[talks] M Meola general exam

Melissa Lawson mml at CS.Princeton.EDU
Thu May 7 16:32:20 EDT 2009

Matt Meola will present his research seminar/general exam on Wednesday May 13 

at 2PM in Room 402.  The members of his committee are:  David Walker, advisor, 

Andrew Appel, and Ed Felten.  Everyone is invited to attend his talk, and those faculty 

wishing to remain for the oral exam following are welcome to do so.  His abstract and 

reading list follow below.


As semiconductor manufacturing technologies improve, feature sizes get
smaller, and transistors more densely packed, computer users face an
ever-increasing chance that cosmic rays and other sources of high energy
particles will disrupt the workings of their processors. When implementing
cryptographic algorithms, security protocols, long-running simulations, and
safety-critical systems, software developers must consider the possibility
that such intermittent hardware faults will cause irreparable harm to their
applications. Boneh, DeMillo, and Lipton were the first to show that a
single fault could be exploited to break common implementations of RSA.
Others followed, demonstrating exploits of cryptosystems and runtime systems
achieved by inducing transient faults.

To support the higher degrees of confidence required in these critical
applications, we have developed a new logic for reasoning about faulty
programs. Our logic allows the verification of programs even in the presence
of transient faults. It operates over a standard language of imperative
while programs augmented with a single new instruction to indicate the
possibility of faults at particular program points. The logic itself is a
relative of Separation Logic in which the separating conjunction is used to
reason about the limits to which faults may affect different parts of
program state.

As much as is practical, the logic is intended to be agnostic of the
particular model used to decide when faults may occur. In particular, our
current work deals with standard fault models that allow a certain maximum
number of faults to occur in program variables in a single run of the
program and limits faults according to how they affect data (typically
either allowing only a single bit flip or allowing arbitrary changes in
value). Faults in control-flow and many control logic faults (such as
misinterpretation of opcodes) are ignored, except where they can be
simulated by data faults.

We prove the logic is sound and illustrate how to use it on several simple
examples, including a simplified, idealized version of the RSA message
signing algorithm. We show how the introduction of a modal connective
helps to simplify program assertions and facilitate the reasoning process.

Pierce, B.C. Types and Programming Languages. MIT Press, 2002.
Ch 1, 2, 4, 5 of   Huth, M.R.A. and Ryan, M.D. Logic in Computer Science: Modelling and
Reasoning about Systems. Cambridge University Press, 2000.

[1] Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., and Whelan, C. The Sorcerer’s
Apprentice Guide to Fault Attacks. Proc. IEEE, Vol. 94. 370-382, Feb. 2006.
[2] Barthe, G., Grégoire, B., and Zanella Béguelin, S. 2009. Formal certification of
code-based cryptographic proofs. In Proceedings of the 36th Annual ACM SIGPLAN-SIGACT
Symposium on Principles of Programming Languages (Savannah, GA, USA, January 21 - 23,
2009). POPL '09. ACM, New York, NY, 90-101.
[3] Boneh, D., DeMillo, R., and Lipton, R., On the importance of checking cryptographic
protocols for faults, Journal of Cryptology 14 (2001). 101­-119.
[4] Chang, J., G. A. Reis and D. I. August. Non-Uniform Fault Tolerance. In Proceedings of
the 2nd Workshop on Architectural Reliability (WAR), December 2006.
[5] Ishtiaq, S. and O'Hearn, P. Bi as an assertion language for mutable data structures.
In Proceedings of the 28th ACM Symposium on Principles of Programming Languages, London,
United Kingdom, 2001, 14­-26.
[6] Perry, F., Mackey, L., Reis, G. A., Ligatti, J., August, D. I., and Walker, D. 2007.
Fault-tolerant typed assembly language. In Proceedings of the 2007 ACM SIGPLAN Conference
on Programming Language Design and Implementation (San Diego, California, USA, June 10 -
13, 2007). PLDI '07. ACM, New York, NY, 42-53.
[7] Rebaudengo, M., Sonza Reorda, M., Torchiano, M., and Violante, M., Soft-error
Detection through Software Fault-Tolerance techniques, in: IEEE International Symposium on
Defect and Fault Tolerance in VLSI Systems, 1999, 210-218.
[8] Reis, G. A., Chang, J., and August, D. I. 2007. Automatic Instruction-Level
Software-Only Recovery. IEEE Micro 27, 1 (Jan. 2007), 36-47.
[9] Shirvani, P. P., Saxena, N., and McCluskey, E. J. 2000. Software-implemented EDAC
protection against SEUs. In IEEE Transactions on Reliability. Vol. 49. 273–284.
[10] Walker, D., Mackey, L., Ligatti, J., Reis, G. A., and August, D. I. 2006. Static
typing for a faulty lambda calculus. In Proceedings of the Eleventh ACM SIGPLAN
international Conference on Functional Programming (Portland, Oregon, USA, September 16 -
21, 2006). ICFP '06. ACM, New York, NY, 38-49.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cs.princeton.edu/pipermail/talks/attachments/20090507/e0dbd5d3/attachment.htm>

More information about the talks mailing list