Multiparty interactions in dependable distributed systems

PhD ThesisWith the expansion of computer networks, activities involving computer communication are becoming more and more distributed. Such distribution can include processing, control, data, network management, and security. Although distribution can improve the reliability of a system by replicating components, sometimes an increase in distribution can introduce some undesirable faults. To reduce the risks of introducing, and to improve the chances of removing and tolerating faults when distributing applications, it is important that distributed systems are implemented in an organized way. As in sequential programming, complexity in distributed, in particular parallel, program development can be managed by providing appropriate programming language constructs. Language constructs can help both by supporting encapsulation so as to prevent unwanted interactions between program components and by providing higher-level abstractions that reduce programmer effort by allowing compilers to handle mundane, error-prone aspects of parallel program implementation. A language construct that supports encapsulation of interactions between multiple parties (objects or processes) is referred in the literature as multiparty interaction. In a multiparty interaction, several parties somehow "come together" to produce an intermediate and temporary combined state, use this state to execute some activity, and then leave the interaction and continue their normal execution. There has been a lot of work in the past years on multiparty interaction, but most of it has been concerned with synchronisation, or handshaking, between parties rather than the encapsulation of several activities executed in parallel by the interaction participants. The programmer is therefore left responsible for ensuring that the processes involved in a cooperative activity do not interfere with, or suffer interference from, other processes not involved in the activity. Furthermore, none of this work has discussed the provision of features that would facilitate the design of multiparty interactions that are expected to cope with faults - whether in the environment that the computer system has to deal with, in the operation of the underlying computer hardware or software, or in the design of the processes that are involved in the interaction. In this thesis the concept of multiparty interaction is integrated with the concept of exception handling in concurrent activities. The final result is a language in which the concept of multiparty interaction is extended by providing it with a mechanism to handle concurrent exceptions. This extended concept is called dependable multiparty interaction. The features and requirements for multiparty interaction and exception handling provided in a set of languages surveyed in this thesis, are integrated to describe the new dependable multiparty interaction construct. Additionally, object-oriented architectures for dependable multiparty interactions are described, and a full implementation of one of the architectures is provided. This implementation is then applied to a set of case studies. The case studies show how dependable multiparty interactions can be used to design and implement a safety-critical system, a multiparty programming abstraction, and a parallel computation model.Brazilian Research Agency CNPq

Formal Development and Validation of Java Dependable Distributed Systems

The rapid expansion of Java programs into software market is often not supported by a proper development methodology. Here, we present a formal development methodology well-suited for Java dependable distributed applications. It is based on the stepwise refinement of model-oriented formal spcifications, and enables validation of the obtained systme wrt the client's requirements. Three refinement steps have been identified in the case of fault-tolerant distributed applications: first, starting from informal requirements, an initial formal specification is derived. It does not depend on implementation constraints and provides a centralized solution; second, dependability and distribution constraints are integrated; third, the Java implementation is realised. The CO-OPN/2 language is used to express specifications formally; and the dependability and distribution design is based on the Coordinated Atomic action concept. The methodology and the three refinement steps are presented through a very simple fault-tolerant distributed Java application

Attributed transformational grammar

A transformação entre linguagens, ou entre diferentes formatos de uma mesma linguagem, é um assunto que desperta interesse há vários anos e desta forma alguns trabalhos tem surgido para tentar automatizar o processo de transformação entre notações diferentes. Este trabalho descreve as Gramáticas Transformacionais empregados para descrever as transformag6es necessárias para converter uma notação em uma linguagem fonte (LF) para uma notação equivalente em uma linguagem objeto (LO). Nesta Gramática é embutido o conceito de Gramáticas de Atributos, criando assim as Gramáticas Transformacionais com Atributos (GTAs). Para validação das GTAs é apresentado um protótipo de ferramenta transformacional, que gera um tradutor, de LF para LO, a partir da descrição da gramática da LF e das regras de transformações para a LO. Tanto a LF quanto a LO são gramáticas do tipo LALR(1). Como objetivo de construir a ferramenta mais genérica possível, foram realizados estudos sobre três ferramentas, com as quais as transformações são possíveis. São elas: YACC, SINLEX e GG. É feita uma breve descrição destas três ferramentas e uma comparação com o protótipo implementado.Languages transformation or transformation among differents formats of the same language is a subject that , has had a lot of interest for t many years. Thus, research has been done aiming to automatize the proccess of transformation from one notation to another. This work describes the use of Transformation Grammars to describe the necessary transformations to convert from a Source Language (SL) notation to an equivalent Object Language (OL). The concept of Attribute Grammars is embbeded to these grammars, defining an Attributed Transformation Grammar (ATG). A transformation tool prototype to evaluate the ATGs is presented. This tool generates a translator from SL to OL using the SL grammar description and the corresponding transformation rules to the OL. Both the SL and OL are LALR(1) grammars. Studies on YACC, SINLEX and GG (tools wich allow transformations) were done trying to reach the most generic tool. A brief descriptions of these tools and a comparision with the prototype is presented

Attributed transformational grammar

A transformação entre linguagens, ou entre diferentes formatos de uma mesma linguagem, é um assunto que desperta interesse há vários anos e desta forma alguns trabalhos tem surgido para tentar automatizar o processo de transformação entre notações diferentes. Este trabalho descreve as Gramáticas Transformacionais empregados para descrever as transformag6es necessárias para converter uma notação em uma linguagem fonte (LF) para uma notação equivalente em uma linguagem objeto (LO). Nesta Gramática é embutido o conceito de Gramáticas de Atributos, criando assim as Gramáticas Transformacionais com Atributos (GTAs). Para validação das GTAs é apresentado um protótipo de ferramenta transformacional, que gera um tradutor, de LF para LO, a partir da descrição da gramática da LF e das regras de transformações para a LO. Tanto a LF quanto a LO são gramáticas do tipo LALR(1). Como objetivo de construir a ferramenta mais genérica possível, foram realizados estudos sobre três ferramentas, com as quais as transformações são possíveis. São elas: YACC, SINLEX e GG. É feita uma breve descrição destas três ferramentas e uma comparação com o protótipo implementado.Languages transformation or transformation among differents formats of the same language is a subject that , has had a lot of interest for t many years. Thus, research has been done aiming to automatize the proccess of transformation from one notation to another. This work describes the use of Transformation Grammars to describe the necessary transformations to convert from a Source Language (SL) notation to an equivalent Object Language (OL). The concept of Attribute Grammars is embbeded to these grammars, defining an Attributed Transformation Grammar (ATG). A transformation tool prototype to evaluate the ATGs is presented. This tool generates a translator from SL to OL using the SL grammar description and the corresponding transformation rules to the OL. Both the SL and OL are LALR(1) grammars. Studies on YACC, SINLEX and GG (tools wich allow transformations) were done trying to reach the most generic tool. A brief descriptions of these tools and a comparision with the prototype is presented

Deleting secret data with public verifiability

Existing software-based data erasure programs can be summarized as following the same one-bit-return protocol: the deletion program performs data erasure and returns either success or failure. However, such a one-bit-return protocol turns the data deletion system into a black box-the user has to trust the outcome but cannot easily verify it. This is especially problematic when the deletion program is encapsulated within a Trusted Platform Module (TPM), and the user has no access to the code inside. In this paper, we present a cryptographic solution that aims to make the data deletion process more transparent and verifiable. In contrast to the conventional black/white assumptions about TPM (i.e., either completely trust or distrust), we introduce a third assumption that sits in between: namely, “trust-but-verify”. Our solution enables a user to verify the correct implementation of two important operations inside a TPM without accessing its source code: i.e., the correct encryption of data and the faithful deletion of the key. Finally, we present a proof-of-concept implementation of the SSE system on a resource-constrained Java card to demonstrate its practical feasibility. To our knowledge, this is the first systematic solution to the secure data deletion problem based on a “trust-but-verify” paradigm, together with a concrete prototype implementation

INCORPORATING PLANNING INTO BDI SYSTEMS FELIPE RECH MENEGUZZI

Abstract. Many architectures of autonomous agent have been proposed throughout AI research. The most common architectures, BDI, are procedural in that they do no planning, seriously curtailing an agent’s ability to cope with unforeseen events. In this paper, we explore the relationship between propositional planning systems and the process of means-ends reasoning used by BDI agents and define a mapping from BDI mental states to propositional planning problems and from propositional plans back to mental states. In order to test the viability of such a mapping, we have implemented it in an extension of a BDI agent model through the use of Graphplan as the propositional planning algorithm. The implemented prototype was applied to model a case study of an agent controlled production cell. Key words. Propositional Planning, Agent Models and Architectures, BDI, X-BDI 1. Introduction. Developmen

Frameworks for designing and implementing dependable systems using Coordinated Atomic Actions: A comparative study

This paper presents ways of implementing dependable distributed applications designed using the Coordinated Atomic Action (CAA) paradigm. CAAs provide a coherent set of concepts adapted to fault tolerant distributed system design that includes structured transactions, distribution, cooperation, competition, and forward and backward error recovery mechanisms triggered by exceptions. DRIP (Dependable Remote Interacting Processes) is an efficient Java implementation framework which provides support for implementing Dependable Multiparty Interactions (DMI). As DMIs have a softer exception handling semantics compared with the CAA semantics, a CAA design can be implemented using the DRIP framework. A new framework called CAA-DRIP allows programmers to exclusively implement the semantics of CAAs using the same terminology and concepts at the design and implementation levels. The new framework not only simplifies the implementation phase, but also reduces the final system size as it requires less number of instances for creating a CAA at runtime. The paper analyses both implementation frameworks in great detail, drawing a systematic comparison of the two. The CAAs behaviour is described in terms of Statecharts to better understand the differences between the two frameworks. Based on the results of the comparison, we use one of the frameworks to implement a case study belonging to the e-health domain