Safer in the Clouds (Extended Abstract)

We outline the design of a framework for modelling cloud computing systems.The approach is based on a declarative programming model which takes the form of a lambda-calculus enriched with suitable mechanisms to express and enforce application-level security policies governing usages of resources available in the clouds. We will focus on the server side of cloud systems, by adopting a pro-active approach, where explicit security policies regulate server's behaviour.Comment: In Proceedings ICE 2010, arXiv:1010.530

Honesty by typing

We propose a type system for a calculus of contracting processes. Processes may stipulate contracts, and then either behave honestly, by keeping the promises made, or not. Type safety guarantees that a typeable process is honest - that is, the process abides by the contract it has stipulated in all possible contexts, even those containing dishonest adversaries

Model checking usage policies

We study usage automata, a formal model for specifying policies on the usage of resources. Usage automata extend finite state automata with some additional features, parameters and guards, that improve their expressivity. We show that usage automata are expressive enough to model policies of real-world applications. We discuss their expressive power, and we prove that the problem of telling whether a computation complies with a usage policy is decidable. The main contribution of this paper is a model checking technique for usage automata. The model is that of usages, i.e. basic processes that describe the possible patterns of resource access and creation. In spite of the model having infinite states, because of recursion and resource creation, we devise a polynomial-time model checking technique for deciding when a usage complies with a usage policy

Lending Petri nets and contracts

Choreography-based approaches to service composition typically assume that, after a set of services has been found which correctly play the roles prescribed by the choreography, each service respects his role. Honest services are not protected against adversaries. We propose a model for contracts based on a extension of Petri nets, which allows services to protect themselves while still realizing the choreography. We relate this model with Propositional Contract Logic, by showing a translation of formulae into our Petri nets which preserves the logical notion of agreement, and allows for compositional verification

Formal Models of Bitcoin Contracts: A Survey

Although Bitcoin is mostly used as a decentralized application to transfer cryptocurrency, over the last 10 years there have been several studies on how to exploit Bitcoin to execute smart contracts. These are computer protocols which allow users to exchange bitcoins according to complex pre-agreed rules. Some of these studies introduce formal models of Bitcoin contracts, which specify their behavior in non-ambiguous terms, in some cases providing tools to automatically verify relevant contract properties. In this paper, we survey the formal models proposed in the scientific literature, comparing their expressiveness and applicability in the wild

A true concurrent model of smart contracts executions

The development of blockchain technologies has enabled the trustless execution of so-called smart contracts, i.e. programs that regulate the exchange of assets (e.g., cryptocurrency) between users. In a decentralized blockchain, the state of smart contracts is collaboratively maintained by a peer-to-peer network of mutually untrusted nodes, which collect from users a set of transactions (representing the required actions on contracts), and execute them in some order. Once this sequence of transactions is appended to the blockchain, the other nodes validate it, re-executing the transactions in the same order. The serial execution of transactions does not take advantage of the multi-core architecture of modern processors, so contributing to limit the throughput. In this paper we propose a true concurrent model of smart contract execution. Based on this, we show how static analysis of smart contracts can be exploited to parallelize the execution of transactions.Comment: Full version of the paper presented at COORDINATION 202

Tools and verification

This chapter presents different tools that have been developed inside the Sensoria project. Sensoria studied qualitative analysis techniques for verifying properties of service implementations with respect to their formal specifications. The tools presented in this chapter have been developed to carry out the analysis in an automated, or semi-automated, way. We present four different tools, all developed during the Sensoria project, exploiting new techniques and calculi from the Sensoria project itself

Quantal amplitude at the cone ribbon synapse can be adjusted by changes in cytosolic glutamate.

PURPOSE: Vision is encoded at photoreceptor synapses by the number of released vesicles and size of the post-synaptic response. We hypothesized that elevating cytosolic glutamate could enhance quantal size by increasing glutamate in vesicles. METHODS: We introduced glutamate (10-40 mM) into cone terminals through a patch pipette and recorded excitatory post-synaptic currents (EPSCs) from horizontal or OFF bipolar cells in the Ambystoma tigrinum retinal slice preparation. RESULTS: Elevating cytosolic glutamate in cone terminals enhanced EPSCs as well as quantal miniature EPSCs (mEPSCs). Enhancement was prevented by inhibiting vesicular glutamate transport with 1S,3R-1-aminocyclopentane-1,3-dicarboxylate in the patch pipette. A low affinity glutamate receptor antagonist, γD-glutamylglycine (1 mM), less effectively inhibited EPSCs evoked from cones loaded with glutamate than control cones indicating that release from cones with supplemental glutamate produced higher glutamate levels in the synaptic cleft. Raising presynaptic glutamate did not alter exocytotic capacitance responses and exocytosis was observed after inhibiting glutamate loading with the vesicular ATPase inhibitor, concanamycin A, suggesting that release capability is not restricted by low vesicular glutamate levels. Variance-mean analysis of currents evoked by flash photolysis of caged glutamate indicated that horizontal cell AMPA receptors have a single channel conductance of 10.1 pS suggesting that ~8.7 GluRs contribute to each mEPSC. CONCLUSIONS: Quantal amplitude at the cone ribbon synapse is capable of adjustment by changes in cytosolic glutamate levels. The small number of channels contributing to each mEPSC suggests that stochastic variability in channel opening could be an important source of quantal variability