2,697 research outputs found
Combining behavioural types with security analysis
Today's software systems are highly distributed and interconnected, and they
increasingly rely on communication to achieve their goals; due to their
societal importance, security and trustworthiness are crucial aspects for the
correctness of these systems. Behavioural types, which extend data types by
describing also the structured behaviour of programs, are a widely studied
approach to the enforcement of correctness properties in communicating systems.
This paper offers a unified overview of proposals based on behavioural types
which are aimed at the analysis of security properties
Validating a Web Service Security Abstraction by Typing
An XML web service is, to a first approximation, an RPC service in which
requests and responses are encoded in XML as SOAP envelopes, and transported
over HTTP. We consider the problem of authenticating requests and responses at
the SOAP-level, rather than relying on transport-level security. We propose a
security abstraction, inspired by earlier work on secure RPC, in which the
methods exported by a web service are annotated with one of three security
levels: none, authenticated, or both authenticated and encrypted. We model our
abstraction as an object calculus with primitives for defining and calling web
services. We describe the semantics of our object calculus by translating to a
lower-level language with primitives for message passing and cryptography. To
validate our semantics, we embed correspondence assertions that specify the
correct authentication of requests and responses. By appeal to the type theory
for cryptographic protocols of Gordon and Jeffrey's Cryptyc, we verify the
correspondence assertions simply by typing. Finally, we describe an
implementation of our semantics via custom SOAP headers.Comment: 44 pages. A preliminary version appears in the Proceedings of the
Workshop on XML Security 2002, pp. 18-29, November 200
Dynamic Role Authorization in Multiparty Conversations
Protocol specifications often identify the roles involved in communications.
In multiparty protocols that involve task delegation it is often useful to
consider settings in which different sites may act on behalf of a single role.
It is then crucial to control the roles that the different parties are
authorized to represent, including the case in which role authorizations are
determined only at runtime. Building on previous work on conversation types
with flexible role assignment, here we report initial results on a typed
framework for the analysis of multiparty communications with dynamic role
authorization and delegation. In the underlying process model, communication
prefixes are annotated with role authorizations and authorizations can be
passed around. We extend the conversation type system so as to statically
distinguish processes that never incur in authorization errors. The proposed
static discipline guarantees that processes are always authorized to
communicate on behalf of an intended role, also covering the case in which
authorizations are dynamically passed around in messages.Comment: In Proceedings BEAT 2014, arXiv:1408.556
PLACES'10: The 3rd Workshop on Programmng Language Approaches to concurrency and Communication-Centric Software
Paphos, Cyprus. March 201
Explicit connection actions in multiparty session types
This work extends asynchronous multiparty session types (MPST) with explicit connection actions to support protocols with op- tional and dynamic participants. The actions by which endpoints are connected and disconnected are a key element of real-world protocols that is not treated in existing MPST works. In addition, the use cases motivating explicit connections often require a more relaxed form of mul- tiparty choice: these extensions do not satisfy the conservative restric- tions used to ensure safety in standard syntactic MPST. Instead, we de- velop a modelling-based approach to validate MPST safety and progress for these enriched protocols. We present a toolchain implementation, for distributed programming based on our extended MPST in Java, and a core formalism, demonstrating the soundness of our approach. We discuss key implementation issues related to the proposed extensions: a practi- cal treatment of choice subtyping for MPST progress, and multiparty correlation of dynamic binary connections
Correspondence assertions for process synchronization in concurrent communications
High-level specification of patterns of communications such as protocols can be modeled elegantly by means of session types. However, a number of examples suggest that session types fall short when finer precision on protocol specification is required. In order to increase the expressiveness of session types we appeal to the theory of correspondence assertions. The resulting type discipline augments the types of long term channels with effects and thus yields types which may depend on messages read or written earlier within the same session. We prove that evaluation preserves typability and that well-typed processes are safe. Also, we illustrate how the resulting theory allows us to address the shortcomings present in the pure theory of session types.Laboratorio de Investigación y Formación en Informática Avanzad
Correspondence assertions for process synchronization in concurrent communications
High-level specification of patterns of communications such as protocols can be modeled elegantly by means of session types. However, a number of examples suggest that session types fall short when finer precision on protocol specification is required. In order to increase the expressiveness of session types we appeal to the theory of correspondence assertions. The resulting type discipline augments the types of long term channels with effects and thus yields types which may depend on messages read or written earlier within the same session. We prove that evaluation preserves typability and that well-typed processes are safe. Also, we illustrate how the resulting theory allows us to address the shortcomings present in the pure theory of session types.Laboratorio de Investigación y Formación en Informática Avanzad
A Fully Abstract Symbolic Semantics for Psi-Calculi
We present a symbolic transition system and bisimulation equivalence for
psi-calculi, and show that it is fully abstract with respect to bisimulation
congruence in the non-symbolic semantics.
A psi-calculus is an extension of the pi-calculus with nominal data types for
data structures and for logical assertions representing facts about data. These
can be transmitted between processes and their names can be statically scoped
using the standard pi-calculus mechanism to allow for scope migrations.
Psi-calculi can be more general than other proposed extensions of the
pi-calculus such as the applied pi-calculus, the spi-calculus, the fusion
calculus, or the concurrent constraint pi-calculus.
Symbolic semantics are necessary for an efficient implementation of the
calculus in automated tools exploring state spaces, and the full abstraction
property means the semantics of a process does not change from the original
Context-Free Session Types for Applied Pi-Calculus
We present a binary session type system using context-free session types to a
version of the applied pi-calculus of Abadi et. al. where only base terms,
constants and channels can be sent. Session types resemble process terms from
BPA and we use a version of bisimulation equivalence to characterize type
equivalence. We present a quotiented type system defined on type equivalence
classes for which type equivalence is built into the type system. Both type
systems satisfy general soundness properties; this is established by an appeal
to a generic session type system for psi-calculi.Comment: In Proceedings EXPRESS/SOS 2018, arXiv:1808.0807
- …