th International Andrei Ershov Informatics Conference, PSI 2015, in Memory of Helmut Veith, Kazan and Innopolis, Russia, August 24-27, 2015.
Editors: Mazzara, Manuel, Voronkov, Andrei.
LNCS 9609, pages 91-106, Springer (2015).
DOI:10.1007/978-3-319-41579-6_8
These papers present a purely logical approach to a rich multiparty subtype system that also captures multiparty compatibility.
The videos lectures presented at CONCUR 2020 explain the connections with proof theory and provide a compelling real-world example.
July 2020.
In logic we are accustomed to reasoning about formulae. Even graphical syntaxes (e.g., co-graphs, knowledge graphs and argumentation frames), are typically graphical representations of formulas.
In this work we prove that it is possible to design a logical systems where we reason about more general graphs with an expressive power beyond that which can be expressed using formulas.
This initial study focussing on a minimal setting in which we generalise conjunction and disjunction. This method will enable us to build additional expressive power into various logics, while retaining computational properties of proofs (analyticity).
Matteo Acclavio, Ross Horne, and Lutz Straßburger.
Logic
Beyond Formulas: A Proof System on Graphs.
In Proceedings of the
35th Annual ACM/IEEE Symposium on Logic in Computer Science
(LICS ’20), July 8–11, 2020, Saarbrücken, Germany. ACM, New York,
NY, USA, 33 pages (2022).
DOI:10.1145/3373718.3394763
Matteo Acclavio, Ross Horne, Sjouke Mauw, and Lutz Straßburger.
A Graphical Proof Theory of Logical Time..
Proceedings of 7th International Conference on Formal Structures for Computation and Deduction (FSCD 2022) Editor: Amy P. Felty. volume 228, pages 22:1-22:25. LIPIcs (2022).
DOI:10.4230/LIPIcs.FSCD.2022.22
Here are two videos presented at LICS 2020.
Video above: an informal chat on logic beyond formulas.
Video above: a long (uncool) presentation, explaining details to experts.
Causal Attack Trees and Attack-Defence Frameworks
November 2020
We have a position paper on argumentation-based semantics for attack-defence trees. Argumentation, arrising from the systematisation of conflict in legal arguments,
and attack-defence tree, inspired by fault trees, are both based on around 50 years of research.
They have obvious parallels, since both deal symoblically with conflict, cooperation and competition, that we draw attention to here. The semantics we propose combines several models of argumentation in a new way, permitting more flexible generalisations of attack-defence trees. An argumentation-based semantics can be used to turn attack trees into decision making mecahnisms, which means that it plays quite a different role from the semantics of attack trees that preserve attribute domains.
March 2017:
A paper on causal attack trees has been published in Fundamenta Informaticae.
Causal attack trees profile the sub-goals of the proponent of an attack,
by refining goals disjunctively, conjunctively and sequentially.
We provide the machinery for determining whether one attack specialises another attack.
Specialisation preserves correlations between answers to quantitative questions concerning attacks such as the "minimum attack time".
A supporting technical report includes proofs omitted from the journal version.
The game semantics behind such attack trees is explored in a paper presented at GraMSec'18.
We emphasise the difference between when an attacker making a choice and when the environment or defender makes a choice in an attack scenario.
July 2023:
I was involved in setting up an Interdisciplinary Master Program in Space Resources.
By taking an interdisciplinary perspective to space, I ended up interacting with various interesting people including space lawyers, leading to the following paper.
We also have the following papers on removing clouds from satellite images. This was the leading case study in a master course introducing space professionals to computer science and data science. This is published in the International Journal of Remote Sensing.
Cengis Hasan, Ross Horne, Sjouke Mauw, and Andrzej Mizera.
Cloud Removal from Satellite Imagery using Multispectral Edge-filtered Conditional Generative Adversarial Networks.
International Journal of Remote Sensing.
Volume 43(5):1881-1893, Taylor & Francis (2022).
DOI:10.1080/01431161.2022.2048915
Processes as Formulae
September 2019:
A series of papers on logical systems for process calculi has been published in the proceedings of CONCUR 2016, FSCD 2019 and in the journals TOCL and MSCS.
These papers introduce new logical systems, directly embedding various process calculi, not limited to Robin Milner's famous π-calculus.
To model private names in the π-calculus, the trick is to decompose established self-dual nominal quantifiers into a De Morgan dual pair of nominal quantifiers.
We use Cyrillic vowels И and Э, pronounced `new' and `wen' respectively, for our pair of nominal quantifiers.
Ross Horne, Alwen Tiu, Bogdan Aman and Gabriel Ciobanu.
Private Names in Non-Commutative Logic.
27th International Conference on Concurrency Theory (CONCUR 2016).
Editors: Josée Desharnais and Radha Jagadeesan; Article No. 31; pp. 31:1-31:16.
Leibniz International Proceedings in Informatics.
DOI:10.4230/LIPIcs.CONCUR.2016.31
The paper published in Mathematical Structures in Computer Science develops proof normalisation techniques allowing us to extract executions of processes from proofs. We prove that linear implication is strictly finer than established weak simulation preorders (and hence probabilistic may testing).
The technique lifts to a range of process calculi, not only the π-calculus.
The paper published in FSCD'19 shows that the techniques extend to probabilistic choice and probabilistic simulation.
To achieve this we introduce the (probabilistic) sub-additives --- logical operators which lie between conjunction and disjunction that forbid weakening.
Web of Linked Data
June 2023:
I hosted a COST workshop discussing privacy issues in distributed social knowledge graphs.
This is part of an EU COST Action on Distributed Knowledge Graphs,
for which I represent Luxembourg.
This led to a paper where we evaluate the Solid protocol with respect security and privacy properties.
The Solid protocol aims to decouple apps from storage, called Solid pods, allowing data subjects to provide their own storage for apps and thereby take sovereignty of their own data.
Since personal data is involved the legal context is important, and hence we found our privacy analysis in the relevant legal obligations.
February 2016: The second of two journal papers on RDF Schema from the perspective of type systems is published in Journal of Logical and Algebraic Methods in Programming. These two papers represent a mature line of work that is ready to be implemented by a graduate student interested in making data on the Web easier to consume.
The first of the two papers above provides a gentle introduction to consuming data on the Web called Linked Data and introduces a simple scripting language, with a conventional "prescriptive" type system, that makes the consumer's life easier.
The second of the two papers addresses more challenging aspects of RDF Schema types. The paper introduces a novel "descriptive" type system that evolves to describe data discovered at run-time by the Linked Data consumer. The descriptive type system can adapt to several modes of inference ranging from W3C standard compliant RDF Schema inference to something more accommodating. When the descriptive type system is unsure about the appropriate mode of inference, a warning with a menu of options is generated for the consumer reflecting the subjective nature of knowledge published on the Web.
Before joining the "Security and Trust of Software Systems" group at University of Luxembourg,
I was a senior research fellow in the Cyber Security Lab at Nanyang Technological University Singapore.
There I was driving a project, lead by Ass.Prof. Alwen Tiu, that advanced the state of the art for symbolic analysis of security protocols.
I also had the pleasure to contribute to projects under Ass.Prof. Shang-Wei Lin and Assoc.Prof. Liu Yang.
The proceedings of the workshop Embracing Global Computing in Emerging Economies (EGC2015) represents my effort to galvanise grass roots computer science research in Almaty and across the region.
Almaty, the cosmopolitan hub of Central Asia, is a magical city for winter sports, the steppe in spring, the mountains in summer and fruits of autumn.
.jpg)
.jpg)