Specifying and Verifying Communications Protocols using Mixed Intuitionistic Linear Logic

In this paper we present a technique for specifying and verifying communications protocols and demonstrate this approach by specifying and verifying two of the fundamental communications protocols, namely TCP and IP, which form the basis of many distributed systems. The logical formalism used is Mixed Intuitionistic Linear Logic in order to use both commutative and non-commutative operators to model the concurrent and sequential processes in these protocols. Key properties of both protocols are proved

Computational Logic for Biomedicine and Neurosciences

We advocate here the use of computational logic for systems biology, as a \emph{unified and safe} framework well suited for both modeling the dynamic behaviour of biological systems, expressing properties of them, and verifying these properties. The potential candidate logics should have a traditional proof theoretic pedigree (including either induction, or a sequent calculus presentation enjoying cut-elimination and focusing), and should come with certified proof tools. Beyond providing a reliable framework, this allows the correct encodings of our biological systems. % For systems biology in general and biomedicine in particular, we have so far, for the modeling part, three candidate logics: all based on linear logic. The studied properties and their proofs are formalized in a very expressive (non linear) inductive logic: the Calculus of Inductive Constructions (CIC). The examples we have considered so far are relatively simple ones; however, all coming with formal semi-automatic proofs in the Coq system, which implements CIC. In neuroscience, we are directly using CIC and Coq, to model neurons and some simple neuronal circuits and prove some of their dynamic properties. % In biomedicine, the study of multi omic pathway interactions, together with clinical and electronic health record data should help in drug discovery and disease diagnosis. Future work includes using more automatic provers. This should enable us to specify and study more realistic examples, and in the long term to provide a system for disease diagnosis and therapy prognosis

Specification and Verification of Contract-Based Applications

Nowadays emerging paradigms are being adopted by several companies, where applications are built by assembling loosely-coupled distributed components, called services. Services may belong to possibly mutual distrusted organizations and may have conflicting goals. New methodologies for designing and verifying these applications are necessary for coping with new scenarios in which a service does not adhere with its prescribed behaviour, namely its contract. The thesis tackles this problem by proposing techniques for specifying and verifying distributed applications. The first contribution is an automata-based model checking technique for ensuring both service compliance and security requirements in a composition of services. We further develop the automata-based approach by proposing a novel formal model of contracts based on tailored finite state automata, called contract automata. The proposed model features several notions of contract agreement described from a language-theoretic perspective, for characterising the modalities in which the duties and requirements of services are fulfilled. Contract automata are equipped with different composition operators, to uniformly model both single and composite services, and techniques for synthesising an orchestrator to enforce the properties of agreement. Algorithms for verifying these properties are introduced, based on control theory and linear programming techniques. The formalism assumes the existence of possible malicious components trying to break the overall agreement, and techniques for detecting and banning eventually liable services are described. We study the conditions for dismissing the central orchestrator in order to generate a distributed choreography of services, analysing both closed and open choreographed systems, with synchronous or asynchronous interactions. We relate contract automata with different intutionistic logics for contracts, introduced for solving mutual circular dependencies between the requirements and the obligations of the parties, with either linear or non-linear availability of resources. Finally, a prototypical tool implementing the theory developed in the thesis is presented

Behavioral types in programming languages

A recent trend in programming language research is to use behav- ioral type theory to ensure various correctness properties of large- scale, communication-intensive systems. Behavioral types encompass concepts such as interfaces, communication protocols, contracts, and choreography. The successful application of behavioral types requires a solid understanding of several practical aspects, from their represen- tation in a concrete programming language, to their integration with other programming constructs such as methods and functions, to de- sign and monitoring methodologies that take behaviors into account. This survey provides an overview of the state of the art of these aspects, which we summarize as the pragmatics of behavioral types

Computational Logic for Biomedicine and Neuroscience

We advocate here the use of computational logic for systems biology, as a \emph{unified and safe} framework well suited for both modeling the dynamic behaviour of biological systems, expressing properties of them, and verifying these properties. The potential candidate logics should have a traditional proof theoretic pedigree (including either induction, or a sequent calculus presentation enjoying cut-elimination and focusing), and should come with certified proof tools. Beyond providing a reliable framework, this allows the correct encodings of our biological systems. % For systems biology in general and biomedicine in particular, we have so far, for the modeling part, three candidate logics: all based on linear logic. The studied properties and their proofs are formalized in a very expressive (non linear) inductive logic: the Calculus of Inductive Constructions (CIC). The examples we have considered so far are relatively simple ones; however, all coming with formal semi-automatic proofs in the Coq system, which implements CIC. In neuroscience, we are directly using CIC and Coq, to model neurons and some simple neuronal circuits and prove some of their dynamic properties. % In biomedicine, the study of multi omic pathway interactions, together with clinical and electronic health record data should help in drug discovery and disease diagnosis. Future work includes using more automatic provers. This should enable us to specify and study more realistic examples, and in the long term to provide a system for disease diagnosis and therapy prognosis.Nous pr{\^o}nons ici l'utilisation d'une logique calculatoire pour la biologie des systèmes, en tant que cadre \emph{unifié et sûr}, bien adapté à la fois à la modélisation du comportement dynamique des systèmes biologiques,à l'expression de leurs propriétés, et à la vérification de ces propriétés.Les logiques candidates potentielles doivent avoir un pedigree traditionnel en théorie de la preuve (y compris, soit l'induction, soit une présentation en calcul des séquents, avec l'élimination des coupures et des règles ``focales''), et doivent être accompagnées d'outils de preuves certifiés.En plus de fournir un cadre fiable, cela nous permet d'encoder de manière correcte nos systèmes biologiques. Pour la biologie des systèmes en général et la biomédecine en particulier, nous avons jusqu'à présent, pour la partie modélisation, trois logiques candidates : toutes basées sur la logique linéaire.Les propriétés étudiées et leurs preuves sont formalisées dans une logique inductive (non linéaire) très expressive : le Calcul des Constructions Inductives (CIC).Les exemples que nous avons étudiés jusqu'à présent sont relativement simples. Cependant, ils sont tous accompagnés de preuves formelles semi-automatiques dans le système Coq, qui implémente CIC. En neurosciences, nous utilisons directement CIC et Coq pour modéliser les neurones et certains circuits neuronaux simples et prouver certaines de leurs propriétés dynamiques.En biomédecine, l'étude des interactions entre des voies multiomiques,ainsi que les études cliniques et les données des dossiers médicaux électroniques devraient aider à la découverte de médicaments et au diagnostic des maladies.Les travaux futurs portent notamment sur l'utilisation de systèmes de preuves plus automatiques.Cela devrait nous permettre de modéliser et d'étudier des exemples plus réalistes,et à terme de fournir un système pour le diagnostic des maladies et le pronostic thérapeutique

Did you mix me? Formally Verifying Verifiable Mix Nets in Electronic Voting

Verifiable mix nets, and specifically proofs of (correct) shuffle, are a fundamental building block in numerous applications: these zero-knowledge proofs allow the prover to produce a public transcript which can be perused by the verifier to confirm the purported shuffle. They are particularly vital to verifiable electronic voting, where they underpin almost all voting schemes with non-trivial tallying methods. These complicated pieces of cryptography are a prime location for critical errors which might allow undetected modification of the outcome. The best solution to preventing these errors is to machine-check the cryptographic properties of the design and implementation of the mix net. Particularly crucial for the integrity of the outcome is the soundness of the design and implementation of the verifier (software). Unfortunately, several different encryption schemes are used in many different slight variations which makes t infeasible to machine-check every single case individually. However, a particular optimized variant of the Terelius-Wikstrom mix net is, and has been, widely deployed in elections including national elections in Norway, Estonia and Switzerland, albeit with many slight variations and several different encryption schemes. In this work, we develop the logical theory and formal methods tools to machine-check the design and implementation of all these variants of Terelius-Wikstrom mix nets, for all the different encryption schemes used; resulting in provably correct mix nets for all these different variations. We do this carefully to ensure that we can extract a formally verified implementation of the verifier (software) which is compatible with existing deployed implementations of the Terelius-Wikstrom mix net. This gives us provably correct implementations of the verifiers for more than half of the national elections which have used verifiable mix nets. Our implementation of a proof of correct shuffle is the first to be machine-checked to be cryptographically correct and able to verify proof transcripts from national elections. We demonstrate the practicality of our implementation by verifying transcripts produced by the Verificatum mix net system and the CHVote evoting system from Switzerland