A Branching Time Model of CSP

I present a branching time model of CSP that is finer than all other models of CSP proposed thus far. It is obtained by taking a semantic equivalence from the linear time - branching time spectrum, namely divergence-preserving coupled similarity, and showing that it is a congruence for the operators of CSP. This equivalence belongs to the bisimulation family of semantic equivalences, in the sense that on transition systems without internal actions it coincides with strong bisimilarity. Nevertheless, enough of the equational laws of CSP remain to obtain a complete axiomatisation for closed, recursion-free terms.Comment: Dedicated to Bill Roscoe, on the occasion of his 60th birthda

Abstract Interpretation of Stateful Networks

Modern networks achieve robustness and scalability by maintaining states on their nodes. These nodes are referred to as middleboxes and are essential for network functionality. However, the presence of middleboxes drastically complicates the task of network verification. Previous work showed that the problem is undecidable in general and EXPSPACE-complete when abstracting away the order of packet arrival. We describe a new algorithm for conservatively checking isolation properties of stateful networks. The asymptotic complexity of the algorithm is polynomial in the size of the network, albeit being exponential in the maximal number of queries of the local state that a middlebox can do, which is often small. Our algorithm is sound, i.e., it can never miss a violation of safety but may fail to verify some properties. The algorithm performs on-the fly abstract interpretation by (1) abstracting away the order of packet processing and the number of times each packet arrives, (2) abstracting away correlations between states of different middleboxes and channel contents, and (3) representing middlebox states by their effect on each packet separately, rather than taking into account the entire state space. We show that the abstractions do not lose precision when middleboxes may reset in any state. This is encouraging since many real middleboxes reset, e.g., after some session timeout is reached or due to hardware failure

Preserving Liveness Guarantees from Synchronous Communication to Asynchronous Unstructured Low-Level Languages

In the implementation of abstract synchronous communication in asynchronous unstructured low-level languages, e.g. using shared variables, the preservation of safety and especially liveness properties is a hitherto open problem due to inherently different abstraction levels. Our approach to overcome this problem is threefold: First, we present our notion of handshake refinement with which we formally prove the correctness of the implementation relation of a handshake protocol. Second, we verify the soundness of our handshake refinement, i.e., all safety and liveness properties are preserved to the lower level. Third, we apply our handshake refinement to show the correctness of all implementations that realize the abstract synchronous communication with the handshake protocol. To this end, we employ an exemplary language with asynchronous shared variable communication. Our approach is scalable and closes the verification gap between different abstraction levels of communication

Safe abstractions of data encodings in formal security protocol models

When using formal methods, security protocols are usually modeled at a high level of abstraction. In particular, data encoding and decoding transformations are often abstracted away. However, if no assumptions at all are made on the behavior of such transformations, they could trivially lead to security faults, for example leaking secrets or breaking freshness by collapsing nonces into constants. In order to address this issue, this paper formally states sufficient conditions, checkable on sequential code, such that if an abstract protocol model is secure under a Dolev-Yao adversary, then a refined model, which takes into account a wide class of possible implementations of the encoding/decoding operations, is implied to be secure too under the same adversary model. The paper also indicates possible exploitations of this result in the context of methods based on formal model extraction from implementation code and of methods based on automated code generation from formally verified model

Information Security as Strategic (In)effectivity

Security of information flow is commonly understood as preventing any information leakage, regardless of how grave or harmless consequences the leakage can have. In this work, we suggest that information security is not a goal in itself, but rather a means of preventing potential attackers from compromising the correct behavior of the system. To formalize this, we first show how two information flows can be compared by looking at the adversary's ability to harm the system. Then, we propose that the information flow in a system is effectively information-secure if it does not allow for more harm than its idealized variant based on the classical notion of noninterference

ReverCSP: Time-Travelling in CSP Computations

[EN] This paper presents reverCSP, a tool to animate both forward and backward CSP computations. This ability to reverse computations can be done step by step or backtracking to a given desired state of interest. reverCSP allows us to reverse computations exactly in the same order in which they happened, or also in a causally-consistent way. Therefore, reverCSP is a tool that can be especially useful to comprehend, analyze, and debug computations. reverCSP is an open-source project publicly available for the community. We describe the tool and its functionality, and we provide implementation details so that it can be reimplemented for other languages.This work has been partially supported by the EU (FEDER) and the Spanish MCI/AEI under grants TIN2016-76843-C4-1-R and PID2019- 104735RB-C41, and by the Generalitat Valenciana under grant Prometeo/2019/098 (DeepTrust).Galindo-Jiménez, CS.; Nishida, N.; Silva, J.; Tamarit, S. (2020). ReverCSP: Time-Travelling in CSP Computations. Springer. 239-245. https://doi.org/10.1007/978-3-030-52482-1_14S239245Bernadet, A., Lanese, I.: A modular formalization of reversibility for concurrent models and languages. In: Proceedings of ICE 2016, EPTCS (2016)Brown, G., Sabry, A.: Reversible communicating processes. Electron. Proc. Theor. Comput. Sci. 203, 45–59 (2016)Conserva Filhoa, M., Oliveira, M., Sampaio, A., Cavalcanti, A.: Compositional and local livelock analysis for CSP. Inf. Process. Lett 133, 21–25 (2018)Danos, V., Krivine, J.: Reversible communicating systems. In: Gardner, P., Yoshida, N. (eds.) CONCUR 2004. LNCS, vol. 3170, pp. 292–307. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28644-8_19Elnozahy, E.N.M., Alvisi, L., Wang, Y.-M., Johnson, D.B.: A survey of rollback- recovery protocols in message-passing systems. ACM Comput. Surv. 34(3), 375–408 (2002)Fang, Y., Zhu, H., Zeyda, F., Fei, Y.: Modeling and analysis of the disruptor framework in csp. In: Proceedings of CCWC 2018. IEEE Computer Society (2018)Ladkin, P.B., Simons, B.B.: Static deadlock analysis for CSP-type communications. In: Fussell, D.S., Malek, M. (eds.) Responsive Computer Systems: Steps Toward Fault-Tolerant Real-Time Systems. The Springer International Series in Engineering and Computer Science, vol. 297, pp. 89–102. Springer, Boston (1995). https://doi.org/10.1007/978-1-4615-2271-3_5Landauer, R.: Irreversibility and heat generation in the computing process. IBM J. Res. Dev. 5, 183–191 (1961)Lanese, I., Antares Mezzina, C., Tiezzi, F.: Causal-consistent reversibility. Bull. EATCS 114, 17 (2014)Lanese, I., Nishida, N., Palacios, A., Vidal, G.: CauDEr: a causal-consistent reversible debugger for erlang. In: Gallagher, J.P., Sulzmann, M. (eds.) FLOPS 2018. LNCS, vol. 10818, pp. 247–263. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-90686-7_16Lanese, I., Palacios, A., Vidal, G.: Causal-consistent replay debugging for message passing programs. In: Pérez, J.A., Yoshida, N. (eds.) FORTE 2019. LNCS, vol. 11535, pp. 167–184. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21759-4_10Llorens, M., Oliver, J., Silva, J., Tamarit, S.: Dynamic slicing of concurrent specification languages. Parallel Comput. 53, 1–22 (2016)Llorens, M., Oliver, J., Silva, J., Tamarit, S.: Tracking CSP computations. J. Log. Algebr. Meth. Program. 102, 138–175 (2019)Perera, R., Garg, D., Cheney, J.: Causally consistent dynamic slicing. In Proceedings of CONCUR 2016, LIPIcs, vol. 59, pp. 18:1–18:15 (2016)Phillips, I., Ulidowski, I., Yuen, S.: A reversible process calculus and the modelling of the ERK signalling pathway. In: Glück, R., Yokoyama, T. (eds.) RC 2012. LNCS, vol. 7581, pp. 218–232. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36315-3_18Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice Hall PTR, Upper Saddle River (1997)Zhao, H., Zhu, H., Yucheng, F., Xiao, L.: Modeling and verifying storm using CSP. In: Proceedings of HASE 2019. IEEE Computer Society (2019

Run, Jump, Throw and Catch: How proficient are children attending English schools at the Fundamental Motor Skills identified as key within the school curriculum?

This study examined proficiency levels in fundamental motor skills (FMS) in children within Key Stage 1 and 2 of the English school system. Four hundred and ninety-two children aged 6–9 Years old (245 boys, 247 girls) from school Years Two (n = 130), Three (n = 154) and Four (n = 208) participated in this study. FMS for the run, jump, throw and catch were assessed using the Test of Gross Motor Development – 2. The proportion of children who achieved mastery or near mastery of the skills was determined. For the whole sample, 18.5% (n = 91) did not achieve mastery in any of the four skills. A similar proportion (18.7%, n = 92) achieved mastery in all four of the FMS examined in this study. The proportion of children achieving mastery of all four skills was lower for Year Two children (0%) compared to children in years Three (24%) and Four (25%). More boys (25.7%) achieved mastery in all four of the FMS compared to girls (11.7%). Individual behavioural components in skill performance were also examined. The results of the present study highlight that less than one-fifth of children aged 6–9 years old have mastered the four key FMS identified by the physical education (PE) curriculum despite having the developmental potential to become fundamentally competent by six years of age. Fostering positive trajectories of FMS development presents a challenge for PE specialists given the association between FMS mastery in childhood and physical activity, weight status and health.N/

Safety assurance of a high voltage controller for an industrial robotic system

Due to the risk of discharge sparks and ignition, there are strict rules concerning the safety of high voltage electrostatic systems used in industrial painting robots. In order to assure that the system fulfils its safety requirements, formal verification is an important tool to supplement traditional testing and quality assurance procedures. The work in this paper presents formal verification of the most important safety functions of a high voltage controller. The controller has been modelled as a finite state machine, which was formally verified using two different model checking software tools; Simulink Design Verifier and RoboTool. Five safety critical properties were specified and formally verified using the two tools. Simulink was chosen as a low-threshold entry point since MathWorks products are well known to most practitioners. RoboTool serves as a software tool targeted towards model checking, thus providing more advanced options for the more experienced user. The comparative study and results show that all properties were successfully verified. The verification times in both tools were in the order of a few minutes, which was within the acceptable time limit for this particular application