A Language-based Approach to Distributed Resources

Modern computing paradigms for distributed applications advocate a strong control on shared resources available on demand in order to guarantee their correct usages. An illustrative example of such paradigms is Cloud Computing. In this dissertation, we study formal models for distributed applications, paying particular attention to resource usage analysis. Formal methods for specifying and analysing different aspects of resource management could play an important role for the widespread usages of distributed resources. They provide not only the theoretical framework to understand the stages underlying the design and implementation issues, but also the mathematically-based techniques for the specification and verifications of properties of such systems. In this dissertation, we introduce two models, called lambda clouds and G-Local pi calculus, which are extensions of the lambda calculus and pi calculus respectively. The lambda clouds is an extension of concurrent lambda calculus enriched with suitable mechanisms to express and enforce application-level security policies governing usages of resources available on demand in the clouds. We focus on the server side of cloud systems, by adopting a pro-active approach, where explicit security policies, which are expressed as a set of execution traces, regulate server's behaviour. By providing an abstract cloud semantics, we ensure that enforcing security policies embedded in cloud applications is sound. The G-Local pi calculus is built on top of the standard pi calculus by introducing new primitives to manage resources. Unlike the previous model, where resources are highly abstract, resources in this approach are modelled as stateful entities with local states and global policies. A high degree of loose coupling among applications and resources is achieved through the publish/subscribe model. Furthermore, we develop two static, language-based techniques, namely Control Flow Analysis (CFA) and Type and Effect Systems, to reason about resource usages and therefore able to predict \textit{bad} usages of resources. The CFA mainly focuses on reachability properties related to resource usages. It computes an over-approximation of resource usages of applications. As a result, if the approximation does not contain bad usages, then it guarantees that applications correctly use resources. The type and effect system provides a closer view of resource behaviour. Resource behaviour is extracted in the form of side effect of the type system. We exploit side effect to verify regular linear time properties, expressed by Linear Time Logic formulas, of resource usages

Predicting global usages of resources endowed with local policies

The effective usages of computational resources are a primary concern of up-to-date distributed applications. In this paper, we present a methodology to reason about resource usages (acquisition, release, revision, ...), and therefore the proposed approach enables to predict bad usages of resources. Keeping in mind the interplay between local and global information occurring in the application-resource interactions, we model resources as entities with local policies and global properties governing the overall interactions. Formally, our model takes the shape of an extension of pi-calculus with primitives to manage resources. We develop a Control Flow Analysis computing a static approximation of process behaviour and therefore of the resource usages.Comment: In Proceedings FOCLASA 2011, arXiv:1107.584

Uniqueness Typing for Resource Management in Message-Passing Concurrency

We view channels as the main form of resources in a message-passing programming paradigm. These channels need to be carefully managed in settings where resources are scarce. To study this problem, we extend the pi-calculus with primitives for channel allocation and deallocation and allow channels to be reused to communicate values of different types. Inevitably, the added expressiveness increases the possibilities for runtime errors. We define a substructural type system which combines uniqueness typing and affine typing to reject these ill-behaved programs

Uniqueness typing for a higher-order language

We investigate type-based analysis for a higher-order channel passing language with strong update, whereby messages of a different kind are communicated over the same channel. In order to reason about such programs, our type system employs the concept of uniqueness to be able to assert when it is safe to change the object type a channel. We design a type system based on this concept and prove that our type system is sound, meaning that it only accepts programs that do not produce runtime errors.peer-reviewe

Compositional Reasoning for Explicit Resource Management in Channel-Based Concurrency

We define a pi-calculus variant with a costed semantics where channels are treated as resources that must explicitly be allocated before they are used and can be deallocated when no longer required. We use a substructural type system tracking permission transfer to construct coinductive proof techniques for comparing behaviour and resource usage efficiency of concurrent processes. We establish full abstraction results between our coinductive definitions and a contextual behavioural preorder describing a notion of process efficiency w.r.t. its management of resources. We also justify these definitions and respective proof techniques through numerous examples and a case study comparing two concurrent implementations of an extensible buffer.Comment: 51 pages, 7 figure

A Typed Model for Dynamic Authorizations

Security requirements in distributed software systems are inherently dynamic. In the case of authorization policies, resources are meant to be accessed only by authorized parties, but the authorization to access a resource may be dynamically granted/yielded. We describe ongoing work on a model for specifying communication and dynamic authorization handling. We build upon the pi-calculus so as to enrich communication-based systems with authorization specification and delegation; here authorizations regard channel usage and delegation refers to the act of yielding an authorization to another party. Our model includes: (i) a novel scoping construct for authorization, which allows to specify authorization boundaries, and (ii) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error may consist in, e.g., performing an action along a name which is not under an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, even when authorizations are dynamically delegated.Comment: In Proceedings PLACES 2015, arXiv:1602.0325

On Modelling and Analysis of Dynamic Reconfiguration of Dependable Real-Time Systems

This paper motivates the need for a formalism for the modelling and analysis of dynamic reconfiguration of dependable real-time systems. We present requirements that the formalism must meet, and use these to evaluate well established formalisms and two process algebras that we have been developing, namely, Webpi and CCSdp. A simple case study is developed to illustrate the modelling power of these two formalisms. The paper shows how Webpi and CCSdp represent a significant step forward in modelling adaptive and dependable real-time systems.Comment: Presented and published at DEPEND 201

Safer in the Clouds (Extended Abstract)

We outline the design of a framework for modelling cloud computing systems.The approach is based on a declarative programming model which takes the form of a lambda-calculus enriched with suitable mechanisms to express and enforce application-level security policies governing usages of resources available in the clouds. We will focus on the server side of cloud systems, by adopting a pro-active approach, where explicit security policies regulate server's behaviour.Comment: In Proceedings ICE 2010, arXiv:1010.530

Proceedings of International Workshop "Global Computing: Programming Environments, Languages, Security and Analysis of Systems"

According to the IST/ FET proactive initiative on GLOBAL COMPUTING, the goal is to obtain techniques (models, frameworks, methods, algorithms) for constructing systems that are flexible, dependable, secure, robust and efficient. The dominant concerns are not those of representing and manipulating data efficiently but rather those of handling the co-ordination and interaction, security, reliability, robustness, failure modes, and control of risk of the entities in the system and the overall design, description and performance of the system itself. Completely different paradigms of computer science may have to be developed to tackle these issues effectively. The research should concentrate on systems having the following characteristics: • The systems are composed of autonomous computational entities where activity is not centrally controlled, either because global control is impossible or impractical, or because the entities are created or controlled by different owners. • The computational entities are mobile, due to the movement of the physical platforms or by movement of the entity from one platform to another. • The configuration varies over time. For instance, the system is open to the introduction of new computational entities and likewise their deletion. The behaviour of the entities may vary over time. • The systems operate with incomplete information about the environment. For instance, information becomes rapidly out of date and mobility requires information about the environment to be discovered. The ultimate goal of the research action is to provide a solid scientific foundation for the design of such systems, and to lay the groundwork for achieving effective principles for building and analysing such systems. This workshop covers the aspects related to languages and programming environments as well as analysis of systems and resources involving 9 projects (AGILE , DART, DEGAS , MIKADO, MRG, MYTHS, PEPITO, PROFUNDIS, SECURE) out of the 13 founded under the initiative. After an year from the start of the projects, the goal of the workshop is to fix the state of the art on the topics covered by the two clusters related to programming environments and analysis of systems as well as to devise strategies and new ideas to profitably continue the research effort towards the overall objective of the initiative. We acknowledge the Dipartimento di Informatica and Tlc of the University of Trento, the Comune di Rovereto, the project DEGAS for partially funding the event and the Events and Meetings Office of the University of Trento for the valuable collaboration