Galois, Inc. Auxiliary Meeting Room

Galois is pleased to host the following tech talk. These talks are free and open to the interested public--please join us! (There is no need to pre-register for the talk.)

Abstract

QuickCheck is a powerful library for automatic test-case generation. Because QuickCheck performs random testing, some of the counterexamples discovered are very large. QuickCheck provides an interface for the user to write shrink functions to attempt to reduce the size of counterexamples. Hand-written implementations of shrink can be complex, inefficient, and consist of significant boilerplate code. Furthermore, shrinking is only one aspect in debugging: counterexample generalization is the process of extrapolating from individual counterexamples to a class of counterexamples, often requiring a flash of insight from the programmer. To improve counterexample reduction and generalization, we introduce SmartCheck. SmartCheck is a debugging tool that reduces algebraic data using generic search heuristics to efficiently find smaller counterexamples. In addition to shrinking, SmartCheck also automatically generalizes counterexamples to formulas representing classes of counterexamples. SmartCheck has been implemented for Haskell and is freely available.

Bio

Lee Pike manages the Cyber-Physical Systems program at Galois, a company specializing in software-intensive critical systems. He has been the Principal Investigator on approximately $10 million of R&D projects funded by NASA, DARPA, and other federal agencies. His research focuses on applying techniques from functional programming, run-time verification, and formal verification to the areas of operating systems, compilers, cryptographic systems, avionics, and control systems. Previously, he was a research scientist in the NASA Langley Formal Methods Group and has a Ph.D. in Computer Science from Indiana University.

Galois is pleased to host the following tech talk. These talks are free and open to the interested public--please join us! (There is no need to pre-register for the talk.)

Abstract

EasyCrypt is a computer-assisted framework for proving the security of cryptographic constructions. However, there is a significant gap between security proofs done in the usual provable security style and cryptographic implementations used in practice; as a consequence, real-world cryptography is sometimes considered as “one of the many ongoing disaster areas in security. We have recently extended EasyCrypt with support for reasoning about C implementations, and exploited the CompCert verified compiler to carry the security proof to executable code. Moreover, we have developed verified type-based information flow analyses on assembly code to ensure that executable code is protected against cache-based side-channel attacks.

Bio

Gilles Barthe received a Ph.D. in Mathematics from the University of Manchester, UK, in 1993, and an Habilitation à diriger les recherches in Computer Science from the University of Nice, France, in 2004. He joined the IMDEA Software Institute in April 2008. Previously, he was head of the Everest team on formal methods and security at INRIA Sophia-Antipolis Méditerranée, France. He also held positions at the University of Minho, Portugal; Chalmers University, Sweden; CWI, Netherlands; University of Nijmegen, Netherlands. He has published more than 100 refereed scientific papers. He has been coordinator/principal investigator of many national and European projects, and served as the scientific coordinator of the FP6 FET integrated project “MOBIUS: Mobility, Ubiquity and Security” for enabling proof-carrying code for Java on mobile devices (2005-2009). He has been a PC member of many conferences (CSF, ESORICS, FM, ICALP, ITP…), and served as PC (co-)chair of VMCAI’10, ESOP’11, FAST’11, and SEFM’11. He is a member of the editorial board of the Journal of Automated Reasoning.

His research interests include formal methods, programming languages and program verification, software and system security, and cryptography, and foundations of mathematics and computer science.