An observational model for spatial logics

Spatiality is an important aspect of distributed systems because their computations depend both on the dynamic behaviour and on the structure of their components. Spatial logics have been proposed as the formal device for expressing spatial properties of systems. We define CCS∥, a CCS-like calculus whose semantics allows one to observe spatial aspects of systems on the top of which we define models of the spatial logic. Our alternative definition of models is proved equivalent to the standard one. Furthermore, logical equivalence is characterized in terms of the bisimilarity of CCS∥

A calculus for modeling and analyzing conversations in service-oriented computing

Dissertação apresentada para a obtenção do Grau de Doutor em Informática pela Universidade Nova de Lisboa, Faculdade de Ciências e TecnologiaThe service-oriented computing paradigm has motivated a large research effort in the past few years. On the one hand, the wide dissemination of Web-Service technology urged for the development of standards, tools and formal techniques that contributed for the design of more reliable systems. On the other hand, many of the problems presented in the study of service-oriented applications find an existing work basis in well-established research fields, as is the case of the study of interaction models that has been an active field of research in the last couple of decades. However, there are many new problems raised by the service-oriented computing paradigm in particular that call for new concepts, dedicated models and specialized formal analysis techniques. The work presented in this dissertation is inserted in such effort, with particular focus on the challenges involved in governing interaction in service-oriented applications. One of the main innovations introduced by the work presented here is the way in which multiparty interaction is handled. One reference field of research that addresses the specification and analysis of interaction of communication-centric systems is based on the notion of session. Essentially, a session characterizes the interaction between two parties, a client and a server,that exchange messages between them in a sequential and dual way. The notion of session is thus particularly adequate to model the client/server paradigm, however it fails to cope with interaction between several participants, a scenario frequently found in real service-oriented applications. The approach described in this dissertation improves on the state of the art as it allows to model and analyze systems where several parties interact, while retaining the fundamental flavor of session-based approaches, by relying on a novel notion of conversation: a simple extension of the notion of session that allows for several parties to interact in a single medium of communication in a disciplined way, via labeled message passing. The contributions of the work presented in this dissertation address the modeling and analysis of service-oriented applications in a rigorous way: First, we propose and study a formal model for service-oriented computing, the Conversation Calculus, which, building on the abstract notion of conversation, allows to capture the interactions between several parties that are relative to the same service task using a single medium of communication. Second, we introduce formal analysis techniques, namely the conversation type system and progress proof system that can be used to ensure, in a provably correct way and at static verification time (before deploying such applications), that systems enjoy good properties such as “the prescribed protocols will be followed at runtime by all conversation participants”(conversation fidelity)and “the system will never run into a stuck state” (progress). We give substantial evidence that our approach is already effective enough to model and type sophisticated service-based systems, at a fairly high level of abstraction. Examples of such systems include challenging scenarios involving simultaneous multiparty conversations, with concurrency and access to local resources, and conversations with a dynamically changing and unanticipated number of participants, that fall out of scope of previous approaches.Fundação para a Ciência e Tecnologia - PhD Scholarship SFRH/BD/23760/200

A Typed Model for Dynamic Authorizations

Security requirements in distributed software systems are inherently dynamic. In the case of authorization policies, resources are meant to be accessed only by authorized parties, but the authorization to access a resource may be dynamically granted/yielded. We describe ongoing work on a model for specifying communication and dynamic authorization handling. We build upon the pi-calculus so as to enrich communication-based systems with authorization specification and delegation; here authorizations regard channel usage and delegation refers to the act of yielding an authorization to another party. Our model includes: (i) a novel scoping construct for authorization, which allows to specify authorization boundaries, and (ii) communication primitives for authorizations, which allow to pass around authorizations to act on a given channel. An authorization error may consist in, e.g., performing an action along a name which is not under an appropriate authorization scope. We introduce a typing discipline that ensures that processes never reduce to authorization errors, even when authorizations are dynamically delegated.Comment: In Proceedings PLACES 2015, arXiv:1602.0325

Dynamic Role Authorization in Multiparty Conversations

Protocol specifications often identify the roles involved in communications. In multiparty protocols that involve task delegation it is often useful to consider settings in which different sites may act on behalf of a single role. It is then crucial to control the roles that the different parties are authorized to represent, including the case in which role authorizations are determined only at runtime. Building on previous work on conversation types with flexible role assignment, here we report initial results on a typed framework for the analysis of multiparty communications with dynamic role authorization and delegation. In the underlying process model, communication prefixes are annotated with role authorizations and authorizations can be passed around. We extend the conversation type system so as to statically distinguish processes that never incur in authorization errors. The proposed static discipline guarantees that processes are always authorized to communicate on behalf of an intended role, also covering the case in which authorizations are dynamically passed around in messages.Comment: In Proceedings BEAT 2014, arXiv:1408.556

Behavioral theory for session-oriented calculi

This chapter presents the behavioral theory of some of the Sensoria core calculi. We consider SSCC, μ se and CC as representatives of the session-based approach and COWS as representative of the correlation-based one. For SSCC, μ se and CC the main point is the structure that the session/conversation mechanism creates in programs. We show how the differences between binary sessions, multiparty sessions and dynamic conversations are captured by different behavioral laws. We also exploit those laws for proving the correctness of program transformations. For COWS the main point is that communication is prioritized (the best matching input captures the output), and this has a strong influence on the behavioral theory of COWS. In particular, we show that communication in COWS is neither purely synchronous nor purely asynchronous

Checking for choreography conformance using spatial logic model-checking

We illustrate with a simple example how the Spatial Logic Model Checker can be used to check choreography conformance propertie

A type language for message passing component-based systems

Component-based development is challenging in a distributed setting, for starters considering programming a task may involve the assembly of loosely-coupled remote components. In order for the task to be fulfilled, the supporting interaction among components should follow a well-defined protocol. In this paper we address a model for message passing component-based systems where components are assembled together with the protocol itself. Components can therefore be independent from the protocol, and reactive to messages in a flexible way. Our contribution is at the level of the type language that allows to capture component behaviour so as to check its compatibility with a protocol. We show the correspondence of component and type behaviours, which entails a progress property for components.Comment: In Proceedings ICE 2020, arXiv:2009.0762

Combining behavioural types with security analysis

Today's software systems are highly distributed and interconnected, and they increasingly rely on communication to achieve their goals; due to their societal importance, security and trustworthiness are crucial aspects for the correctness of these systems. Behavioural types, which extend data types by describing also the structured behaviour of programs, are a widely studied approach to the enforcement of correctness properties in communicating systems. This paper offers a unified overview of proposals based on behavioural types which are aimed at the analysis of security properties