ABAC Requirements Engineering for Database Applications

We show how complex privacy requirements can be represented and processed by an extended model of Attribute Based Access Control (ABAC), working with a simple database applications pattern. During application model development, most likely based on UML (e.g. Use Case, Class Diagrams), the analyst and possibly the end user specifies ABAC permissions, and then verifies their effect by running queries on the target data. The ABAC model supports positive and negative permissions, “break glass” overrides of negative permissions, and message/alert generation. The permissions combining algorithms are based on relational database optimisation, and permissions processing is implemented by query modification, producing structurally-optimised queries in an SQL-like language; the queries can then be processed by many database and big data systems. The method and models have been implemented in a prototype Privacy Preferences Tool in collaboration with a large medical records development, and we discuss experiences with focus group evaluations of this tool

A Program Logic for Reasoning About C11 Programs With Release-Sequences

With the popularity of weak/relaxed memory models widely used in modern hardware architectures, the C11 standard introduced a language level weak memory model, A.K.A the C11 memory model, that allows C/C++ programs to exploit the optimisation provided by the hardware platform in memory ordering and gain benefits in efficiency. On the other hand, with the weakened memory ordering allowed, more program behaviours are introduced, among which some are counterintuitive and make it even more challenging for programmers to understand or to formally reason about C11 multithread programs. To support the formal verification of the C11 weak memory programs, several program logics, e.g. RSL, GPS, FSL, and GPS+, have been developed during the last few years. However, due to the complexity of the weakened memory model, some intricate C11 features still cannot be handled in these logics. A notable example is the lack of supporting to the reasoning about a highly flexible C11 synchronisation mechanism, the release-sequence. Recently, the FSL++ logic proposed by Doko and Vafeiadis moves one step forward to address this problem, but FSL++ only considers the scenarios with atomic update operations in a release- sequence. In this article, we propose a new program logic, GPS++, that supports the reasoning about C11 programs with fully featured release-sequences. We also introduce fractional read permissions to GPS++, which are essential to the reasoning about a large number of real-world concurrent programs. GPS++ is a successor of our previous program logic GPS+, but it comes with much finer control over the resource transmission with the newly introduced restricted-shareable assertions and an enhanced protocol system. A more sophisticated resource model is devised to support the soundness proof of our new program logic. We also demonstrate GPS++ in action by verifying C11 programs with release-sequences that could not be handled by existing program logics

RetouchUAA: Unconstrained Adversarial Attack via Image Retouching

Deep Neural Networks (DNNs) are susceptible to adversarial examples. Conventional attacks generate controlled noise-like perturbations that fail to reflect real-world scenarios and hard to interpretable. In contrast, recent unconstrained attacks mimic natural image transformations occurring in the real world for perceptible but inconspicuous attacks, yet compromise realism due to neglect of image post-processing and uncontrolled attack direction. In this paper, we propose RetouchUAA, an unconstrained attack that exploits a real-life perturbation: image retouching styles, highlighting its potential threat to DNNs. Compared to existing attacks, RetouchUAA offers several notable advantages. Firstly, RetouchUAA excels in generating interpretable and realistic perturbations through two key designs: the image retouching attack framework and the retouching style guidance module. The former custom-designed human-interpretability retouching framework for adversarial attack by linearizing images while modelling the local processing and retouching decision-making in human retouching behaviour, provides an explicit and reasonable pipeline for understanding the robustness of DNNs against retouching. The latter guides the adversarial image towards standard retouching styles, thereby ensuring its realism. Secondly, attributed to the design of the retouching decision regularization and the persistent attack strategy, RetouchUAA also exhibits outstanding attack capability and defense robustness, posing a heavy threat to DNNs. Experiments on ImageNet and Place365 reveal that RetouchUAA achieves nearly 100\% white-box attack success against three DNNs, while achieving a better trade-off between image naturalness, transferability and defense robustness than baseline attacks

Using function approximation for personalized point-of-interest recommendation

Point-of-interest (POI) recommender system encourages users to share their locations and social experience through check-ins in online location-based social networks. A most recent algorithm for POI recommendation takes into account both the location relevance and diversity. The relevance measures users’ personal preference while the diversity considers location categories. There exists a dilemma of weighting these two factors in the recommendation. The location diversity is weighted more when a user is new to a city and expects to explore the city in the new visit. In this paper, we propose a method to automatically adjust the weights according to user’s personal preference. We focus on investigating a function between the number of location categories and a weight value for each user, where the Chebyshev polynomial approximation method using binary values is applied. We further improve the approximation by exploring similar behavior of users within a location category. We conduct experiments on five real-world datasets, and show that the new approach can make a good balance of weighting the two factors therefore providing better recommendation

Group sparse optimization for learning predictive state representations

Predictive state representations (PSRs) are a commonly used approach for agents to summarize the information from history generated during their interaction with a dynamical environment and the agents may use PSRs to predict the future observation. Existing works have shown the benefits of PSRs for modelling partially observable dynamical systems. One of the key issues in PSRs is to discover a set of tests for representing states, which is called core tests. However, there is no very efficient technique to find the core tests for a large and complex problem in practice. In this paper, we formulate the discovering of the set of core tests as an optimization problem and exploit a group sparsity of the decision-making matrix to solve the problem. Then the PSR parameters can be obtained simultaneously. Hence, the model of the underlying system can be built immediately. The new learning approach doesn’t require the specification of the number of core tests. Furthermore, the embedded optimization method for solving the considered group Lasso problem, called alternating direction method of multipliers (ADMM), can achieve a global convergence. We conduct experiments on three problem domains including one extremely large problem domain and show promising performances of the new approach

Automated Specification Inference in a Combined Domain via User-Defined Predicates

Discovering program specifications automatically for heap-manipulating programs is a challenging task due\ud to the complexity of aliasing and mutability of data structures. This task is further complicated by an\ud expressive domain that combines shape, numerical and bag information. In this paper, we propose a compositional analysis framework that would derive the summary for each method in the expressive abstract\ud domain, independently from its callers. We propose a novel abstraction method with a bi-abduction technique in the combined domain to discover pre-/post-conditions that could not be automatically inferred\ud before. The analysis does not only infer memory safety properties, but also finds relationships between pure\ud and shape domains towards full functional correctness of programs. A prototype of the framework has been\ud implemented and initial experiments have shown that our approach can discover interesting properties for\ud non-trivial programs