Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
We present Ulisse, a distributed single address space system being developed at the University of Pisa. Ulisse has a symmetric, peer-to-peer architecture, is resilient to certain types of node and network failures, and supports a form of... more
We present Ulisse, a distributed single address space system being developed at the University of Pisa. Ulisse has a symmetric, peer-to-peer architecture, is resilient to certain types of node and network failures, and supports a form of application-controlled approach to memory management. A set of mechanisms make it possible to explicitly control page caching and the page movements across the storage hierarchy, thereby allowing application programs to implement specific memory management strategies, including page replacement, consistency and recovery.
Research Interests:
Research Interests:
Résumé/Abstract In a distributed, single-address-space system, an important requirement is the independence of the operations possible on a given page from the present location of this page in the physical memory. The network traffic... more
Résumé/Abstract In a distributed, single-address-space system, an important requirement is the independence of the operations possible on a given page from the present location of this page in the physical memory. The network traffic generated by execution of every page operation should be independent of the network size. Furthermore, the number of messages required to determine the position of the page in memory should be low and independent of the page operations performed in the past. Finally, when normal working condition is ...
Research Interests:
A method is presented for checking secure information flow in Java bytecode, assuming a multilevel security policy that assigns security levels to the objects. The method exploits the type-level abstract interpretation of standard... more
A method is presented for checking secure information flow in Java bytecode, assuming a multilevel security policy that assigns security levels to the objects. The method exploits the type-level abstract interpretation of standard bytecode verification to detect illegal information flows. We define an algorithm transforming the original code into another code in such a way that a typing error detected by the Verifier on the transformed code corresponds to a possible illicit information flow in the original code. We present a prototype tool that implements the method and we show an example of application. Copyright © 2004 John Wiley & Sons, Ltd.
Research Interests:
Research Interests:
Research Interests:
This paper presents an efficient program for checking Mendelian consistency in a pedigree. Since pedigrees may contain incomplete and/or erroneous information, geneticists need to pre-process them before performing linkage analysis.... more
This paper presents an efficient program for checking Mendelian consistency in a pedigree. Since pedigrees may contain incomplete and/or erroneous information, geneticists need to pre-process them before performing linkage analysis. Removing superfluous genotypes that do not respect the Mendelian inheritance laws can speed up the linkage analysis. We have described in a formal way the Mendelian consistency problem and algorithms known in literature. The formalization helped to polish the algorithms and to find efficient data structures. The performance of the tool has been tested on a wide range of benchmarks. The results are promising if compared to other programs that treat Mendelian consistency.
A method is proposed for checking security properties in programs written in high-level languages. The method is based on the model checking technique. The SMV tool is used. The representation of the program is a Kripke structure... more
A method is proposed for checking security properties in programs written in high-level languages. The method is based on the model checking technique. The SMV tool is used. The representation of the program is a Kripke structure modelling the control flow graph enriched with security information. The properties considered are secure information flow and the absence of covert channels caused by program termination. The formulae expressing these security properties are given using the logic CTL. Copyright © 2003 John Wiley & Sons, Ltd.
Research Interests:
We present a tool supporting the verification of programs written in stack-based assembly language against the secure information flow property. First, the tool builds the transition system, which corresponds to an abstract execution of... more
We present a tool supporting the verification of programs written in stack-based assembly language against the secure information flow property. First, the tool builds the transition system, which corresponds to an abstract execution of the program, embodying security information and abstracting from the actual values. Then the states of the abstract transition system are checked to detect the satisfaction of
Research Interests:
Research Interests:
Research Interests:
Research Interests:
When an applet is sent over the internet, Java Virtual Machine code is transmitted and remotely executed. Because untrusted code can be executed on the local computer running the web browser security problems may arise. We present a... more
When an applet is sent over the internet, Java Virtual Machine code is transmitted and remotely executed. Because untrusted code can be executed on the local computer running the web browser security problems may arise. We present a method to check illicit flows in Java bytecode, that exploits the type-level abstract interpretation of bytecode verification. We present an algorithm transforming a bytecode into another one that, when abstractly executed by the standard bytecode verifier, reveals illicit information flows. We show an example of application of the method