196 research outputs found
The Geometry of Concurrent Interaction: Handling Multiple Ports by Way of Multiple Tokens (Long Version)
We introduce a geometry of interaction model for Mazza's multiport
interaction combinators, a graph-theoretic formalism which is able to
faithfully capture concurrent computation as embodied by process algebras like
the -calculus. The introduced model is based on token machines in which
not one but multiple tokens are allowed to traverse the underlying net at the
same time. We prove soundness and adequacy of the introduced model. The former
is proved as a simulation result between the token machines one obtains along
any reduction sequence. The latter is obtained by a fine analysis of
convergence, both in nets and in token machines
Bisimulation for quantum processes
In this paper we introduce a novel notion of probabilistic bisimulation for
quantum processes and prove that it is congruent with respect to various
process algebra combinators including parallel composition even when both
classical and quantum communications are present. We also establish some basic
algebraic laws for this bisimulation. In particular, we prove uniqueness of the
solutions to recursive equations of quantum processes, which provides a
powerful proof technique for verifying complex quantum protocols.Comment: Journal versio
Deciding equivalence-based properties using constraint solving
Formal methods have proved their usefulness for analyzing the security of protocols. Most existing results focus on trace properties like secrecy or authentication. There are however several security properties, which cannot be defined (or cannot be naturally defined) as trace properties and require a notion of behavioural equivalence. Typical examples are anonymity, privacy related properties or statements closer to security properties used in cryptography.
In this paper, we consider three notions of equivalence defined in the applied pi calculus: observational equivalence, may-testing equivalence, and trace equivalence. First, we study the relationship between these three notions. We show that for determinate processes, observational equivalence actually coincides with trace equivalence, a notion simpler to reason with. We exhibit a large class of determinate processes, called simple processes, that capture most existing protocols and cryptographic primitives. While trace equivalence and may-testing equivalence seem very similar, we show that may-testing equivalence is actually strictly stronger than trace equivalence. We prove that the two notions coincide for image-finite processes, such as processes without replication.
Second, we reduce the decidability of trace equivalence (for finite processes) to deciding symbolic equivalence between sets of constraint systems. For simple processes without replication and with trivial else branches, it turns out that it is actually sufficient to decide symbolic equivalence between pairs of positive constraint systems. Thanks to this reduction and relying on a result first proved by M. Baudet, this yields the first decidability result of observational equivalence for a general class of equational theories (for processes without else branch nor replication). Moreover, based on another decidability result for deciding equivalence between sets of constraint systems, we get decidability of trace equivalence for processes with else branch for standard primitives
Causal Consistency for Reversible Multiparty Protocols
In programming models with a reversible semantics, computational steps can be
undone. This paper addresses the integration of reversible semantics into
process languages for communication-centric systems equipped with behavioral
types. In prior work, we introduced a monitors-as-memories approach to
seamlessly integrate reversible semantics into a process model in which
concurrency is governed by session types (a class of behavioral types),
covering binary (two-party) protocols with synchronous communication. The
applicability and expressiveness of the binary setting, however, is limited.
Here we extend our approach, and use it to define reversible semantics for an
expressive process model that accounts for multiparty (n-party) protocols,
asynchronous communication, decoupled rollbacks, and abstraction passing. As
main result, we prove that our reversible semantics for multiparty protocols is
causally-consistent. A key technical ingredient in our developments is an
alternative reversible semantics with atomic rollbacks, which is conceptually
simple and is shown to characterize decoupled rollbacks.Comment: Extended, revised version of a PPDP'17 paper
(https://doi.org/10.1145/3131851.3131864
APTE: An Algorithm for Proving Trace Equivalence
This paper presents APTE, a new tool for automatically proving the security of cryptographic protocols. It focuses on proving trace equivalence between processes, which is crucial for specifying privacy type properties such as anonymity and unlinkability.
The tool can handle protocols expressed in a calculus similar to the applied-pi calculus, which allows us to capture most existing protocols that rely on classical cryptographic primitives. In particular, APTE handles private channels and else branches in protocols with bounded number of sessions. Unlike most equivalence verifier tools, APTE is guaranteed to terminate
Moreover, APTE is the only tool that extends the usual notion of trace equivalence by considering ``side-channel'' information leaked to the attacker such as the length of messages and the execution times. We illustrate APTE on different case studies which allowed us to automatically (re)-discover attacks on protocols such as the Private Authentication protocol or the protocols of the electronic passports
Proving More Observational Equivalences with ProVerif
This paper presents an extension of the automatic protocol verifier ProVerif in order to prove more observational equivalences. ProVerif can prove observational equivalence between processes that have the same structure but differ by the messages they contain. In order to extend the class of equivalences that ProVerif handles, we extend the language of terms by defining more functions (destructors) by rewrite rules. In particular, we allow rewrite rules with inequalities as side-conditions, so that we can express tests ''if then else'' inside terms. Finally, we provide an automatic procedure that translates a process into an equivalent process that performs as many actions as possible in- side terms, to allow ProVerif to prove the desired equivalence. These extensions have been implemented in ProVerif and allow us to au- tomatically prove anonymity in the private authentication protocol by Abadi and Fournet
Process Algebras
Process Algebras are mathematically rigorous languages with well defined semantics that permit describing and verifying properties of concurrent communicating systems.
They can be seen as models of processes, regarded as agents that act and interact continuously with other similar agents and with their common environment. The agents may be real-world objects (even people), or they may be artifacts, embodied perhaps in computer hardware or software systems.
Many different approaches (operational, denotational, algebraic) are taken for describing the meaning of processes. However, the operational approach is the reference one. By relying on the so called Structural Operational Semantics (SOS), labelled transition systems are built and composed by using the different operators of the many different process algebras. Behavioral equivalences are used to abstract from unwanted details and identify those systems that react similarly to external
experiments
- …