Results 1  10
of
187
KLAIM: a Kernel Language for Agents Interaction and Mobility
 IEEE Transactions on Software Engineering
, 1997
"... We investigate the issue of designing a kernel programming language for Mobile Computing and describe Klaim, a language that supports a programming paradigm where processes, like data, can be moved from one computing environment to another. The language consists of a core Linda with multiple tuple s ..."
Abstract

Cited by 258 (62 self)
 Add to MetaCart
We investigate the issue of designing a kernel programming language for Mobile Computing and describe Klaim, a language that supports a programming paradigm where processes, like data, can be moved from one computing environment to another. The language consists of a core Linda with multiple tuple spaces and of a set of operators for building processes. Klaim naturally supports programming with explicit localities. Localities are firstclass data (they can be manipulated like any other data), but the language provides coordination mechanisms to control the interaction protocols among located processes. The formal operational semantics is useful for discussing the design of the language and provides guidelines for implementations. Klaim is equipped with a type system that statically checks access rights violations of mobile agents. Types are used to describe the intentions (read, write, execute, etc.) of processes in relation to the various localities. The type system is used...
Resource Access Control in Systems of Mobile Agents
 Information and Computation
, 1998
"... INTRODUCTION Mobile computation, where independent agents roam widely distributed networks in search of resources and information, is fast becoming a reality. A number of programming languages, APIs and protocols have recently emerged which seek to provide highlevel support for mobile agents. These ..."
Abstract

Cited by 212 (18 self)
 Add to MetaCart
(Show Context)
INTRODUCTION Mobile computation, where independent agents roam widely distributed networks in search of resources and information, is fast becoming a reality. A number of programming languages, APIs and protocols have recently emerged which seek to provide highlevel support for mobile agents. These include Java [30], Odyssey [15], Aglets [19], Voyager [24] and the latest revisions of the Internet protocol [25, 2]. In addition to these commercial efforts, many prototype languages have been developed and implemented within the programming language research community  examples include Linda [8, 9], Facile [16], Obliq [7], Infospheres [11], the join calculus [13], and Nomadic Pict [33]. In this paper we address the issue of resource access control for such languages. Central to the paradigm of mobile computation are the notions of agent, resource and location. Agents are effective entities that perform computation and interact with other First publis
detecting the unexpected in distributed systems
 In NSDI’06: Proceedings of the 3rd conference on 3rd Symposium on Networked Systems Design & Implementation
"... Bugs in distributed systems are often hard to find. Many bugs reflect discrepancies between a system’s behavior and the programmer’s assumptions about that behavior. We present Pip 1, an infrastructure for comparing actual behavior and expected behavior to expose structural errors and performance pr ..."
Abstract

Cited by 141 (7 self)
 Add to MetaCart
(Show Context)
Bugs in distributed systems are often hard to find. Many bugs reflect discrepancies between a system’s behavior and the programmer’s assumptions about that behavior. We present Pip 1, an infrastructure for comparing actual behavior and expected behavior to expose structural errors and performance problems in distributed systems. Pip allows programmers to express, in a declarative language, expectations about the system’s communications structure, timing, and resource consumption. Pip includes system instrumentation and annotation tools to log actual system behavior, and visualization and query tools for exploring expected and unexpected behavior 2. Pip allows a developer to quickly understand and debug both familiar and unfamiliar systems. We applied Pip to several applications, including FAB, SplitStream, Bullet, and RanSub. We generated most of the instrumentation for all four applications automatically. We found the needed expectations easy to write, starting in each case with automatically generated expectations. Pip found unexpected behavior in each application, and helped to isolate the causes of poor performance and incorrect behavior. 1
The Polymorphic Picalculus: Theory and Implementation
, 1995
"... We investigate whether the πcalculus is able to serve as a good foundation for the design and implementation of a stronglytyped concurrent programming language. The first half of the dissertation examines whether the πcalculus supports a simple type system which is flexible enough to provide a su ..."
Abstract

Cited by 109 (0 self)
 Add to MetaCart
We investigate whether the πcalculus is able to serve as a good foundation for the design and implementation of a stronglytyped concurrent programming language. The first half of the dissertation examines whether the πcalculus supports a simple type system which is flexible enough to provide a suitable foundation for the type system of a concurrent programming language. The second half of the dissertation considers how to implement the πcalculus efficiently, starting with an abstract machine for πcalculus and finally presenting a compilation of πcalculus to C. We start the dissertation by presenting a simple, structural type system for πcalculus, and then, after proving the soundness of our type system, show how to infer principal types for πterms. This simple type system can be extended to include useful typetheoretic constructions such as recursive types and higherorder polymorphism. Higherorder polymorphism is important, since it gives us the ability to implement abstract datatypes in a typesafe manner, thereby providing a greater degree of modularity for πcalculus programs. The functional computational paradigm plays an important part in many programming languages. It is wellknown that the πcalculus can encode functional computation. We go further and show that the type structure of λterms is preserved by such encodings, in the sense that we can relate the type of a λterm to the type of its encoding in the πcalculus. This means that a πcalculus programming language can genuinely support typed functional programming as a special case. An efficient implementation of πcalculus is necessary if we wish to consider πcalculus as an operational foundation for concurrent programming. We first give a simple abstract machine for πcalculus and prove it correct. We then show how this abstract machine inspires a simple, but efficient, compilation of πcalculus to C (which now forms the basis of the Pict programming language implementation).
A Uniform Type Structure for Secure Information Flow
, 2002
"... The \picalculus is a formalism of computing in which we can compositionally represent dynamics of major programming constructs by decomposing them into a single communication primitive, the name passing. This work reports our experience in using a linear/affine typed \picalculus for the analysis a ..."
Abstract

Cited by 93 (14 self)
 Add to MetaCart
The \picalculus is a formalism of computing in which we can compositionally represent dynamics of major programming constructs by decomposing them into a single communication primitive, the name passing. This work reports our experience in using a linear/affine typed \picalculus for the analysis and development of type systems of programming languages, focussing on secure information flow analysis. After presenting a basic typed calculus for secrecy, we demonstrate its usage by a sound embedding of the dependency core calculus (DCC) and by the development of a novel type discipline for imperative programs which extends both a secure multithreaded imperative language by Smith and Volpano and (a callbyvalue version of) DCC. In each case, the embedding gives a simple proof of noninterference.
Models of Sharing Graphs: A Categorical Semantics of let and letrec
, 1997
"... To my parents A general abstract theory for computation involving shared resources is presented. We develop the models of sharing graphs, also known as term graphs, in terms of both syntax and semantics. According to the complexity of the permitted form of sharing, we consider four situations of sha ..."
Abstract

Cited by 76 (9 self)
 Add to MetaCart
(Show Context)
To my parents A general abstract theory for computation involving shared resources is presented. We develop the models of sharing graphs, also known as term graphs, in terms of both syntax and semantics. According to the complexity of the permitted form of sharing, we consider four situations of sharing graphs. The simplest is firstorder acyclic sharing graphs represented by letsyntax, and others are extensions with higherorder constructs (lambda calculi) and/or cyclic sharing (recursive letrec binding). For each of four settings, we provide the equational theory for representing the sharing graphs, and identify the class of categorical models which are shown to be sound and complete for the theory. The emphasis is put on the algebraic nature of sharing graphs, which leads us to the semantic account of them. We describe the models in terms of the notions of symmetric monoidal categories and functors, additionally with symmetric monoidal adjunctions and traced
Trust and Partial Typing in Open Systems of Mobile Agents
, 1998
"... . We present a partiallytyped semantics for Dp, a distributed pcalculus. The semantics is designed for mobile agents in open distributed systems in which some sites may harbor malicious intentions. Nonetheless, the semantics guarantees traditional typesafety properties at good locations by using ..."
Abstract

Cited by 74 (10 self)
 Add to MetaCart
(Show Context)
. We present a partiallytyped semantics for Dp, a distributed pcalculus. The semantics is designed for mobile agents in open distributed systems in which some sites may harbor malicious intentions. Nonetheless, the semantics guarantees traditional typesafety properties at good locations by using a mixture of static and dynamic typechecking. We show how the semantics can be extended to allow trust between sites, improving performance and expressiveness without compromising typesafety. 1 Introduction In [12] we presented a type system for controlling the use of resources in a distributed system, or network. The type system guarantees two properties: resource access is always safe, e.g. integer resources are always accessed with integers and string resources are always accessed with strings, and resource access is always authorized, i.e. resources may only be accessed by agents that have been granted permission to do so. While these properties are desirable, they are properti...
Proof Techniques for Cryptographic Processes
 in 14th Annual IEEE Symposium on Logic in Computer Science
, 1999
"... Contextual equivalences for cryptographic process calculi, like the spicalculus, can be used to reason about correctness of protocols, but their definition suffers from quantification over all possible contexts. Here, we focus on two such equivalences, namely maytesting and barbed equivalence, and ..."
Abstract

Cited by 70 (8 self)
 Add to MetaCart
(Show Context)
Contextual equivalences for cryptographic process calculi, like the spicalculus, can be used to reason about correctness of protocols, but their definition suffers from quantification over all possible contexts. Here, we focus on two such equivalences, namely maytesting and barbed equivalence, and investigate tractable proof methods for them. To this aim, we design an enriched labelled transition system, where transitions are constrained by the knowledge the environment has of names and keys. The new transition system is then used to define a trace equivalence and a weak bisimulation equivalence, that avoid quantification over contexts. Our main results are soundness and completeness of trace and weak bisimulation equivalence with respect to maytesting and barbed equivalence, respectively. They lead to more direct proof methods for equivalence checking. The use of these methods is illustrated with a few examples, concerning implementation of secure channels and verification of proto...
Types and subtypes for clientserver interactions
 Proceedings of the 1999 European Symposium on Programming, number 1576 in Lecture Notes in Computer Science
, 1999
"... Abstract. We define an extension of the πcalculus with a static type system which supports highlevel specifications of extended patterns of communication, such as clientserver protocols. Subtyping allows protocol specifications to be extended in order to describe richer behaviour; an implemented ..."
Abstract

Cited by 61 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We define an extension of the πcalculus with a static type system which supports highlevel specifications of extended patterns of communication, such as clientserver protocols. Subtyping allows protocol specifications to be extended in order to describe richer behaviour; an implemented server can then be replaced by a refined implementation, without invalidating typecorrectness of the overall system. We use the POP3 protocol as a concrete example of this technique. 1
A new type system for deadlockfree processes
 In CONCUR’06, volume 4137 of LNCS
, 2006
"... Abstract. We extend a previous type system for the πcalculus that guarantees deadlockfreedom. The previous type systems for deadlockfreedom either lacked a reasonable type inference algorithm or were not strong enough to ensure deadlockfreedom of processes using recursion. Although the extension ..."
Abstract

Cited by 60 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We extend a previous type system for the πcalculus that guarantees deadlockfreedom. The previous type systems for deadlockfreedom either lacked a reasonable type inference algorithm or were not strong enough to ensure deadlockfreedom of processes using recursion. Although the extension is fairly simple, the new type system admits type inference and is much more expressive than the previous type systems that admit type inference. In fact, we show that the simplytyped λcalculus with recursion can be encoded into the deadlockfree fragment of our typed πcalculus. To enable analysis of realistic programs, we also present an extension of the type system to handle recursive data structures like lists. Both extensions have already been incorporated into the recent release of TyPiCal, a typebased analyzer for the πcalculus. 1