3,273 research outputs found
Web Services: A Process Algebra Approach
It is now well-admitted that formal methods are helpful for many issues
raised in the Web service area. In this paper we present a framework for the
design and verification of WSs using process algebras and their tools. We
define a two-way mapping between abstract specifications written using these
calculi and executable Web services written in BPEL4WS. Several choices are
available: design and correct errors in BPEL4WS, using process algebra
verification tools, or design and correct in process algebra and automatically
obtaining the corresponding BPEL4WS code. The approaches can be combined.
Process algebra are not useful only for temporal logic verification: we remark
the use of simulation/bisimulation both for verification and for the
hierarchical refinement design method. It is worth noting that our approach
allows the use of any process algebra depending on the needs of the user at
different levels (expressiveness, existence of reasoning tools, user
expertise)
On Modelling and Analysis of Dynamic Reconfiguration of Dependable Real-Time Systems
This paper motivates the need for a formalism for the modelling and analysis
of dynamic reconfiguration of dependable real-time systems. We present
requirements that the formalism must meet, and use these to evaluate well
established formalisms and two process algebras that we have been developing,
namely, Webpi and CCSdp. A simple case study is developed to illustrate the
modelling power of these two formalisms. The paper shows how Webpi and CCSdp
represent a significant step forward in modelling adaptive and dependable
real-time systems.Comment: Presented and published at DEPEND 201
Issues about the Adoption of Formal Methods for Dependable Composition of Web Services
Web Services provide interoperable mechanisms for describing, locating and
invoking services over the Internet; composition further enables to build
complex services out of simpler ones for complex B2B applications. While
current studies on these topics are mostly focused - from the technical
viewpoint - on standards and protocols, this paper investigates the adoption of
formal methods, especially for composition. We logically classify and analyze
three different (but interconnected) kinds of important issues towards this
goal, namely foundations, verification and extensions. The aim of this work is
to individuate the proper questions on the adoption of formal methods for
dependable composition of Web Services, not necessarily to find the optimal
answers. Nevertheless, we still try to propose some tentative answers based on
our proposal for a composition calculus, which we hope can animate a proper
discussion
Preliminary Results Towards Contract Monitorability
This paper discusses preliminary investigations on the monitorability of
contracts for web service descriptions. There are settings where servers do not
guarantee statically whether they satisfy some specified contract, which forces
the client (i.e., the entity interacting with the server) to perform dynamic
checks. This scenario may be viewed as an instance of Runtime Verification,
where a pertinent question is whether contracts can be monitored for adequately
at runtime, otherwise stated as the monitorability of contracts. We consider a
simple language of finitary contracts describing both clients and servers, and
develop a formal framework that describes server contract monitoring. We define
monitor properties that potentially contribute towards a comprehensive notion
of contract monitorability and show that our simple contract language satisfies
these properties.Comment: In Proceedings PrePost 2016, arXiv:1605.0809
An empirical analysis of smart contracts: platforms, applications, and design patterns
Smart contracts are computer programs that can be consistently executed by a
network of mutually distrusting nodes, without the arbitration of a trusted
authority. Because of their resilience to tampering, smart contracts are
appealing in many scenarios, especially in those which require transfers of
money to respect certain agreed rules (like in financial services and in
games). Over the last few years many platforms for smart contracts have been
proposed, and some of them have been actually implemented and used. We study
how the notion of smart contract is interpreted in some of these platforms.
Focussing on the two most widespread ones, Bitcoin and Ethereum, we quantify
the usage of smart contracts in relation to their application domain. We also
analyse the most common programming patterns in Ethereum, where the source code
of smart contracts is available.Comment: WTSC 201
A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view
Modelling Contracts and Workflows for Verification and Enactment
The work presented in this thesis concerns some aspects related to the Modelling of Contracts and Workflows for Verification and Enactment. We have sought to gain some insight into the nature of contracts and workflows. in order that we may model them. primarily, for the purposes of verifying certain properties and for enacting them. Workflows help coordinate the enactment of business processes. A notable aspect of workflow technologies is the lack of formal semantics for workflow models. In this thesis, we consider the characterisation of workflow using a number of formal tools, viz. Milner's CCS, Cleaveland et ai's Prioritised CCS (which we abbreviate to PCCS) and the Situation Calculus (thanks mainly to Reiter), which is based on First-Order Logic. Using these, we provide formalisations of production workflows, which are somewhat rigid, inflexible structures, akin to production lines. We do so, in order that we may fiJo: their operational meaning for the purposes of verification and enactment. We define the Liesbet meta-model for production workflow to provide a reference ontology for the task of formalisation. We have also implemented a framework for the verification and enactment of Liesbet workflow models. Regarding verification, we are particularly interested in the key property of soundness, which is concerned with an absence of locking and redundant tasks in a workflow model. Our framework is capable of verifying this property of workflow models, as well as arbitrary temporally-extended constraints', which are constraints whose satisfaction is determined over successive states of enactment of a model. We also consider the definition of more flexible workflows, including collaborative workflows, using an approach that we have conceived called Institutional Workflow Modelling (IWM). The essence of IWM lies (in part) in the identification that the structure of a workflow model necessarily entails the existence of counts as relations. These relations prescribe how the occurrence of certain actions, in the context of a particular workflow model. count as the occurrence of other actions. We have also been interested in the modelling of contracts; and have found IWM to be useful as a foundational basis for contract modelling. ????????? Another fu.ndamental aspect of our IWM-based approach is a correspondence, which we have identified, between counts as relations and methods in Hierarchical Task Network (HTN)-based planning. Thus, we are able to advocate the use of an HTN-based planning framework for the verification of flexible workflows and contracts. We have implemented such a framework, whose planner is called Theodore. We define a sjmilar notion of soundness for flexible workflows and contracts, which the Theodore-based framework is able to verify, along with arbitrary temporallyextended constraints.Imperial Users onl
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
From usability to secure computing and back again
Secure multi-party computation (MPC) allows multiple parties
to jointly compute the output of a function while preserving
the privacy of any individual party’s inputs to that function.
As MPC protocols transition from research prototypes to realworld
applications, the usability of MPC-enabled applications
is increasingly critical to their successful deployment and
widespread adoption. Our Web-MPC platform, designed with
a focus on usability, has been deployed for privacy-preserving
data aggregation initiatives with the City of Boston and the
Greater Boston Chamber of Commerce. After building and
deploying an initial version of the platform, we conducted a
heuristic evaluation to identify usability improvements and
implemented corresponding application enhancements. However,
it is difficult to gauge the effectiveness of these changes
within the context of real-world deployments using traditional
web analytics tools without compromising the security guarantees
of the platform. This work consists of two contributions
that address this challenge: (1) the Web-MPC platform has
been extended with the capability to collect web analytics
using existing MPC protocols, and (2) as a test of this feature
and a way to inform future work, this capability has been
leveraged to conduct a usability study comparing the two versions
ofWeb-MPC. While many efforts have focused on ways
to enhance the usability of privacy-preserving technologies,
this study serves as a model for using a privacy-preserving
data-driven approach to evaluate and enhance the usability of
privacy-preserving websites and applications deployed in realworld
scenarios. Data collected in this study yields insights
into the relationship between usability and security; these can
help inform future implementations of MPC solutions.Published versio
- …