Event-based characterisation of temporal properties over system states

The design of runtime verification (or monitoring) systems presents a myriad of options — how to instrument properties, in which logic to specify properties, what algorithms to use to implement the property checking, etc. One crucial issue is what elements of the system one is interested in observing, and what points-of-interest one must capture to be able to perform this monitoring. Many runtime verification tools base their properties on the control flow of the system (e.g.): method calls, object creation, exception raising, etc. Especially in the domain of distributed systems, one also finds communication-centric runtime monitoring, in which one focuses on the communication taking place between nodes (e.g. see). Finally, a minority of tools take a data-centric approach, in which one can write properties about the values stored in the system state. The choice of approach has a major influence on how monitoring code can be instrumented in the system. Typically, control-centric approaches use aspect-oriented programming (or similar) technologies to insert additional code identifying the events of interest in the system. On the other hand, to monitor communication in a distributed, message-passing system, one may create communication proxies (actual or local virtual ones) which capture and analyse the messages, i.e. the temporal points-of-interest in such a system. In a data-centric approach, one typically captures points of discontinuity in the values of variables — when they are assigned a value — to be able to capture properties which talk about how the values of the system state changes over time.peer-reviewe

Model-Based Availability Evaluation of Composed Web Services, Journal of Telecommunications and Information Technology, 2014, nr 4

Web services composition is an emerging software development paradigm for the implementation of distributed computing systems, the impact of which is very relevant both in research and industry. When a complex functionality has to be delivered on the Internet, a service integrator can produce added value by delivering more abstract and complex services obtained by composition of existing ones. But while isolated services availability can be improved by tuning and reconguring their hosting servers, with Composed Web Services (CWS) basic services must be taken as they are. In this case, it is necessary to evaluate the composition effects. The authors propose a high-level analysis methodology, supported by a tool, based on the transformation of BPEL descriptions of CWS into models based on the fault tree availability evaluation formalism that enables a modeler, unfamiliar with the underlying combinatorial probabilistic mathematics, to evaluate the availability of CWS, given components availability and expected execution behavior

Session Coalgebras: A Coalgebraic View on Session Types and Communication Protocols

Compositional methods are central to the development and verification of software systems. They allow to break down large systems into smaller components, while enabling reasoning about the behaviour of the composed system. For concurrent and communicating systems, compositional techniques based on behavioural type systems have received much attention. By abstracting communication protocols as types, these type systems can statically check that programs interact with channels according to a certain protocol, whether the intended messages are exchanged in a certain order. In this paper, we put on our coalgebraic spectacles to investigate session types, a widely studied class of behavioural type systems. We provide a syntax-free description of session-based concurrency as states of coalgebras. As a result, we rediscover type equivalence, duality, and subtyping relations in terms of canonical coinductive presentations. In turn, this coinductive presentation makes it possible to elegantly derive a decidable type system with subtyping for $\pi$-calculus processes, in which the states of a coalgebra will serve as channel protocols. Going full circle, we exhibit a coalgebra structure on an existing session type system, and show that the relations and type system resulting from our coalgebraic perspective agree with the existing ones.Comment: 36 pages, submitte

A SOA-based architecture framework

We present an Service-Oriented Architecture (SOA)– based architecture framework. The architecture framework is designed to be close to industry standards, especially to the Service Component Architecture (SCA). The framework is language independent and the building blocks of each system, activities and data, are first class citizens. We present a meta model of the architecture framework and discuss its concepts in detail. Through the framework, concepts of an SOA such as wiring, correlation and instantiation can be clarifie

CryptoBap: A Binary Analysis Platform for Cryptographic Protocols

We introduce CryptoBap, a platform to verify weak secrecy and authentication for the (ARMv8 and RISC-V) machine code of cryptographic protocols. We achieve this by first transpiling the binary of protocols into an intermediate representation and then performing a crypto-aware symbolic execution to automatically extract a model of the protocol that represents all its execution paths. Our symbolic execution resolves indirect jumps and supports bounded loops using the loop-summarization technique, which we fully automate. The extracted model is then translated into models amenable to automated verification via ProVerif and CryptoVerif using a third-party toolchain. We prove the soundness of the proposed approach and used CryptoBap to verify multiple case studies ranging from toy examples to real-world protocols, TinySSH, an implementation of SSH, and WireGuard, a modern VPN protocol

Session coalgebras: A coalgebraic view on session types and communication protocols

Compositional methods are central to the development and verification of software systems. They allow breaking down large systems into smaller components, while enabling reasoning about the behaviour of the composed system. For concurrent and communicating systems, compositional techniques based on behavioural type systems have received much attention. By abstracting communication protocols as types, these type systems can statically check that programs interact with channels according to a certain protocol, whether the intended messages are exchanged in a certain order. In this paper, we put on our coalgebraic spectacles to investigate session types, a widely studied class of behavioural type systems. We provide a syntax-free description of session-based concurrency as states of coalgebras. As a result, we rediscover type equivalence, duality, and subtyping rela

Seems Legit: Automated Analysis of Subtle Attacks on Protocols that Use Signatures

The standard definition of security for digital signatures---existential unforgeability---does not ensure certain properties that protocol designers might expect. For example, in many modern signature schemes, one signature may verify against multiple distinct public keys. It is left to protocol designers to ensure that the absence of these properties does not lead to attacks. Modern automated protocol analysis tools are able to provably exclude large classes of attacks on complex real-world protocols such as TLS 1.3 and 5G. However, their abstraction of signatures (implicitly) assumes much more than existential unforgeability, thereby missing several classes of practical attacks. We give a hierarchy of new formal models for signature schemes that captures these subtleties, and thereby allows us to analyse (often unexpected) behaviours of real-world protocols that were previously out of reach of symbolic analysis. We implement our models in the Tamarin Prover, yielding the first way to perform these analyses automatically, and validate them on several case studies. In the process, we find new attacks on DRKey and SOAP\u27s WS-Security, both protocols which were previously proven secure in traditional symbolic models

Type inference for conversation types

Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia InformáticaThis dissertation tackles the problem of type inference for conversation types by devising and implementing a type inference algorithm. This is an interesting issue to address if we take into account that service-oriented applications can have very rich and complex protocols of services’usage, thus requiring the programmer to annotate every service invocation with a type corresponding to his role in a protocol, which would make the development of such applications quite unpractical. Therefore, freeing the programmer from that task, by having inference of types that describe such protocols, is quite desirable not only because it is cumbersome and tedious to do such annotations but also because it reduces the occurrences of errors when developing real complex systems. While there is several work done related to session types and type inference in the context of binary sessions, work regarding multiparty conversations is still lacking even though there are some proposals related to multi-session conversations(i.e. interactions happen through shared channels that are distributed at service invocation time to all participants). Our approach is based on Conversation Calculus, a process calculus that models services’primitives based on conversations access point where all the interactions of a conversation take place. In order to test our type inference algorithm we designed and implemented a prototype of a proof of-concept distributed programming language based on Conversation Calculus. Finally, we show that our type inference algorithm is sound, complete, decidable and that it always returns a principal typing