Space-Aware Ambients and Processes

Resource control has attracted increasing interest in foundational research on distributed systems. This paper focuses on space control and develops an analysis of space usage in the context of an ambient-like calculus with bounded capacities and weighed processes, where migration and activation require space. A type system complements the dynamics of the calculus by providing static guarantees that the intended capacity bounds are preserved throughout the computation

A Calculus of Mobility and Communication for Ubiquitous Computing

We propose a Calculus of Mobility and Communication (CMC) for the modelling of mobility, communication and context-awareness in the setting of ubiquitous computing. CMC is an ambient calculus with the in and out capabilities of Cardelli and Gordon's Mobile Ambients. The calculus has a new form of global communication similar to that in Milner's CCS. In CMC an ambient is tagged with a set of ports that agents executing inside the ambient are allowed to communicate on. It also has a new context-awareness feature that allows ambients to query their location. We present reduction semantics and labelled transition system semantics of CMC and prove that the semantics coincide. A new notion of behavioural equivalence is given by defining capability barbed bisimulation and congruence which is proved to coincide with barbed bisimulation congruence. The expressiveness of the calculus is illustrated by two case studies.Comment: In Proceedings WWV 2015, arXiv:1508.0338

A Calculus of Bounded Capacities

Resource control has attracted increasing interest in foundational research on distributed systems. This paper focuses on space control and develops an analysis of space usage in the context of an ambient-like calculus with bounded capacities and weighed processes, where migration and activation require space. A type system complements the dynamics of the calculus by providing static guarantees that the intended capacity bounds are preserved throughout the computation

Proceedings of International Workshop "Global Computing: Programming Environments, Languages, Security and Analysis of Systems"

According to the IST/ FET proactive initiative on GLOBAL COMPUTING, the goal is to obtain techniques (models, frameworks, methods, algorithms) for constructing systems that are flexible, dependable, secure, robust and efficient. The dominant concerns are not those of representing and manipulating data efficiently but rather those of handling the co-ordination and interaction, security, reliability, robustness, failure modes, and control of risk of the entities in the system and the overall design, description and performance of the system itself. Completely different paradigms of computer science may have to be developed to tackle these issues effectively. The research should concentrate on systems having the following characteristics: • The systems are composed of autonomous computational entities where activity is not centrally controlled, either because global control is impossible or impractical, or because the entities are created or controlled by different owners. • The computational entities are mobile, due to the movement of the physical platforms or by movement of the entity from one platform to another. • The configuration varies over time. For instance, the system is open to the introduction of new computational entities and likewise their deletion. The behaviour of the entities may vary over time. • The systems operate with incomplete information about the environment. For instance, information becomes rapidly out of date and mobility requires information about the environment to be discovered. The ultimate goal of the research action is to provide a solid scientific foundation for the design of such systems, and to lay the groundwork for achieving effective principles for building and analysing such systems. This workshop covers the aspects related to languages and programming environments as well as analysis of systems and resources involving 9 projects (AGILE , DART, DEGAS , MIKADO, MRG, MYTHS, PEPITO, PROFUNDIS, SECURE) out of the 13 founded under the initiative. After an year from the start of the projects, the goal of the workshop is to fix the state of the art on the topics covered by the two clusters related to programming environments and analysis of systems as well as to devise strategies and new ideas to profitably continue the research effort towards the overall objective of the initiative. We acknowledge the Dipartimento di Informatica and Tlc of the University of Trento, the Comune di Rovereto, the project DEGAS for partially funding the event and the Events and Meetings Office of the University of Trento for the valuable collaboration

Expressiveness of Generic Process Shape Types

Shape types are a general concept of process types which work for many process calculi. We extend the previously published Poly* system of shape types to support name restriction. We evaluate the expressiveness of the extended system by showing that shape types are more expressive than an implicitly typed pi-calculus and an explicitly typed Mobile Ambients. We demonstrate that the extended system makes it easier to enjoy advantages of shape types which include polymorphism, principal typings, and a type inference implementation.Comment: Submitted to Trustworthy Global Computing (TGC) 2010

Separability in the Ambient Logic

The \it{Ambient Logic} (AL) has been proposed for expressing properties of process mobility in the calculus of Mobile Ambients (MA), and as a basis for query languages on semistructured data. We study some basic questions concerning the discriminating power of AL, focusing on the equivalence on processes induced by the logic $(=_L>)$. As underlying calculi besides MA we consider a subcalculus in which an image-finiteness condition holds and that we prove to be Turing complete. Synchronous variants of these calculi are studied as well. In these calculi, we provide two operational characterisations of $_=L$: a coinductive one (as a form of bisimilarity) and an inductive one (based on structual properties of processes). After showing $_=L$ to be stricly finer than barbed congruence, we establish axiomatisations of $_=L$ on the subcalculus of MA (both the asynchronous and the synchronous version), enabling us to relate $_=L$ to structural congruence. We also present some (un)decidability results that are related to the above separation properties for AL: the undecidability of $_=L$ on MA and its decidability on the subcalculus.Comment: logical methods in computer science, 44 page

Using Ambients to Control Resources (long version)

Current software and hardware systems, being parallel and reconfigurable, raise new safety and reliability problems, and the resolution of these problems requires new methods. Numerous proposals attempt at reducing the threat of bugs and preventing several kinds of attacks. In this paper, we develop an extension of the calculus of Mobile Ambients, named Controlled Ambients, that is suited for expressing such issues, specifically Denial of Service attacks. We present a type system for Controlled Ambients, which makes static resource control possible in our setting

From Use Case Diagrams to Executable Context-aware Ambients

This paper proposes an approach to translating a use case diagram into an executable context-aware ambients. The requirements of a context-aware system is captured and represented in an extension of UML use case diagrams called context-aware use case diagrams. Then an algorithm is proposed that translate a context-aware use case diagram into a process in the Calculus of Context-aware Ambients (CCA). This process can then be analysed using the CCA simulator. The proposed approach is evaluated using a real-word example of a context-aware collision avoidance system

Engineering topology aware adaptive security: preventing requirements violations at runtime

Adaptive security systems aim to protect critical assets in the face of changes in their operational environment. We have argued that incorporating an explicit representation of the environment’s topology enables reasoning on the location of assets being protected and the proximity of potentially harmful agents. This paper proposes to engineer topology aware adaptive security systems by identifying violations of security requirementsthat may be caused by topological changes, and selecting a setof security controls that prevent such violations. Our approach focuses on physical topologies; it maintains at runtime a live representation of the topology which is updated when assets or agents move, or when the structure of the physical space is altered. When the topology changes, we look ahead at a subset of the future system states. These states are reachable when the agents move within the physical space. If security requirements can be violated in future system states, a configuration of security controls is proactively applied to prevent the system from reaching those states. Thus, the system continuously adapts to topological stimuli, while maintaining requirements satisfaction. Security requirements are formally expressed using a propositional temporal logic, encoding spatial properties in Computation Tree Logic (CTL). The Ambient Calculus is used to represent the topology of the operational environment - including location of assets and agents - as well as to identify future system states that are reachable from the current one. The approach is demonstrated and evaluated using a substantive example concerned with physical access control

A Privacy Type System for Context-aware Mobile Ambients

Thanks to the advances in technologies, ubiquitous computing (ubicomp) is developing fast with the proliferation of smart devices such as smart phones and tablet computers. However, privacy is an important concern in ubicomp; unless users are confident enough that their privacy is protected, many will be deterred from using such systems. This paper proposes a privacy type system that controls the behaviour of concurrent, context-aware and mobile processes to ensure that private information are not accidentally disclosed. We prove the subject reduction property, which guarantees that a well-typed process is safe and cannot disclose private information to an unauthorised party