72,165 research outputs found
Compatibility Checking for Asynchronously Communicating Software
International audienceCompatibility is a crucial problem that is encountered while constructing new software by reusing and composing existing components. A set of software components is called compatible if their composition preserves certain properties, such as deadlock freedom. However, checking compatibility for systems communicating asynchronously is an undecidable problem, and asynchronous communication is a common interaction mechanism used in building software systems. A typical approach in analyzing such systems is to bound the state space. In this paper, we take a different approach and do not impose any bounds on the number of participants or the sizes of the message buffers. Instead, we present a sufficient condition for checking compatibility of a set of asynchronously communicating components. Our approach relies on the synchronizability property which identifies systems for which interaction behavior remains the same when asynchronous communication is replaced with synchronous communication. Using the synchronizability property, we can check the compatibility of systems with unbounded message buffers by analyzing only a finite part of their behavior. We have implemented a prototype tool to automate our approach and we have applied it to many examples
Connectors meet Choreographies
We present Cho-Reo-graphies (CR), a new language model that unites two
powerful programming paradigms for concurrent software based on communicating
processes: Choreographic Programming and Exogenous Coordination. In CR,
programmers specify the desired communications among processes using a
choreography, and define how communications should be concretely animated by
connectors given as constraint automata (e.g., synchronous barriers and
asynchronous multi-casts). CR is the first choreography calculus where
different communication semantics (determined by connectors) can be freely
mixed; since connectors are user-defined, CR also supports many communication
semantics that were previously unavailable for choreographies. We develop a
static analysis that guarantees that a choreography in CR and its user-defined
connectors are compatible, define a compiler from choreographies to a process
calculus based on connectors, and prove that compatibility guarantees
deadlock-freedom of the compiled process implementations
Concurrent Computing with Shared Replicated Memory
The behavioural theory of concurrent systems states that any concurrent
system can be captured by a behaviourally equivalent concurrent Abstract State
Machine (cASM). While the theory in general assumes shared locations, it
remains valid, if different agents can only interact via messages, i.e. sharing
is restricted to mailboxes. There may even be a strict separation between
memory managing agents and other agents that can only access the shared memory
by sending query and update requests to the memory agents. This article is
dedicated to an investigation of replicated data that is maintained by a memory
management subsystem, whereas the replication neither appears in the requests
nor in the corresponding answers. We show how the behaviour of a concurrent
system with such a memory management can be specified using concurrent
communicating ASMs. We provide several refinements of a high-level ground model
addressing different replication policies and internal messaging between data
centres. For all these refinements we analyse their effects on the runs such
that decisions concerning the degree of consistency can be consciously made.Comment: 23 page
Mastering Heterogeneous Behavioural Models
Heterogeneity is one important feature of complex systems, leading to the
complexity of their construction and analysis. Moving the heterogeneity at
model level helps in mastering the difficulty of composing heterogeneous models
which constitute a large system. We propose a method made of an algebra and
structure morphisms to deal with the interaction of behavioural models,
provided that they are compatible. We prove that heterogeneous models can
interact in a safe way, and therefore complex heterogeneous systems can be
built and analysed incrementally. The Uppaal tool is targeted for
experimentations.Comment: 16 pages, a short version to appear in MEDI'201
Model-Based Adaptation of Software Communicating via FIFO Buffers
Software Adaptation is a non-intrusive solution for composing black-box components or services (peers) whose individual functionality is as required for the new system, but that present interface mismatch, which leads to deadlock or other undesirable behaviour when combined. Adaptation techniques aim at automatically generating new components called adapters. All the interactions among peers pass through the adapter, which acts as an orchestrator and makes the involved peers work correctly together by compensating for mismatch. Most of the existing solutions in this field assume that peers interact synchronously using rendezvous communication. However, many application areas rely on asynchronous communication models where peers interact exchanging messages via buffers. Generating adapters in this context becomes a difficult problem because peers may exhibit cyclic behaviour, and their composition often results in infinite systems. In this paper, we present a method for automatically generating adapters in asynchronous environments where peers interact using FIFO buffers.Universidad de Málaga. Campus de Excelencia Internacional AndalucĂa Tech
On the Feasibility of Fine-Grained TLS Security Configurations in Web Browsers Based on the Requested Domain Name
Most modern web browsers today sacrifice optimal TLS security for backward
compatibility. They apply coarse-grained TLS configurations that support (by
default) legacy versions of the protocol that have known design weaknesses, and
weak ciphersuites that provide fewer security guarantees (e.g. non Forward
Secrecy), and silently fall back to them if the server selects to. This
introduces various risks including downgrade attacks such as the POODLE attack
[15] that exploits the browsers silent fallback mechanism to downgrade the
protocol version in order to exploit the legacy version flaws. To achieve a
better balance between security and backward compatibility, we propose a
mechanism for fine-grained TLS configurations in web browsers based on the
sensitivity of the domain name in the HTTPS request using a whitelisting
technique. That is, the browser enforces optimal TLS configurations for
connections going to sensitive domains while enforcing default configurations
for the rest of the connections. We demonstrate the feasibility of our proposal
by implementing a proof-of-concept as a Firefox browser extension. We envision
this mechanism as a built-in security feature in web browsers, e.g. a button
similar to the \quotes{Bookmark} button in Firefox browsers and as a
standardised HTTP header, to augment browsers security
Tau Be or not Tau Be? - A Perspective on Service Compatibility and Substitutability
One of the main open research issues in Service Oriented Computing is to
propose automated techniques to analyse service interfaces. A first problem,
called compatibility, aims at determining whether a set of services (two in
this paper) can be composed together and interact with each other as expected.
Another related problem is to check the substitutability of one service with
another. These problems are especially difficult when behavioural descriptions
(i.e., message calls and their ordering) are taken into account in service
interfaces. Interfaces should capture as faithfully as possible the service
behaviour to make their automated analysis possible while not exhibiting
implementation details. In this position paper, we choose Labelled Transition
Systems to specify the behavioural part of service interfaces. In particular,
we show that internal behaviours (tau transitions) are necessary in these
transition systems in order to detect subtle errors that may occur when
composing a set of services together. We also show that tau transitions should
be handled differently in the compatibility and substitutability problem: the
former problem requires to check if the compatibility is preserved every time a
tau transition is traversed in one interface, whereas the latter requires a
precise analysis of tau branchings in order to make the substitution preserve
the properties (e.g., a compatibility notion) which were ensured before
replacement.Comment: In Proceedings WCSI 2010, arXiv:1010.233
Detecting Ontological Conflicts in Protocols between Semantic Web Services
The task of verifying the compatibility between interacting web services has
traditionally been limited to checking the compatibility of the interaction
protocol in terms of message sequences and the type of data being exchanged.
Since web services are developed largely in an uncoordinated way, different
services often use independently developed ontologies for the same domain
instead of adhering to a single ontology as standard. In this work we
investigate the approaches that can be taken by the server to verify the
possibility to reach a state with semantically inconsistent results during the
execution of a protocol with a client, if the client ontology is published.
Often database is used to store the actual data along with the ontologies
instead of storing the actual data as a part of the ontology description. It is
important to observe that at the current state of the database the semantic
conflict state may not be reached even if the verification done by the server
indicates the possibility of reaching a conflict state. A relational algebra
based decision procedure is also developed to incorporate the current state of
the client and the server databases in the overall verification procedure
- …