Brane Calculi Systems: A Static Preview of their Possible Behaviour

We improve the precision of a previous Control Flow Analysis for Brane Calculi, by adding information on the context and introducing causality information on the membranes. This allows us to prove some biological properties on the behaviour of systems specified in Brane Calculi.Comment: Presented at MeCBIC 201

The cost of securing IoT communications

More smart objects and more applications on the Internet of Things (IoT) mean more security challenges. In IoT security is crucial but difficult to obtain. On the one hand the usual trade-off between highly secure and usable systems is more impelling than ever; on the other hand security is considered a feature that has a cost often unaffordable. To relieve this kind of problems, IoT designers not only need tools to assess possible risks and to study countermeasures, but also methodologies to estimate their costs. Here, we present a preliminary methodology, based on the process calculus IoT-LySa, to infer quantitative measures on systems evolution. The derived quantitative evaluation is exploited to establish the cost of the possible security countermeasures

Securing IoT communications: at what cost?

IoT systems use wireless links for local communication, where locality depends on the transmission range and include many devices with low computational power such as sensors. In IoT systems, security is a crucial requirement, but difficult to obtain, because standard cryptographic techniques have a cost that is usually unaffordable. We resort to an extended version of the process calculus LySa, called IoTLySa, to model the patterns of communication of IoT devices. Moreover, we assign rates to each transition to infer quantitative measures on the specified systems. The derived performance evaluation can be exploited to establish the cost of the possible security countermeasures

Tracking sensitive and untrustworthy data in IoT

The Internet of Things (IoT) produces and processes large amounts of data. Among these data, some must be protected and others must be carefully handled because they come from untrusted sources. Taint analysis techniques can be used to for marking data and for monitoring their propagation at run time, so to determine how they influence the rest of the computation. Starting from the specification language IoT-LySa, we propose a Control Flow Analysis for statically predicting how tainted data spread across an IoT system and for checking whether those computations considered security critical are not affected by tainted data

A Formal Approach to Open Multiparty Interactions

We present a process algebra aimed at describing interactions that are multiparty, i.e. that may involve more than two processes and that are open, i.e. the number of the processes they involve is not fixed or known a priori. Here we focus on the theory of a core version of a process calculus, without message passing, called Core Network Algebra (CNA). In CNA communication actions are given not in terms of channels but in terms of chains of links that record the source and the target ends of each hop of interactions. The operational semantics of our calculus mildly extends the one of CCS. The abstract semantics is given in the style of bisimulation but requires some ingenuity. Remarkably, the abstract semantics is a congruence for all operators of CNA and also with respect to substitutions, which is not the case for strong bisimilarity in CCS. As a motivating and running example, we illustrate the model of a simple software defined network infrastructure.Comment: 62 page

Causal static analysis for Brane Calculi

We present here a static analysis, based on Abstract Interpretation, obtained by defining an abstract version of the causal semantics for the Mate/Bud/Drip (MBD) version of Brane Calculi, proposed by Busi. Our analysis statically approximates the dynamic behaviour of MBD systems. More precisely, the analysis is able to describe the essential behaviour of the represented membranes, in terms of their possible interactions. Furthermore, our analysis is able to statically capture the possible causal dependencies among interactions, whose determination can be exploited to better understand the modelled biological phenomena. Finally, we apply our analysis to an abstract specification of the receptor-mediated endocytosis mechanism

Statically detecting message confusions in a multi-protocol setting

In a multi-protocol setting, different protocols are concurrently executed, and each principal can participate in more than one. The possibilities of attacks therefore increase, often due to the presence of similar patterns in messages. Messages coming from one protocol can be confused with similar messages coming from another protocol. As a consequence, data of one type may be interpreted as data of another, and it is also possible that the type is the expected one, but the message is addressed to another protocol. In this paper, we shall present an extension of the LySa calculus [7, 4] that decorates encryption with tags including the protocol identifier, the protocol step identifier and the intended types of the encrypted terms. The additional information allows us to find the messages that can be confused and therefore to have hints to reconstruct the attack. We extend accordingly the standard static Control Flow Analysis for LySa, which over-approximates all the possible behaviour of the studied protocols, included the possible message confusions that may occur at run-time. Our analysis has been implemented and successfully applied to small sets of protocols. In particular, we discovered an undocumented family of attacks, that may arise when Bauer-Berson-Feiertag and the Woo-Lam authentication protocols are running in parallel. The implementation complexity of the analysis is low polynomial

A flat process calculus for nested membrane interactions

The link-calculus has been recently proposed as a process calculus for representing interactions that are open (i.e. that the number of processes may vary), and multiparty (i.e. that may involve more than two processes). Here, we apply the link-calculus for expressing, possibly hierarchical and non dyadic, biological interactions. In particular, we provide a natural encoding of Cardelli's Brane calculus, a compartment-based calculus, introduced to model the behaviour of nested membranes. Notably, the link-calculus is at, but we can model membranes just as special processes taking part in the biological reaction. Moreover, we give evidence that the link-calculus allows one to directly model biological phenomena at the more appropriate level of abstraction

Checking global usage of resources handled with local policies

We present a methodology to reason about resource usage (acquisition, release, revision, and so on) and, in particular, to predict bad usage of resources. Keeping in mind the interplay between local and global information that occur in application-resource interactions, we model resources as entities with local policies and we study global properties that govern overall interactions. Formally, our model is an extension of π-calculus with primitives to manage resources. To predict possible bad usage of resources, we develop a Control Flow Analysis that computes a static over-approximation of process behaviour