Semiring-based Specification Approaches for Quantitative Security

Our goal is to provide different semiring-based formal tools for the specification of security requirements: we quantitatively enhance the open-system approach, according to which a system is partially specified. Therefore, we suppose the existence of an unknown and possibly malicious agent that interacts in parallel with the system. Two specification frameworks are designed along two different (but still related) lines. First, by comparing the behaviour of a system with the expected one, or by checking if such system satisfies some security requirements: we investigate a novel approximate behavioural-equivalence for comparing processes behaviour, thus extending the Generalised Non Deducibility on Composition (GNDC) approach with scores. As a second result, we equip a modal logic with semiring values with the purpose to have a weight related to the satisfaction of a formula that specifies some requested property. Finally, we generalise the classical partial model-checking function, and we name it as quantitative partial model-checking in such a way to point out the necessary and sufficient conditions that a system has to satisfy in order to be considered as secure, with respect to a fixed security/functionality threshold-value

Designing a Nonmonotonic Soft Concurrent Constraint Language for SLA Management

We present an extension of the Soft Concurrent Constraint language to allow the nonmonotonic evolution of the constraint store. To accomplish this, we introduce some new operations: the retract(c) reduces the current store by c, the updateX(c) transactionally relaxes all the constraints of the store that deal with the variables in X set, and then adds a constraint c (usually with support = X); the nask(c) tests if c is not entailed by the store.We present this framework as a possible solution to the management of resources (e.g. web services and network resource allocation) that need a given Quality of Service (QoS). The QoS requirements of all the parties should converge, through a negotiation process, on a formal agreement defined as the Service Level Agreement, which specifies the contract that must be enforced. The main advantage is to have a preference (or cost) measure directly embedded in the language, and to have a highly flexible and parametric abstraction

Many-Valued Institutions for Constraint Specification

We advance a general technique for enriching logical systems with soft constraints, making them suitable for specifying complex software systems where parts are put together not just based on how they meet certain functional requirements but also on how they optimise certain constraints. This added expressive power is required, for example, for capturing quality attributes that need to be optimised or, more generally, for formalising what are usually called service-level agreements. More specifically, we show how institutions endowed with a graded semantic consequence can accommodate soft-constraint satisfaction problems. We illustrate our approach by showing how, in the context of service discovery, one can quantify the compatibility of two specifications and thus formalise the selection of the most promising provider of a required resource.Peer Reviewe

Soft Constraints for Quality Aspects in Service Oriented Architectures

We propose the use of Soft Constraints as a natural way to model Service Oriented Architecture. In the framework, constraints are used to model components and connectors and constraint aggregation is used to represent their interactions. The "quality of a service" is measured and considered when performing queries to service providers. Some examples consist in the levels of cost, performance and availability required by clients. In our framework, the QoS scores are represented by the softness level of the constraint and the measure of complex (web) services is computed by combining the levels of the components

A Constraint-based Language for Multiparty Interactions.

Abstract Multiparty interactions are common place in today's distributed systems. An agent usually communicates, in a single session, with other agents to accomplish a given task. Take for instance an online transaction including the vendor, the client, the credit card system and the bank. When specifying this kind of system, we probably observe a single transaction including several (binary) communications leading to changes in the state of all the involved agents. Multiway synchronization process calculi, that move from a binary to a multiparty synchronization discipline, have been proposed to formally study the behavior of those systems. However, adopting models such as Bodei, Brodo, and Bruni's Core Network Algebra (CNA), where the number of participants in an interaction is not fixed a priori, leads to an exponential blow-up in the number of states/behaviors that can be observed from the system. In this paper we explore mechanisms to tackle this problem. We extend CNA with constraints that declaratively allow the modeler to restrict the interaction that should actually happen. Our extended process algebra, called CCNA, finds application in balancing the interactions in a concurrent system, leading to a simple, deadlock-free and fair solution for the Dinning Philosopher problem. Our definition of constraints is general enough and it offers the possibility of accumulating costs in a multiparty negotiation. Hence, only computations respecting the thresholds imposed by the modeler are observed. We use this machinery to neatly model a Service Level Agreement protocol. We develop the theory of CCNA including its operational semantics and a behavioral equivalence that we prove to be a congruence. We also propose a prototypical implementation that allows us to verify, automatically, some of the systems explored in the paper