371 research outputs found
Comparing the expressive power of the Synchronous and the Asynchronous pi-calculus
The Asynchronous pi-calculus, as recently proposed by Boudol and,
independently, by Honda and Tokoro, is a subset of the pi-calculus which
contains no explicit operators for choice and output-prefixing. The
communication mechanism of this calculus, however, is powerful enough to
simulate output-prefixing, as shown by Boudol, and input-guarded choice, as
shown recently by Nestmann and Pierce. A natural question arises, then, whether
or not it is possible to embed in it the full pi-calculus. We show that this is
not possible, i.e. there does not exist any uniform, parallel-preserving,
translation from the pi-calculus into the asynchronous pi-calculus, up to any
``reasonable'' notion of equivalence. This result is based on the incapablity
of the asynchronous pi-calculus of breaking certain symmetries possibly present
in the initial communication graph. By similar arguments, we prove a separation
result between the pi-calculus and CCS.Comment: 10 pages. Proc. of the POPL'97 symposiu
Making Random Choices Invisible to the Scheduler
When dealing with process calculi and automata which express both
nondeterministic and probabilistic behavior, it is customary to introduce the
notion of scheduler to solve the nondeterminism. It has been observed that for
certain applications, notably those in security, the scheduler needs to be
restricted so not to reveal the outcome of the protocol's random choices, or
otherwise the model of adversary would be too strong even for ``obviously
correct'' protocols. We propose a process-algebraic framework in which the
control on the scheduler can be specified in syntactic terms, and we show how
to apply it to solve the problem mentioned above. We also consider the
definition of (probabilistic) may and must preorders, and we show that they are
precongruences with respect to the restricted schedulers. Furthermore, we show
that all the operators of the language, except replication, distribute over
probabilistic summation, which is a useful property for verification
Constructing elastic distinguishability metrics for location privacy
With the increasing popularity of hand-held devices, location-based
applications and services have access to accurate and real-time location
information, raising serious privacy concerns for their users. The recently
introduced notion of geo-indistinguishability tries to address this problem by
adapting the well-known concept of differential privacy to the area of
location-based systems. Although geo-indistinguishability presents various
appealing aspects, it has the problem of treating space in a uniform way,
imposing the addition of the same amount of noise everywhere on the map. In
this paper we propose a novel elastic distinguishability metric that warps the
geometrical distance, capturing the different degrees of density of each area.
As a consequence, the obtained mechanism adapts the level of noise while
achieving the same degree of privacy everywhere. We also show how such an
elastic metric can easily incorporate the concept of a "geographic fence" that
is commonly employed to protect the highly recurrent locations of a user, such
as his home or work. We perform an extensive evaluation of our technique by
building an elastic metric for Paris' wide metropolitan area, using semantic
information from the OpenStreetMap database. We compare the resulting mechanism
against the Planar Laplace mechanism satisfying standard
geo-indistinguishability, using two real-world datasets from the Gowalla and
Brightkite location-based social networks. The results show that the elastic
mechanism adapts well to the semantics of each area, adjusting the noise as we
move outside the city center, hence offering better overall privacy
Bounds on the leakage of the input's distribution in information-hiding protocols
International audienceIn information-hiding, an adversary that tries to infer the secret information has a higher probability of success if it knows the distribution on the secrets. We show that if the system leaks probabilistically some information about the secrets, (that is, if there is a probabilistic correlation between the secrets and some observables) then the adversary can approximate such distribution by repeating the observations. More precisely, it can approximate the distribution on the observables by computing their frequencies, and then derive the distribution on the secrets by using the correlation in the inverse direction. We illustrate this method, and then we study the bounds on the approximation error associated with it, for various natural notions of error. As a case study, we apply our results to Crowds, a protocol for anonymous communication
Recursion vs Replication in Process Calculi: Expressiveness
International audienceIn this paper we shall survey and discuss in detail the work on the relative expressiveness of recursion and replication in various process calculi. Namely, CCS, the pi-calculus, and the Ambient calculus. We shall give evidence that the ability of expressing recursive behaviour via replication often depends on the scoping mechanisms of the given calculus which compensate for the restriction of replication
A randomized encoding of the pi-calculus with mixed choice
International audienceWe consider the problem of encoding the pi-calculus with mixed choice into the asynchronous pi-calculus via a uniform translation while preserving a reasonable semantics. Although it has been shown that this is not possible with an exact encoding, we suggest a randomized approach using a probabilistic extension of the asynchronous pi-calculus, and we show that our solution is correct with probability 1 under any proper adversary wrt a notion of testing semantics. This result establishes the basis for a distributed and symmetric implementation of mixed choice which, differently from previous proposals in literature, does not rely on assumptions on the relative speed of processes and it is robust to attacks of proper adversaries
- …