Abstract Machines of Systems Biology (Extended Abstract)

Living cells are extremely well-organized autonomous systems, consisting of discrete interacting components. Key to understanding and modelling their behavior is modelling their system organization, which can be described as a collection of distinct but interconnected abstract machines. Biologists have invented a number of notations attempting to describe, abstractly, these abstract machines and the processes that they implement. Systems biology aims to understand how these abstract machines work, separately and together

Local area [pye]-calculus

All computers on the Internet are connected, but not all connections are equal. Hosts are grouped into islands of local communication. It is the agreed conventions and shared knowledge that connect these islands, just as much as the switches and wires that run between them. The power and limitation of these conventions and shared knowledge and hence their effectiveness can be investigated by an appropriate calculus. In this thesis I describe a development of the 7r-calculus that is particularly well suited to express such systems. The process calculus, which I call the local area n-calculus or Ian, extends the 7r-calculus so that a channel name can have within its scope several disjoint local areas. Such a channel name may be used for communication within an area or it may be sent between areas, but it cannot itself be used to transmit information from one area to another. Areas are arranged in a hierarchy of levels which distinguish, for example, between a single application, a machine, or a whole network. I present a semantics for this calculus that relies on several side-conditions which are essentially runtime level checks. I show that a suitable type system can provide enough static information to make most of these checks unnecessary. I examine the descriptive power of the /a7r-calculus by comparing it to the 7r-calculus. I find that, perhaps surprisingly, local area communication can be encoded into the 7T-calculus with conditional matching. The encoding works by replacing communication inside an area with communication on a new channel created just for that area. This is analogous to replacing direct communication between two points with a system that broadcasts packets over a background ether. I show a form of operational correspondence between the behaviour of a process in lan and its 7r-calculus translation. One of my aims in developing this calculus is to provide a convenient and ex¬ pressive framework with which to examine convention-laden, distributed systems. I offer evidence that the calculus has achieved this by way of an extended case study. I present a model of Internet communication based on Sockets and TCP over IP and then extend this system with Network Address Translation. I then 4 give a model of the File Transfer Protocol that uses TCP/IP to communicate between networks. Traces of the model show that FTP, run in its normal mode, will fail when the client is using Network Address Translation, whereas, an alternative mode of FTP will succeed. Moreover a normal run of the model over NAT fails in the same way as the real life system would, demonstrating that the model can pick up this failure and correctly highlight the reasons behind it

Analysis of communication topologies by partner abstraction

Dynamic communication systems are hard to verify due to inherent unboundedness. Unbounded creation and destruction of objects and a dynamically evolving communication topology are characteristic features. Prominent examples include traffic control systems based on wireless communication and ad hoc networks. As dynamic communication systems have to meet safety-critical requirements, this thesis develops appropriate specification and verification techniques for them. It is shown that earlier attempts at doing so have failed. Partner graph grammars are presented as an adequate specification formalism for dynamic communication systems. They form a novel variant of the single pushout approach to algebraic graph transformation equipped with a special kind of negative application conditions: Partner constraints that allow to reason about communication partners are specifically tailored to dynamic communication systems. A novel verification technique based on abstract interpretation of partner graph grammars is proposed. It is based on a two-layered abstraction that keeps precise information about objects and the kinds of their communication partners. The analysis is formally proven sound. Some statically checkable cases are defined for which the analysis results are even complete. The analysis has been implemented in the hiralysis tool. A complex case study - car platooning originally developed in the California PATH project - is modeled using partner graph grammars. An experimental evaluation using the tool discovered many flaws in the PATH specification of car platooning that had not been discovered earlier due to insufficient specification and verification methods. Many interesting properties can be automatically proven for a corrected implementation of car platooning using hiralysis.Aufgrund ihres unbeschränkten Verhaltens sind dynamisch kommunizierende Systeme schwierig zu verifizieren. Sie zeichnen sich durch unbegrenztes Erzeugen und Zerstören von Objekten sowie eine sich ständig ändernde Kommunikationstopologie aus. Funkbasierte Verkehrskontrollsysteme und drahtlose Ad-hoc Netzwerke sind bekannte Beispiele dynamisch kommunizierender Systeme. Da diese außerdem sicherheitskritischen Anforderungen genügen müssen, werden in dieser Arbeit Spezifikations- und Verifikationsmethoden für dynamisch kommunizierende Systeme entwickelt. Es wird gezeigt, dass frühere Versuche in dieser Richtung fehlgeschlagen sind. Partner-Graphgrammatiken stellen einen geeigneten Formalismus zur Beschreibung solcher Systeme dar. Sie bilden eine neue Form des "single pushout" Ansatzes für algebraische Graphtransformationen erweitert um besondere negative Anwendungsbedingungen. "Partner constraints", die speziell für die Spezifikation dynamisch kommunizierender Systeme entwickelt wurden, erlauben, Nebenbedingungen an Objekte und ihre Kommunikationspartner zu formulieren. Es wird eine neuartige Verifikationstechnik vorgeschlagen, die auf der abstrakten Interpretation von Partner-Graphgrammatiken beruht. Diese fußt auf einer Abstraktion, die präzise Informationen über Objekte und ihre Kommunikationspartner erhält. Die Analyse wird korrekt bewiesen, und es werden statisch erkennbare Fälle aufgezeigt, in denen die Analyse sogar vollständige Resultate liefert. Die Analyse wurde in dem hiralysis Werkzeug implementiert. Eine komplexe Fallstudie - "car platooning", welche ursprünglich im Rahmen des California PATH Projektes entwickelt wurde - wird durch Partner-Graphgrammatiken modelliert. Eine experimentelle Auswertung mithilfe desWerkzeugs deckte zahlreiche Fehler in der ursprünglichen Modellierung auf, welche ihre Ursache in unzureichenden Spezifikations- und Verifikationsmethoden haben. Viele interessante Eigenschaften eines verbesserten Modells konnten mittels hiralysis automatisch bewiesen werden

The Applied Pi Calculus: Mobile Values, New Names, and Secure Communication

We study the interaction of the programming construct " new " , which generates statically scoped names, with communication via messages on channels. This interaction is crucial in security protocols, which are the main motivating examples for our work; it also appears in other programming-language contexts. We define the applied pi calculus, a simple, general extension of the pi calculus in which values can be formed from names via the application of built-in functions, subject to equations, and be sent as messages. (In contrast, the pure pi calculus lacks built-in functions; its only messages are atomic names.) We develop semantics and proof techniques for this extended language and apply them in reasoning about security protocols. This paper essentially subsumes the conference paper that introduced the applied pi calculus in 2001. It fills gaps, incorporates improvements, and further explains and studies the applied pi calculus. Since 2001, the applied pi calculus has been the basis for much further work, described in many research publications and sometimes embodied in useful software, such as the tool ProVerif, which relies on the applied pi calculus to support the specification and automatic analysis of security protocols. Although this paper does not aim to be a complete review of the subject, it benefits from that further work and provides better foundations for some of it. In particular, the applied pi calculus has evolved through its implementation in ProVerif, and the present definition reflects that evolution

Analyse statique d'un calcul d'acteurs par interprétation abstraite

The Actor model, introduced by HEWITT and AGHA in the late 80s, describes a concurrent communicating system as a set of autonomous agents, with non uniform interfaces and communicating by the use of labeled messages. The CAP process calculus, proposed by COLAÇO, is based on this model and allows to describe non trivial realistic systems, without the need of complex encodings. CAP is a higher-order calculus: messages can carry actor behaviors. Multiple works address the analysis of CAP properties, mainly by the use of inference-based type systems using behavioral types and sub-typing. Otherwise, more recent works, by VENET and later FERET, propose the use of abstract interpretation to analyze process calculi. These approaches allow to compute non-uniform properties. For example, they are able to differentiate recursive instances of the same thread. This thesis is at the crossroad of these two approaches, applying abstract interpretation to the analysis of CAP. Following the framework of FERET, CAP is firstly expressed in a non standard form, easing its analysis. The set of reachable states is then over-approximated via a sound by construction representation within existing abstract domains. New general abstract domains are then introduced in order to improve the accuracy of existing analyses or to represent local properties. CAP specific properties such as the linearity of terms or the absence of orphan messages, are then considered in this framework. Specific abstract domains are defined and used to check these properties. The proposed framework is able to relax any existing restriction of previous analyses such as constraints on the shape of terms or limitation in the use of CAP behavior passing. The whole analyses have been implemented in a prototype.Le modèle des Acteurs, introduit par HEWITT et AGHA à la fin des années 80, décrit un système concurrent comme un ensemble d'agents autonomes au comportement non uniforme et communiquant de façon point-à-point par l'envoi de messages étiquetés. Le calcul CAP, proposé par COLAÇO, est un calcul de processus basé sur ce modèle qui permet de décrire sans encodage complexe des systèmes réalistes non triviaux. Ce calcul permet, entre autre, la communication de comportements via les messages et est, en ce sens, un calcul d'ordre supérieur. L'analyse de propriétés sur ce calcul a déjà fait l'objet de plusieurs travaux, essentiellement par inférence de type en utilisant des types comportementaux et du sous-typage. Par ailleurs, des travaux plus récents, effectués par VENET puis FERET, proposent une utilisation de l'interprétation abstraite pour l'analyse de calculs de processus. Ces approches permettent de calculer des propriétés non uniformes : elles permettent, par exemple, de différencier les instances récursives d'un même processus. Cette thèse s'inscrit donc dans la suite de ces deux approches, en appliquant l'interprétation abstraite à l'analyse de CAP. Suivant le cadre proposé par FERET, CAP est, tout d'abord, exprimé dans une forme non standard facilitant les analyses. L'ensemble des configurations atteignables est ensuite sur-approximé via une représentation, correcte par construction, dans des domaines abstraits. Des domaines abstraits généraux sont ensuite introduits afin d'améliorer les analyses existantes ou de représenter des propriétés locales à un sous-terme. Des propriétés spécifiques à CAP, la linéarité des termes et l'absence de messages orphelins, sont alors étudiées dans ce cadre. Des domaines spécifiques sont définis et utilisés pour vérifier ces propriétés. Le cadre présenté permet de lever toutes les restrictions existantes des analyses précédentes quant à la forme des termes ou l'utilisation du passage de comportement. L'intégralité des analyses présentées a été implantée dans un prototype