Action Refinement as an Implementation Relation

We propose a theory of process refinement which relates behavioural descriptions belonging to conceptually different abstraction levels, through a so-called vertical implementation relation. The theory is based on action refinement, which permits to relate abstract actions of the implementation to concrete computations of the implementation; it is developed in the standard interleaving approach. A number of proof rules is shown to be sound for the particular vertical implementation relation (based on observation congruence) we study in this paper. We give an illustrative example

Decidability of Two Truly Concurrent Equivalences for Finite Bounded Petri Nets

We prove that (strong) fully-concurrent bisimilarity and causal-net bisimilarity are decidable for finite bounded Petri nets. The proofs are based on a generalization of the ordered marking proof technique that Vogler used to demonstrate that (strong) fully-concurrent bisimilarity (or, equivalently, historypreserving bisimilarity) is decidable on finite safe nets

Secrecy in Security Protocols as Non Interference

n/

Encrypted Shared Data Spaces

The deployment of Share Data Spaces in open, possibly hostile, environments arises the need of protecting the confidentiality of the data space content. Existing approaches focus on access control mechanisms that protect the data space from untrusted agents. The basic assumption is that the hosts (and their administrators) where the data space is deployed have to be trusted. Encryption schemes can be used to protect the data space content from malicious hosts. However, these schemes do not allow searching on encrypted data. In this paper we present a novel encryption scheme that allows tuple matching on completely encrypted tuples. Since the data space does not need to decrypt tuples to perform the search, tuple confidentiality can be guaranteed even when the data space is deployed on malicious hosts (or an adversary gains access to the host). Our scheme does not require authorised agents to share keys for inserting and retrieving tuples. Each authorised agent can encrypt, decrypt, and search encrypted tuples without having to know other agents’ keys. This is beneficial inasmuch as it simplifies the task of key management. An implementation of an encrypted data space based on this scheme is described and some preliminary performance results are given

Batalin-Vilkovisky Integrals in Finite Dimensions

The Batalin-Vilkovisky method (BV) is the most powerful method to analyze functional integrals with (infinite-dimensional) gauge symmetries presently known. It has been invented to fix gauges associated with symmetries that do not close off-shell. Homological Perturbation Theory is introduced and used to develop the integration theory behind BV and to describe the BV quantization of a Lagrangian system with symmetries. Localization (illustrated in terms of Duistermaat-Heckman localization) as well as anomalous symmetries are discussed in the framework of BV.Comment: 35 page

Choreography and Orchestration Conformance for System Design

Abstract. In a previous work we have presented a formal framework devoted to show the relevance of choreography and orchestration in the design of service oriented applications. Even if useful to start a formal investigation of the relationship between choreography and orchestration, the proposed framework was not suitable to specify real case studies. In fact, it simply permitted to specify all possible computations abstracting away from the conditions driving the choice of the actual behaviour. In this paper we tackle this problem by introducing the notion of state variables. The addition of state requires a substantial modification of the entire framework because the same state variable, at the level of choreography, can be actually stored in distributed orchestrators that will need to synchronize in order to maintain consistent views. In order to faithfully investigate this problem we also need to modify the formal model at the orchestration level, moving from synchronous to asynchronous communication as the latter is the communication modality of the ordinary communication infrastructures.

Many-to-Many Information Flow Policies

Information flow techniques typically classify information according to suitable security levels and enforce policies that are based on binary relations between individual levels, e.g., stating that information is allowed to flow from one level to another. We argue that some information flow properties of interest naturally require coordination patterns that involve sets of security levels rather than individual levels: some secret information could be safely disclosed to a set of confidential channels of incomparable security levels, with individual leaks considered instead illegal; a group of competing agencies might agree to disclose their secrets, with individual disclosures being undesired, etc. Motivated by this we propose a simple language for expressing information flow policies where the usual admitted flow relation between individual security levels is replaced by a relation between sets of security levels, thus allowing to capture coordinated flows of information. The flow of information is expressed in terms of causal dependencies and the satisfaction of a policy is defined with respect to an event structure that is assumed to capture the causal structure of system computations. We suggest applications to secret exchange protocols, program security and security architectures, and discuss the relation to classic notions of information flow control