Statistical model checking of ad hoc routing protocols in lossy grid networks

We extend recent work by Hofner and McIver con the performances of the ad hoc routing protocols AODV and DYMO in terms of routes established. Hofner and McIver apply statistical model checking to show that on arbitrary small networks (up to 5 nodes) the most recent, and apparently more robust, DYMO protocol is less efficient than AODV. Here, we reformulate their experiments on 4x3 toroidal networks, with possibly lossy communication. As a main result we demonstrate that, in this more realistic scenario, DYMO performs significantly better than AODV

A semantic analysis of key management protocols for wireless sensor networks

Abstract Gorrieri and Martinelli's timed Generalized Non-Deducibility on Compositions (tGNDC) schema is a well-known general framework for the formal verification of security protocols in a concurrent scenario. We generalise the tGNDC schema to verify wireless network security protocols. Our generalisation relies on a simple timed broadcasting process calculus whose operational semantics is given in terms of a labelled transition system which is used to derive a standard simulation theory. We apply our tGNDC framework to perform a security analysis of three well-known key management protocols for wireless sensor networks: µTESLA, LEAP+ and LiSP

Semantics for Locking Specifications

Lock-based synchronization disciplines, like Java\u2019s @GuardedBy, are widely used to prevent concurrency errors. However, their semantics is often expressed informally and is consequently ambiguous. This article highlights such ambiguities and overcomes them by formalizing two possible semantics of @GuardedBy, using a reference operational semantics for a core calculus of a concurrent Java-like language. It also identifies when such annotations are actual guarantees against data races. Our work aids in understanding the annotations and supports the development of sound tools that verify or infer them

Locking Discipline Inference and Checking

Concurrency is a requirement for much modern software, but the implementation of multithreaded algorithms comes at the risk of errors such as data races. Programmers can prevent data races by documenting and obeying a locking discipline, which indicates which locks must be held in order to access which data. This paper introduces a formal semantics for locking specifications that gives a guarantee of race freedom. The paper also provides two implementations of the formal semantics for the Java language: one based on abstract interpretation and one based on type theory. To the best of our knowledge, these are the first tools that can soundly infer and check a locking discipline for Java. Our experiments com-pare the implementations with one another and with annotations written by programmers

PH.D. IN COMPUTER SCIENCE, UNIVERSITY OF VENICE

In present-day computing environments, a user often employs programs which are sent or fetched from different sites to achieve his/her goals, either privately or in an organization. Such programs may be run as a code to do a simple calculation task or as interactive parallel programs doing IO operations or communications between resources located almost everywhere in the world. To face up such a complex situation we need frameworks for the formalization, analysis and verification of distributed and mobile systems properties. A process on a network can be influenced by the environment surrounding it, possibly modifying the intended behaviour of the process. Traditional correctness properties and methodologies for sequential systems are no more applicable in presence of distributed and mobile systems. Hence the necessity of designing new formal models for the description of and the reasoning on properties of distributed processes. This necessity has been recently recognized by several authors; milestones papers on this subject are [19, 7]. In particular, the π-calculus [4, 17, 19] is a process calculus where processes interact by sending communication links to each other. The basic computational step is the transfer of a communication link between two processes; the recipient can then use the link for further interaction with other parties. This makes the calculus suitable for modellin

Static bilog: a unifying language for spatial structures

Abstract. Aiming at a unified view of the logics describing spatial structures, we introduce a general framework, BiLog, whose formulae characterise monoidal categories. As a first instance of the framework we consider bigraphs, which are emerging as a an interesting (meta-)model for spatial structures and distributed calculi. Since bigraphs are built orthogonally on two structures, a hierarchical place graph for locations and a link (hyper-)graph for connections, we obtain a logic that is a natural composition of other two instances of BiLog: a Place Graph Logic and a Link Graph Logic. We prove that these instances generalise the spatial logics for trees, for graphs and for tree contexts. We also explore the concepts of separation and sharing in these logics. We note that both the operator * of Separation Logic and the operator | of spatial logics do not completely separate the underlying structures. These two different forms of separation can be naturally derived as instances of BiLog by using the complete separation induced by the tensor product of monoidal categories along with some form of sharing

A Semantic Analysis of Wireless Network Security Protocols

Gorrieri and Martinelli\u2019s tGNDC is a general framework for the formal verification of security protocols in a concurrent scenario. We generalise their tGNDC schema to verify wireless network security protocols. Our generalisation relies on a simple timed broadcasting process calculus whose operational semantics is given in terms of a labelled transition system which is used to derive a standard simulation theory. We apply our tGNDC schema to perform a security analysis of LiSP, a well-known key management protocol for wireless sensor networks

Relational semantics for Basic Logic

this paper, since they provide with the right intuitions for the de nition of evaluation of formulae, in section