1,976 research outputs found
Secrecy in Untrusted Networks
We investigate the protection of migrating agents against the untrusted sites they traverse. The resulting calculus provides a formal framework to reason about protection policies and security protocols over distributed, mobile infrastructures, and aims to stand to ambients as the spi calculus stands to ?. We present a type system that separates trusted and untrusted data and code, while allowing safe interactions with untrusted sites. We prove that the type system enforces a privacy property, and show the expressiveness of the calculus via examples and an encoding of the spi calculus
CODEWEAVE: exploring fine-grained mobility of code
This paper is concerned with an abstract exploration of code mobility constructs designed for use in settings where the level of granularity associated with the mobile units exhibits significant variability. Units of mobility that are both finer and coarser grained than the unit of execution are examined. To accomplish this, we take the extreme view that every line of code and every variable declaration are potentially mobile, i.e., it may be duplicated or moved from one program context to another on the same host or across the network. We also assume that complex code assemblies may move with equal ease. The result is CODEWEAVE, a model that shows how to develop new forms of code mobility, assign them precise meaning, and facilitate formal verification of programs employing them. The design of CODEWEAVE relies greatly on Mobile UNITY, a notation and proof logic for mobile computing. Mobile UNITY offers a computational milieu for examining a wide range of constructs and semantic alternatives in a clean abstract setting, i.e., unconstrained by compilation and performance considerations traditionally associated with programming language design. Ultimately, the notation offered by CODEWEAVE is given exact semantic definition by means of a direct mapping to the underlying Mobile UNITY model. The abstract and formal treatment of code mobility offered by CODEWEAVE establishes a technical foundation for examining competing proposals and for subsequent integration of some of the mobility constructs both at the language level and within middleware for mobility
Efficient compensation handling via subjective updates
Programming abstractions for compensation handling and dynamic update are crucial in specifying reliable interacting systems, such as Collective Adaptive Systems (CAS). Compensations and updates both specify how a system reacts in response to exceptional events. Prior work showed that different semantics for compensation handling can be encoded into a calculus of adaptable processes with objective updates, in which a process is reconfigured by its context. This paper goes further by considering subjective updates, in which, intuitively, a process reconfigures itself. A calculus of adaptable processes with subjective update its introduced, and its expressivity is assessed by encoding two semantics for compensation handling. The resulting encodings are more efficient than those using objective updates: they require less computational steps
Adaptable processes
We propose the concept of adaptable processes as a way of overcoming the
limitations that process calculi have for describing patterns of dynamic
process evolution. Such patterns rely on direct ways of controlling the
behavior and location of running processes, and so they are at the heart of the
adaptation capabilities present in many modern concurrent systems. Adaptable
processes have a location and are sensible to actions of dynamic update at
runtime; this allows to express a wide range of evolvability patterns for
concurrent processes. We introduce a core calculus of adaptable processes and
propose two verification problems for them: bounded and eventual adaptation.
While the former ensures that the number of consecutive erroneous states that
can be traversed during a computation is bound by some given number k, the
latter ensures that if the system enters into a state with errors then a state
without errors will be eventually reached. We study the (un)decidability of
these two problems in several variants of the calculus, which result from
considering dynamic and static topologies of adaptable processes as well as
different evolvability patterns. Rather than a specification language, our
calculus intends to be a basis for investigating the fundamental properties of
evolvable processes and for developing richer languages with evolvability
capabilities
Local area [pye]-calculus
All computers on the Internet are connected, but not all connections are
equal. Hosts are grouped into islands of local communication. It is the agreed
conventions and shared knowledge that connect these islands, just as much as the
switches and wires that run between them.
The power and limitation of these conventions and shared knowledge and
hence their effectiveness can be investigated by an appropriate calculus. In this
thesis I describe a development of the 7r-calculus that is particularly well suited to
express such systems. The process calculus, which I call the local area n-calculus
or Ian, extends the 7r-calculus so that a channel name can have within its scope
several disjoint local areas. Such a channel name may be used for communication
within an area or it may be sent between areas, but it cannot itself be used to
transmit information from one area to another. Areas are arranged in a hierarchy
of levels which distinguish, for example, between a single application, a machine,
or a whole network. I present a semantics for this calculus that relies on several
side-conditions which are essentially runtime level checks. I show that a suitable
type system can provide enough static information to make most of these checks
unnecessary.
I examine the descriptive power of the /a7r-calculus by comparing it to the
7r-calculus. I find that, perhaps surprisingly, local area communication can be
encoded into the 7T-calculus with conditional matching. The encoding works by
replacing communication inside an area with communication on a new channel
created just for that area. This is analogous to replacing direct communication
between two points with a system that broadcasts packets over a background
ether. I show a form of operational correspondence between the behaviour of a
process in lan and its 7r-calculus translation.
One of my aims in developing this calculus is to provide a convenient and ex¬
pressive framework with which to examine convention-laden, distributed systems.
I offer evidence that the calculus has achieved this by way of an extended case
study. I present a model of Internet communication based on Sockets and TCP
over IP and then extend this system with Network Address Translation. I then
4
give a model of the File Transfer Protocol that uses TCP/IP to communicate
between networks.
Traces of the model show that FTP, run in its normal mode, will fail when
the client is using Network Address Translation, whereas, an alternative mode of
FTP will succeed. Moreover a normal run of the model over NAT fails in the
same way as the real life system would, demonstrating that the model can pick
up this failure and correctly highlight the reasons behind it
Multi labelled transition systems: a semantic framework for nominal calculi
Action Labelled transition systems (LTS) have proved to be a fundamental model for describing and proving properties of concurrent systems. In this paper, Multiple Labelled Transition Systems (MLTS) are introduced as generalizations of LTS that permit dealing also with systems features that are becoming more and more important when considering languages and models for network aware programming. MLTS permit describing not only the actions systems can perform but also system's resources usage and their handling (creation, revelation ...) of names. To show adeguacy of our proposal we show how MLTS can be used to describe the operational semantics of one of the most studied calculus for mobility: the asynchronous [pi]-calculus
Generativity and dynamic opacity for abstract types (extended version)
The standard formalism for explaining abstract types is existential quantification. While it provides a sufficient model for type abstraction in entirely statically typed languages, it proves to be too weak for languages enriched with forms of dynamic typing, where parametricity is violated. As an alternative approach to type abstraction that addresses this shortcoming we present a calculus for dynamic type generation. It features an explicit construct for generating new type names and relies on coercions for managing abstraction boundaries between generated types and their designated representation. Sealing is represented as a generalized form of these coercions. The calculus maintains abstractions dynamically without restricting type analysis
Dynamic opacity for abstract types
Existential types are the standard formalisation of abstract types. While this formulation is sufficient in entirely statically typed languages, it proves to be too weak for languages enriched with forms of dynamic typing: in the presence of operations performing type analysis, the abstraction barrier erected by the static typing rules for existential types is no longer impassable, because parametricity is violated. We present a light-weight calculus for polymorphic languages with abstract types that addresses this shortcoming. It features a variation of existential types that retains most of the simplicity of standard existentials. It relies on modified scoping rules and explicit coercions between the quantified variable and its witness type
- …