Actor Network Procedures as Psi-calculi for Security Ceremonies

The actor network procedures of Pavlovic and Meadows are a recent graphical formalism developed for describing security ceremonies and for reasoning about their security properties. The present work studies the relations of the actor network procedures (ANP) to the recent psi-calculi framework. Psi-calculi is a parametric formalism where calculi like spi- or applied-pi are found as instances. Psi-calculi are operational and largely non-graphical, but have strong foundation based on the theory of nominal sets and process algebras. One purpose of the present work is to give a semantics to ANP through psi-calculi. Another aim was to give a graphical language for a psi-calculus instance for security ceremonies. At the same time, this work provides more insight into the details of the ANPs formalization and the graphical representation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Self-modifiable color petri nets for modeling user manipulation and network event handling

A Self-Modifiable Color Petri Net (SMCPN) which has multimedia synchronization capability and the ability to model user manipulation and network event (i.e. network congestion, etc.) handling is proposed in this paper. In SMCPN, there are two types of tokens: resource tokens representing resources to be presented and color tokens with two sub-types: one associated with some commands to modify the net mechanism in operation, another associated with a number to decide iteration times. Also introduced is a new type of resource token named reverse token that moves to the opposite direction of arcs. When user manipulation/network event occurs, color tokens associated with the corresponding interrupt handling commands will be injected into places that contain resource tokens. These commands are then executed to handle the user manipulation/network event. SMCPN has the desired general programmability in the following sense: 1) It allows handling of user manipulations or pre-specified events at any time while keeping the Petri net design simple and easy. 2) It allows the user to customize event handling beforehand. This means the system being modeled can handle not only commonly seen user interrupts (e.g. skip, reverse, freeze), the user is free to define new operations including network event handling. 3) It has the power to simulate self-modifying protocols. A simulator has been built to demonstrate the feasibility of SMCPN

A Framework for Design and Composition of Semantic Web Services

Semantic Web Services (SWS) are Web Services (WS) whose description is semantically enhanced with markup languages (e.g., OWL-S). This semantic description will enable external agents and programs to discover, compose and invoke SWSs. However, as a previous step to the specification of SWSs in a language, it must be designed at a conceptual level to guarantee its correctness and avoid inconsistencies among its internal components. In this paper, we present a framework for design and (semi) automatic composition of SWSs at a language-independent and knowledge level. This framework is based on a stack of ontologies that (1) describe the different parts of a SWS; and (2) contain a set of axioms that are really design rules to be verified by the ontology instances. Based on these ontologies, design and composition of SWSs can be viewed as the correct instantiation of the ontologies themselves. Once these instances have been created they will be exported to SWS languages such as OWL-S

Issues about the Adoption of Formal Methods for Dependable Composition of Web Services

Web Services provide interoperable mechanisms for describing, locating and invoking services over the Internet; composition further enables to build complex services out of simpler ones for complex B2B applications. While current studies on these topics are mostly focused - from the technical viewpoint - on standards and protocols, this paper investigates the adoption of formal methods, especially for composition. We logically classify and analyze three different (but interconnected) kinds of important issues towards this goal, namely foundations, verification and extensions. The aim of this work is to individuate the proper questions on the adoption of formal methods for dependable composition of Web Services, not necessarily to find the optimal answers. Nevertheless, we still try to propose some tentative answers based on our proposal for a composition calculus, which we hope can animate a proper discussion

Treo: Textual Syntax for Reo Connectors

Reo is an interaction-centric model of concurrency for compositional specification of communication and coordination protocols. Formal verification tools exist to ensure correctness and compliance of protocols specified in Reo, which can readily be (re)used in different applications, or composed into more complex protocols. Recent benchmarks show that compiling such high-level Reo specifications produces executable code that can compete with or even beat the performance of hand-crafted programs written in languages such as C or Java using conventional concurrency constructs. The original declarative graphical syntax of Reo does not support intuitive constructs for parameter passing, iteration, recursion, or conditional specification. This shortcoming hinders Reo's uptake in large-scale practical applications. Although a number of Reo-inspired syntax alternatives have appeared in the past, none of them follows the primary design principles of Reo: a) declarative specification; b) all channel types and their sorts are user-defined; and c) channels compose via shared nodes. In this paper, we offer a textual syntax for Reo that respects these principles and supports flexible parameter passing, iteration, recursion, and conditional specification. In on-going work, we use this textual syntax to compile Reo into target languages such as Java, Promela, and Maude.Comment: In Proceedings MeTRiD 2018, arXiv:1806.0933

SCC: A Service Centered Calculus

We seek for a small set of primitives that might serve as a basis for formalising and programming service oriented applications over global computers. As an outcome of this study we introduce here SCC, a process calculus that features explicit notions of service definition, service invocation and session handling. Our proposal has been influenced by Orc, a programming model for structured orchestration of services, but the SCC’s session handling mechanism allows for the definition of structured interaction protocols, more complex than the basic request-response provided by Orc. We present syntax and operational semantics of SCC and a number of simple but nontrivial programming examples that demonstrate flexibility of the chosen set of primitives. A few encodings are also provided to relate our proposal with existing ones