The dining cryptographers problem: unconditional sender and recipient untraceability
Journal of Cryptology
Probabilistic predicate transformers
ACM Transactions on Programming Languages and Systems (TOPLAS)
The B-book: assigning programs to meanings
The B-book: assigning programs to meanings
Probabilistic models for the guarded command language
Science of Computer Programming - Special issue: on formal specifications: foundations, methods, tools and applications: selected papers from the FMTA '95 conference (29–31 May 1995, Konstancin n. Warsaw, Poland)
An axiomatic basis for computer programming
Communications of the ACM
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Abstraction, Refinement And Proof For Probabilistic Systems (Monographs in Computer Science)
Abstraction, Refinement And Proof For Probabilistic Systems (Monographs in Computer Science)
The Shadow Knows: Refinement and security in sequential programs
Science of Computer Programming
The Secret Art of Computer Programming
ICTAC '09 Proceedings of the 6th International Colloquium on Theoretical Aspects of Computing
The shadow knows: refinement of ignorance in sequential programs
MPC'06 Proceedings of the 8th international conference on Mathematics of Program Construction
Of probabilistic wp and CSP - and compositionality
CSP'04 Proceedings of the 2004 international conference on Communicating Sequential Processes: the First 25 Years
Unifying theories of confidentiality
UTP'10 Proceedings of the Third international conference on Unifying theories of programming
| Hi-index | 0.00 |
Fifty years ago there were few mathematical models of program semantics, perhaps none. Now there is probably a new one created every day. How do we do it? How should we do it? In our community we understand the utility of the refinement order, and we believe that each fresh semantics should come equipped with one. Although refinement's general principles are well understood, it is still not so easy to see just what the order should be in any particular case. Thus one of the things we should do is be clear about what the criteria really are for refinement orders. Recently invented is the Shadow Semantics for non-interference -style security of sequential programs including a refinement order. Using that as an example, I give here a rational reconstruction of how a refinement order can be ''brewed-up'' for a specific purpose; the aim of the exercise is to extract general lessons about how that can be done.