3,592 research outputs found
Information Flow Safety in Multiparty Sessions
We consider a calculus for multiparty sessions enriched with security levels
for messages. We propose a monitored semantics for this calculus, which blocks
the execution of processes as soon as they attempt to leak information. We
illustrate the use of our monitored semantics with various examples, and show
that the induced safety property implies a noninterference property studied
previously.Comment: In Proceedings EXPRESS 2011, arXiv:1108.407
Secure Multiparty Sessions with Topics
Multiparty session calculi have been recently equipped with security
requirements, in order to guarantee properties such as access control and leak
freedom. However, the proposed security requirements seem to be overly
restrictive in some cases. In particular, a party is not allowed to communicate
any kind of public information after receiving a secret information. This does
not seem justified in case the two pieces of information are totally unrelated.
The aim of the present paper is to overcome this restriction, by designing a
type discipline for a simple multiparty session calculus, which classifies
messages according to their topics and allows unrestricted sequencing of
messages on independent topics.Comment: In Proceedings PLACES 2016, arXiv:1606.0540
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
Monitoring Networks through Multiparty Session Types
In large-scale distributed infrastructures, applications are realised through communications among distributed components. The need for methods for assuring safe interactions in such environments is recognized, however the existing frameworks, relying on centralised verification or restricted specification methods, have limited applicability. This paper proposes a new theory of monitored π-calculus with dynamic usage of multiparty session types (MPST), offering a rigorous foundation for safety assurance of distributed components which asynchronously communicate through multiparty sessions. Our theory establishes a framework for semantically precise decentralised run-time enforcement and provides reasoning principles over monitored distributed applications, which complement existing static analysis techniques. We introduce asynchrony through the means of explicit routers and global queues, and propose novel equivalences between networks, that capture the notion of interface equivalence, i.e. equating networks offering the same services to a user. We illustrate our static-dynamic analysis system with an ATM protocol as a running example and justify our theory with results: satisfaction equivalence, local/global safety and transparency, and session fidelity
Hybrid Session Verification through Endpoint API Generation
© Springer-Verlag Berlin Heidelberg 2016.This paper proposes a new hybrid session verification methodology for applying session types directly to mainstream languages, based on generating protocol-specific endpoint APIs from multiparty session types. The API generation promotes static type checking of the behavioural aspect of the source protocol by mapping the state space of an endpoint in the protocol to a family of channel types in the target language. This is supplemented by very light run-time checks in the generated API that enforce a linear usage discipline on instances of the channel types. The resulting hybrid verification guarantees the absence of protocol violation errors during the execution of the session. We implement our methodology for Java as an extension to the Scribble framework, and use it to specify and implement compliant clients and servers for real-world protocols such as HTTP and SMTP
Dynamic Role Authorization in Multiparty Conversations
Protocol specifications often identify the roles involved in communications.
In multiparty protocols that involve task delegation it is often useful to
consider settings in which different sites may act on behalf of a single role.
It is then crucial to control the roles that the different parties are
authorized to represent, including the case in which role authorizations are
determined only at runtime. Building on previous work on conversation types
with flexible role assignment, here we report initial results on a typed
framework for the analysis of multiparty communications with dynamic role
authorization and delegation. In the underlying process model, communication
prefixes are annotated with role authorizations and authorizations can be
passed around. We extend the conversation type system so as to statically
distinguish processes that never incur in authorization errors. The proposed
static discipline guarantees that processes are always authorized to
communicate on behalf of an intended role, also covering the case in which
authorizations are dynamically passed around in messages.Comment: In Proceedings BEAT 2014, arXiv:1408.556
Self-Adaptation and Secure Information Flow in Multiparty Structured Communications: A Unified Perspective
We present initial results on a comprehensive model of structured
communications, in which self- adaptation and security concerns are jointly
addressed. More specifically, we propose a model of self-adaptive, multiparty
communications with secure information flow guarantees. In this model, security
violations occur when processes attempt to read or write messages of
inappropriate security levels within directed exchanges. Such violations
trigger adaptation mechanisms that prevent the violations to occur and/or to
propagate their effect in the choreography. Our model is equipped with local
and global mechanisms for reacting to security violations; type soundness
results ensure that global protocols are still correctly executed, while the
system adapts itself to preserve security.Comment: In Proceedings BEAT 2014, arXiv:1408.556
Lightening Global Types
Global session types prevent participants from waiting for never coming
messages. Some interactions take place just for the purpose of informing
receivers that some message will never arrive or the session is terminated. By
decomposing a big global type into several light global types, one can avoid
such kind of redundant interactions. Lightening global types gives us cleaner
global types, which keep all necessary communications. This work proposes a
framework which allows to easily decompose global types into light global
types, preserving the interaction sequences of the original ones but for
redundant interactions.Comment: In Proceedings PLACES 2014, arXiv:1406.331
Session Communication and Integration
The scenario-based specification of a large distributed system is usually
naturally decomposed into various modules. The integration of specification
modules contrasts to the parallel composition of program components, and
includes various ways such as scenario concatenation, choice, and nesting. The
recent development of multiparty session types for process calculi provides
useful techniques to accommodate the protocol modularisation, by encoding
fragments of communication protocols in the usage of private channels for a
class of agents. In this paper, we extend forgoing session type theories by
enhancing the session integration mechanism. More specifically, we propose a
novel synchronous multiparty session type theory, in which sessions are
separated into the communicating and integrating levels. Communicating sessions
record the message-based communications between multiple agents, whilst
integrating sessions describe the integration of communicating ones. A
two-level session type system is developed for pi-calculus with syntactic
primitives for session establishment, and several key properties of the type
system are studied. Applying the theory to system description, we show that a
channel safety property and a session conformance property can be analysed.
Also, to improve the utility of the theory, a process slicing method is used to
help identify the violated sessions in the type checking.Comment: A short version of this paper is submitted for revie
PLACES'10: The 3rd Workshop on Programmng Language Approaches to concurrency and Communication-Centric Software
Paphos, Cyprus. March 201
- …