CyberSec Research

Connections between structural graph theory and finite model theory recently gained a lot of attention. In this setting, many interesting question remain on the properties of hereditary dependent (NIP) classes of graphs, in particular related to first-order transductions. Motivated by Simon's decomposition theorem of dependent types into a stable part and a distal (order-like) part, we conjecture that every hereditary dependent class of graphs is transduction-equivalent to a hereditary dependent class of partially ordered graphs, where the cover graph of the partial order has bounded treewidth and the unordered graph is (edge) stable. In this paper, we consider the first non-trivial case (classes with bounded linear cliquewidth) and prove that the conjecture holds in a strong form, where the cover graph of the partial order has bounded pathwidth. Then, we extend our study to classes that admit bounded-size bounded linear cliquewidth covers, and prove that the conjecture holds for these classes, too.

A crucial skill for primary school teachers is maintaining efficient classroom management. Teachers use classroom seating arrangements to help maintain this efficiency. However, developing classroom seating arrangements is both time-consuming and often non-optimal for distraction mitigation. Fuzzy logic-based approaches for the development of classroom seating arrangements can reduce development time and minimize classroom distraction. In this study, an original fuzzy logic-based software package named "CUB" is introduced and applied to a modern classroom using "cluster" seating arrangements. The combination of fuzzy inference systems, fuzzy c-means clustering, sequential, and iterative processes produce ready-to-use seating arrangements for the classroom in this study. The seating arrangements are compared with an existing set of seating arrangements to validate the results. The author's findings show that CUB is successful in generating applicable seating arrangements with a small liklihood of replicating arrangements. The findings also suggest that fuzz logic-based approaches may be successful in other styles of classroom arrangement.

Neural networks have been shown to frequently fail to satisfy critical safety and correctness properties after training, highlighting the pressing need for training methods that incorporate such properties directly. While adversarial training can be used to improve robustness to small perturbations within $\epsilon$-cubes, domains other than computer vision -- such as control systems and natural language processing -- may require more flexible input region specifications via generalised hyper-rectangles. Meanwhile, differentiable logics offer a way to encode arbitrary logical constraints as additional loss terms that guide the learning process towards satisfying these constraints. In this paper, we investigate how these two complementary approaches can be unified within a single framework for property-driven machine learning. We show that well-known properties from the literature are subcases of this general approach, and we demonstrate its practical effectiveness on a case study involving a neural network controller for a drone system. Our framework is publicly available at https://github.com/tflinkow/property-driven-ml.

This article deals with the description and recognition of fiber bundles, in particular nerves, in medical images, based on the anatomical description of the fiber trajectories. To this end, we propose a logical formalization of this anatomical knowledge. The intrinsically imprecise description of nerves, as found in anatomical textbooks, leads us to propose fuzzy semantics combined with first-order logic. We define a language representing spatial entities, relations between these entities and quantifiers. A formula in this language is then a formalization of the natural language description. The semantics are given by fuzzy representations in a concrete domain and satisfaction degrees of relations. Based on this formalization, a spatial reasoning algorithm is proposed for segmentation and recognition of nerves from anatomical and diffusion magnetic resonance images, which is illustrated on pelvic nerves in pediatric imaging, enabling surgeons to plan surgery.

Substructural logics are formal logical systems that omit familiar structural rules of classical and intuitionistic logic such as contraction, weakening, exchange (commutativity), and associativity. This leads to a resource-sensitive logical framework that has proven influential beyond mathematical logic and its algebraic semantics, across theoretical computer science, linguistics, and philosophical logic. The set of theorems of a substructural logic is recursively enumerable and, in many cases, recursive. These logics also possess an intricate mathematical structure that has been the subject of research for over six decades. We undertake a comprehensive study of substructural logics possessing an underlying well-quasi-order (wqo), using established ordinal-indexed fast-growing complexity classes to classify the complexity of their deducibility (quasiequational) and provability (equational) problems. This includes substructural logics with weak variants of contraction and weakening, and logics with weak or even no exchange. We further consider infinitely many axiomatic extensions over the base systems. We establish a host of decidability and complexity bounds, many of them tight, by developing new techniques in proof theory, well-quasi-order theory (contributing new length theorems), the algebraic semantics of substructural logics via residuated lattices, algebraic proof theory, and novel encodings of counter machines. Classifying the computational complexity of substructural logics (and the complexity of the word problem and of the equational theory of their algebraic semantics) reveals how subtle variations in their design influence their algorithmic behavior, with the decision problems often reaching Ackermannian or even hyper-Ackermannian complexity.

Stream-based runtime monitors are safety assurance tools that check at runtime whether the system's behavior satisfies a formal specification. Specifications consist of stream equations, which relate input streams, containing sensor readings and other incoming information, to output streams, representing filtered and aggregated data. This paper presents a framework for the stream-based specification language RTLola. We introduce a new intermediate representation for stream-based languages, the StreamIR, which, like the specification language, operates on streams of unbounded length; while the stream equations are replaced by imperative programs. We developed a set of optimizations based on static analysis of the specification and have implemented an interpreter and a compiler for several target languages. In our evaluation, we measure the performance of several real-world case studies. The results show that using the StreamIR framework reduces the runtime significantly compared to the existing StreamIR interpreter. We evaluate the effect of the optimizations and show that significant performance gains are possible beyond the optimizations of the target language's compiler. While our current implementation is limited to RTLola, the StreamIR is designed to accommodate other stream-based languages, enabling their interpretation and compilation into all available target languages.

An important learning objective for computer science students is to learn how to formalize descriptions of real world scenarios in order to subsequently solve real world challenges using methods and algorithms from formal foundations of computer science. Two key steps when formalizing with logical formalisms are to (a) choose a suitable vocabulary, that is, e.g., which propositional variables or first-order symbols to use, and with which intended meaning, and then to (b) construct actual formal descriptions, i.e. logical formulas over the chosen vocabulary. While (b) is addressed by several educational support systems for formal foundations of computer science, (a) is so far not addressed at all -- likely because it involves specifying the intended meaning of symbols in natural language. We propose a conceptual framework for educational tasks where students choose a vocabulary, including an enriched language for describing solution spaces as well as an NLP-approach for checking student attempts and providing feedback. We implement educational tasks for designing propositional and first-order vocabularies within the Iltis educational system, and report on experiments with data from introductory logic courses for computer science students with > 25.000 data points.

We introduce the Kimina Lean Server, an open-source project that enables fast and scalable interaction with Lean 4 via a unified REST API, designed as a simple verifier for reinforcement learning pipelines. Built on top of the Lean FRO's LeanREPL, it combines server-side parallelization by managing multiple Lean REPL processes in parallel, with an LRU caching strategy that reuses Lean imports across multiple requests. These features help reduce initialization overhead and allow large-scale batch processing of Lean code. The client-side interface allows users to submit batches of proofs and receive Lean feedback, including extracted tactics and tactic states via infotree processing. These features enable a high-performance, scalable workflow for both interaction and extraction of proofs, tactics, and tactic states. We open source our implementation on GitHub.

BSS RAMs over first-order structures help to characterize algorithms for processing objects by means of useful operations and relations. They are the result of a generalization of several types of abstract machines. We want to discuss whether this concept that allows a machine-oriented characterization of algorithms is sufficiently general for describing also other models of computation. Yiannis N. Moschovakis introduced a concept of abstract computability of functions on the basis of recursive definability over first-order structures. Moschovakis' search operator is the counterpart to the operator introduced by Stephen C. Kleene and suitable for structures without computable minima. To compare our concept with Moschovakis' generalization of the theory of recursive functions, we extend the abilities of BSS RAMs by an operator that makes it possible to provide information about computable functions and their inverses in a non-deterministic way. In Part IIb, we compare several non-determinisms, summarize effects resulting from the restriction of guesses to constants, and take into account properties such as the semi-decidability of oracle sets, the semi-decidability of the identity relation, and the recognizability of constants.

Asynchronous multiparty session types provide a formal model for expressing the behaviour of communicating processes and verifying that they correctly implement desired protocols. In the ``bottom-up'' approach to session typing, local session types are specified directly, and the properties of their composition (e.g. deadlock freedom and liveness) are checked and transferred to well-typed processes. This method allows expressing and verifying a broad range of protocols, but still has a key limitation: it only supports protocols where every send/receive operation is directed towards strictly one recipient/sender at a time. This makes the technique too restrictive for modelling some classes of protocols, e.g. those used in the field of federated learning. This paper improves the session typing theory by extending the asynchronous ``bottom-up'' approach to support protocols where a participant can choose to send or receive messages to/from multiple other participants at the same time, rather than just one at a time. We demonstrate how this extension enables the modeling and verification of real-world protocols, including some used in federated learning. Furthermore, we introduce and formally prove safety, deadlock-freedom, liveness, and session fidelity properties for our session typing system, revealing interesting dependencies between these properties in the presence of a subtyping relation.

We study nominal anti-unification, which is concerned with computing least general generalizations for given terms-in-context. In general, the problem does not have a least general solution, but if the set of atoms permitted in generalizations is finite, then there exists a least general generalization which is unique modulo variable renaming and $\alpha$-equivalence. We present an algorithm that computes it. The algorithm relies on a subalgorithm that constructively decides equivariance between two terms-in-context. We prove soundness and completeness properties of both algorithms and analyze their complexity. Nominal anti-unification can be applied to problems were generalization of first-order terms is needed (inductive learning, clone detection, etc.), but bindings are involved.

Conditioning is a key feature in probabilistic programming to enable modeling the influence of data (also known as observations) to the probability distribution described by such programs. Determining the posterior distribution is also known as Bayesian inference. This paper equips a quantum while-language with conditioning, defines its denotational and operational semantics over infinite-dimensional Hilbert spaces, and shows their equivalence. We provide sufficient conditions for the existence of weakest (liberal) precondition-transformers and derive inductive characterizations of these transformers. It is shown how w(l)p-transformers can be used to assess the effect of Bayesian inference on (possibly diverging) quantum programs.

The Busy Beaver Challenge (or bbchallenge) aims at collaboratively solving the following conjecture: "$S(5) = 47{,}176{,}870$" [Rad\'o, 1962], [Marxen and Buntrock, 1990], [Aaronson, 2020]. This conjecture says that if a 5-state Turing machine runs for more than 47,176,870 steps without halting, then it will never halt -- starting from the all-0 tape. Proving this conjecture amounts to deciding whether 181,385,789 Turing machines with 5 states halt or not -- starting from the all-0 tape [bbchallenge, 2025]. To do so, we write $\textit{deciders}$: programs that take as input a Turing machine and output either HALT, NONHALT, or UNKNOWN. Each decider is specialised in recognising a particular type of non-halting behavior. After two years of work, the Busy Beaver Challenge achieved its goal in July 2024 by delivering a proof of "$S(5) = 47{,}176{,}870$" formalised in Coq [bbchallenge, 2025]. In this document, we present deciders that were developed before the Coq proof and which were mainly not used in the proof; nonetheless, they are relevant techniques for analysing Turing machines. Part II of this work is the decider section of our paper showing "$S(5) = 47{,}176{,}870$" [bbchallenge, 2025], presenting the deciders that were used in the Coq proof.

A central question in the theory of automata is which classes of automata can be minimized in polynomial time. We close the remaining gaps for deterministic and history-deterministic automata over infinite words by proving that deterministic co-B\"uchi automata with transition-based acceptance are NP-hard to minimize, as are history-deterministic B\"uchi automata with transition-based acceptance.

For fragments L of first-order logic (FO) with counting quantifiers, we consider the definability problem, which asks whether a given L-formula can be equivalently expressed by a formula in some fragment of L without counting, and the more general separation problem asking whether two mutually exclusive L-formulas can be separated in some counting-free fragment of L. We show that separation is undecidable for the two-variable fragment of FO extended with counting quantifiers and for the graded modal logic with inverse, nominals and universal modality. On the other hand, if inverse or nominals are dropped, separation becomes coNExpTime- or 2ExpTime-complete, depending on whether the universal modality is present. In contrast, definability can often be reduced in polynomial time to validity in L. We also consider uniform separation and show that it often behaves similarly to definability.

We show that the emptiness (unsatisfiability) problem is undecidable and $\mathrm{\Pi}^{0}_{1}$-complete for deterministic propositional while programs with (graph) loop. To this end, we introduce a hypothesis elimination using loops. Using this, we give reductions from the complement of the periodic domino problem. Moreover, as a corollary via hypothesis eliminations, we also show that the equational theory is $\mathrm{\Pi}^{0}_{1}$-complete for the positive calculus of relations with transitive closure and difference. Additionally, we show that the emptiness problem is PSPACE-complete for the existential calculus of relations with transitive closure.

We propose Weighted Guarded Kleene Algebra with Tests (wGKAT), an uninterpreted weighted programming language equipped with branching, conditionals, and loops. We provide an operational semantics for wGKAT using a variant of weighted automata and introduce a sound and complete axiomatization. We also provide a polynomial time decision procedure for bisimulation equivalence.

We study the complexity of satisfiability problems in probabilistic and causal reasoning. Given random variables $X_1, X_2,\ldots$ over finite domains, the basic terms are probabilities of propositional formulas over atomic events $X_i = x_i$, such as $P(X_1 = x_1)$ or $P(X_1 = x_1 \vee X_2 = x_2)$. The basic terms can be combined using addition (yielding linear terms) or multiplication (polynomial terms). The probabilistic satisfiability problem asks whether a joint probability distribution satisfies a Boolean combination of (in)equalities over such terms. Fagin et al. (1990) showed that for basic and linear terms, this problem is NP-complete, making it no harder than Boolean satisfiability, while Moss\'e et al. (2022) proved that for polynomial terms, it is complete for the existential theory of the reals. Pearl's Causal Hierarchy (PCH) extends the probabilistic setting with interventional and counterfactual reasoning, enriching the expressiveness of languages. However, Moss\'e et al. (2022) found that satisfiability complexity remains unchanged. Van der Zander et al. (2023) showed that introducing a marginalization operator to languages induces a significant increase in complexity. We extend this line of work by adding two new dimensions to the problem by constraining the models. First, we fix the graph structure of the underlying structural causal model, motivated by settings like Pearl's do-calculus, and give a nearly complete landscape across different arithmetics and PCH levels. Second, we study small models. While earlier work showed that satisfiable instances admit polynomial-size models, this is no longer guaranteed with compact marginalization. We characterize the complexities of satisfiability under small-model constraints across different settings.