19 research outputs found
Safer in the Clouds (Extended Abstract)
We outline the design of a framework for modelling cloud computing
systems.The approach is based on a declarative programming model which takes
the form of a lambda-calculus enriched with suitable mechanisms to express and
enforce application-level security policies governing usages of resources
available in the clouds. We will focus on the server side of cloud systems, by
adopting a pro-active approach, where explicit security policies regulate
server's behaviour.Comment: In Proceedings ICE 2010, arXiv:1010.530
Typing Context-Dependent Behavioural Variation
Context Oriented Programming (COP) concerns the ability of programs to adapt
to changes in their running environment. A number of programming languages
endowed with COP constructs and features have been developed. However, some
foundational issues remain unclear. This paper proposes adopting static
analysis techniques to reason on and predict how programs adapt their
behaviour. We introduce a core functional language, ContextML, equipped with
COP primitives for manipulating contexts and for programming behavioural
variations. In particular, we specify the dispatching mechanism, used to select
the program fragments to be executed in the current active context. Besides the
dynamic semantics we present an annotated type system. It guarantees that the
well-typed programs adapt to any context, i.e. the dispatching mechanism always
succeeds at run-time.Comment: In Proceedings PLACES 2012, arXiv:1302.579
Predicting global usages of resources endowed with local policies
The effective usages of computational resources are a primary concern of
up-to-date distributed applications. In this paper, we present a methodology to
reason about resource usages (acquisition, release, revision, ...), and
therefore the proposed approach enables to predict bad usages of resources.
Keeping in mind the interplay between local and global information occurring in
the application-resource interactions, we model resources as entities with
local policies and global properties governing the overall interactions.
Formally, our model takes the shape of an extension of pi-calculus with
primitives to manage resources. We develop a Control Flow Analysis computing a
static approximation of process behaviour and therefore of the resource usages.Comment: In Proceedings FOCLASA 2011, arXiv:1107.584
Well Structured Transition Systems with History
We propose a formal model of concurrent systems in which the history of a
computation is explicitly represented as a collection of events that provide a
view of a sequence of configurations. In our model events generated by
transitions become part of the system configurations leading to operational
semantics with historical data. This model allows us to formalize what is
usually done in symbolic verification algorithms. Indeed, search algorithms
often use meta-information, e.g., names of fired transitions, selected
processes, etc., to reconstruct (error) traces from symbolic state exploration.
The other interesting point of the proposed model is related to a possible new
application of the theory of well-structured transition systems (wsts). In our
setting wsts theory can be applied to formally extend the class of properties
that can be verified using coverability to take into consideration (ordered and
unordered) historical data. This can be done by using different types of
representation of collections of events and by combining them with wsts by
using closure properties of well-quasi orderings.Comment: In Proceedings GandALF 2015, arXiv:1509.0685
Model checking usage policies
We study usage automata, a formal model for specifying policies on the usage of resources. Usage automata extend finite state automata with some additional features, parameters and guards, that improve their expressivity. We show that usage automata are expressive enough to model policies of real-world applications. We discuss their expressive power, and we prove that the problem of telling whether a computation complies with a usage policy is decidable. The main contribution of this paper is a model checking technique for usage automata. The model is that of usages, i.e. basic processes that describe the possible patterns of resource access and creation. In spite of the model having infinite states, because of recursion and resource creation, we devise a polynomial-time model checking technique for deciding when a usage complies with a usage policy
Behavioural Properties and Dynamic Software Update for Concurrent Programs, Thesis Progress Report
Correctly developing multi-threaded programs is notoriously difficult, and getting total coverage using traditional testing paradigms, to guarantee the program is correct, is often infeasible. We expand on previous work to provide various tools, namely a generalisation of session typing and an extension of policy automata to multi-threaded code, with which to verify multi-threaded code. Additionally, most programs are not written once and then left; maintaining and updating software is an essential part of the software development cycle. Dynamic software update (DSU) “is a technique by which a running program can be updated with new code and data without interrupting its execution” [45] and uses code analyses to ensure given safety properties are maintained across update boundaries. We present techniques for verifying if a modification can be applied to a running program whilst maintaining the desired behavioural properties, which may be those the program had before or some new properties
Context-aware security: Linguistic mechanisms and static analysis
Adaptive systems improve their efficiency by modifying their behaviour to respond to changes in their operational
environment. Also, security must adapt to these changes and policy enforcement becomes dependent on the dynamic contexts.
We study these issues within MLCoDa, (the core of) an adaptive declarative language proposed recently. A main characteristic
of MLCoDa is to have two components: a logical one for handling the context and a functional one for computing. We extend
this language with security policies that are expressed in logical terms. They are of two different kinds: context and application
policies. The first, unknown a priori to an application, protect the context from unwanted changes. The others protect the
applications from malicious actions of the context, can be nested and can be activated and deactivated according to their scope.
An execution step can only occur if all the policies in force hold, under the control of an execution monitor. Beneficial to this is
a type and effect system, which safely approximates the behaviour of an application, and a further static analysis, based on the
computed effect. The last analysis can only be carried on at load time, when the execution context is known, and it enables us to
efficiently enforce the security policies on the code execution, by instrumenting applications. The monitor is thus implemented
within MLCoDa, and it is only activated on those policies that may be infringed, and switched off otherwise