8,090 research outputs found
Secure Multiparty Sessions with Topics
Multiparty session calculi have been recently equipped with security
requirements, in order to guarantee properties such as access control and leak
freedom. However, the proposed security requirements seem to be overly
restrictive in some cases. In particular, a party is not allowed to communicate
any kind of public information after receiving a secret information. This does
not seem justified in case the two pieces of information are totally unrelated.
The aim of the present paper is to overcome this restriction, by designing a
type discipline for a simple multiparty session calculus, which classifies
messages according to their topics and allows unrestricted sequencing of
messages on independent topics.Comment: In Proceedings PLACES 2016, arXiv:1606.0540
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
Composition and Decomposition of Multiparty Sessions
International audienceMultiparty sessions are systems of concurrent processes, which allow several participants to communicate by sending and receiving messages. Their overall behaviour can be described by means of global types. Typable multiparty sessions enjoy lock-freedom. We look at multiparty sessions as open systems by allowing one to compose multiparty sessions by transforming two of their participants into a pair of coupled gateways, forwarding messages between the two sessions. Gateways need to be compatible. We show that the session resulting from the composition can be typed, and its type can be computed from the global types of the starting sessions. As a consequence, lock-freedom is preserved by composition. Compatibility between global types is necessary, since systems obtained by composing sessions with incompatible global types have locks (or they are not sessions). We also define direct composition, which allows one to connect two global types without using gateways. Finally, we propose a decomposition operator, to split a global type into two, which is the left inverse of direct composition. Direct composition and decomposition on global types prepare the ground for a novel framework allowing for the modular design and implementation of distributed systems
Kickstarting Choreographic Programming
We present an overview of some recent efforts aimed at the development of
Choreographic Programming, a programming paradigm for the production of
concurrent software that is guaranteed to be correct by construction from
global descriptions of communication behaviour
Explicit connection actions in multiparty session types
This work extends asynchronous multiparty session types (MPST) with explicit connection actions to support protocols with op- tional and dynamic participants. The actions by which endpoints are connected and disconnected are a key element of real-world protocols that is not treated in existing MPST works. In addition, the use cases motivating explicit connections often require a more relaxed form of mul- tiparty choice: these extensions do not satisfy the conservative restric- tions used to ensure safety in standard syntactic MPST. Instead, we de- velop a modelling-based approach to validate MPST safety and progress for these enriched protocols. We present a toolchain implementation, for distributed programming based on our extended MPST in Java, and a core formalism, demonstrating the soundness of our approach. We discuss key implementation issues related to the proposed extensions: a practi- cal treatment of choice subtyping for MPST progress, and multiparty correlation of dynamic binary connections
Linearly Typed Dyadic Group Sessions for Building Multiparty Sessions
Traditionally, each party in a (dyadic or multiparty) session implements
exactly one role specified in the type of the session. We refer to this kind of
session as an individual session (i-session). As a generalization of i-session,
a group session (g-session) is one in which each party may implement a group of
roles based on one channel. In particular, each of the two parties involved in
a dyadic g-session implements either a group of roles or its complement. In
this paper, we present a formalization of g-sessions in a multi-threaded
lambda-calculus (MTLC) equipped with a linear type system, establishing for the
MTLC both type preservation and global progress. As this formulated MTLC can be
readily embedded into ATS, a full-fledged language with a functional
programming core that supports both dependent types (of DML-style) and linear
types, we obtain a direct implementation of linearly typed g-sessions in ATS.
The primary contribution of the paper lies in both of the identification of
g-sessions as a fundamental building block for multiparty sessions and the
theoretical development in support of this identification.Comment: This paper can be seen as the pre-sequel to classical linear
multirole logic (CLML). arXiv admin note: substantial text overlap with
arXiv:1603.0372
Parallel Monitors for Self-adaptive Sessions
The paper presents a data-driven model of self-adaptivity for multiparty
sessions. System choreography is prescribed by a global type. Participants are
incarnated by processes associated with monitors, which control their
behaviour. Each participant can access and modify a set of global data, which
are able to trigger adaptations in the presence of critical changes of values.
The use of the parallel composition for building global types, monitors and
processes enables a significant degree of flexibility: an adaptation step can
dynamically reconfigure a set of participants only, without altering the
remaining participants, even if the two groups communicate.Comment: In Proceedings PLACES 2016, arXiv:1606.0540
- …