Results 11  20
of
212
TypeSafe Execution of Mobile Agents in Anonymous Networks
 In Secure Internet Programming: Security Issues for Distributed and Mobile Objects, Lecture Notes in Computer Science
, 1998
"... . We present a partiallytyped semantics for Dp, a distributed pcalculus. The semantics is designed for open distributed systems in which some sites may harbor malicious agents. Nonetheless, the semantics guarantee traditional typesafety properties at "good" locations by using a mixture ..."
Abstract

Cited by 38 (2 self)
 Add to MetaCart
(Show Context)
. We present a partiallytyped semantics for Dp, a distributed pcalculus. The semantics is designed for open distributed systems in which some sites may harbor malicious agents. Nonetheless, the semantics guarantee traditional typesafety properties at "good" locations by using a mixture of static and dynamic typechecking. The runtime semantics is built on the model of an anonymous network where the source of incoming agents is unknowable. To counteract possible misuse of resources all sites keep a record of local resources against which incoming agents are dynamically typechecked. 1 Introduction In [7] we presented a type system for controlling the use of resources in a distributed system. The type system guarantees that resource access is always safe, in the sense that, for example, integer channels are always used with integers and boolean channels are always used with booleans. The type system of [7], however, requires that all agents in the system be welltyped. In open syste...
A Process Calculus for Mobile Ad Hoc Networks
"... Abstract. We present the ωcalculus, a process calculus for formally modeling and reasoning about Mobile Ad Hoc Wireless Networks (MANETs) and their protocols. The ωcalculus naturally captures essential characteristics of MANETs, including the ability of a MANET node to broadcast a message to any o ..."
Abstract

Cited by 38 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present the ωcalculus, a process calculus for formally modeling and reasoning about Mobile Ad Hoc Wireless Networks (MANETs) and their protocols. The ωcalculus naturally captures essential characteristics of MANETs, including the ability of a MANET node to broadcast a message to any other node within its physical transmission range (and no others), and to move in and out of the transmission range of other nodes in the network. A key feature of the ωcalculus is the separation of a node’s communication and computational behavior, described by an ωprocess, from the description of its physical transmission range, referred to as an ωprocess interface. Our main technical results are as follows. We give a formal operational semantics of the ωcalculus in terms of labeled transition systems and show that the state reachability problem is decidable for finitecontrol ωprocesses. We also prove that the ωcalculus is a conservative extension of the πcalculus, and that late bisimulation (appropriately lifted from the πcalculus to the ωcalculus) is a congruence. Congruence results are also established for a weak version of late bisimulation, which abstracts away from two types of internal actions: τactions, as in the πcalculus, and µactions, signaling node movement. Finally, we illustrate the practical utility of the calculus by developing and analyzing a formal model of a leaderelection protocol for MANETs. 1
The Klaim Project: Theory and Practice
 GLOBAL COMPUTING: PROGRAMMING ENVIRONMENTS, LANGUAGES, SECURITY AND ANALYSIS OF SYSTEMS, VOLUME 2874 OF LNCS
, 2003
"... Klaim (Kernel Language for Agents Interaction and Mobility) is an experimental language specifically designed to program distributed systems consisting of several mobile components that interact through multiple distributed tuple spaces. Klaim primitives allow programmers to distribute and retri ..."
Abstract

Cited by 37 (15 self)
 Add to MetaCart
Klaim (Kernel Language for Agents Interaction and Mobility) is an experimental language specifically designed to program distributed systems consisting of several mobile components that interact through multiple distributed tuple spaces. Klaim primitives allow programmers to distribute and retrieve data and processes to and from the nodes of a net. Moreover, localities are firstclass citizens that can be dynamically created and communicated over the network. Components, both stationary and mobile, can explicitly refer and control the spatial structures of the network. This paper
Using Ambients to Control Resources
, 2002
"... Current software and hardware systems, being parallel and recon gurable, raise new safety and reliability problems, and the resolution of these problems requires new methods. Numerous proposals attempt at reducing the threat of bugs and preventing several kinds of attacks. In this paper, we dev ..."
Abstract

Cited by 36 (9 self)
 Add to MetaCart
Current software and hardware systems, being parallel and recon gurable, raise new safety and reliability problems, and the resolution of these problems requires new methods. Numerous proposals attempt at reducing the threat of bugs and preventing several kinds of attacks. In this paper, we develop an extension of the calculus of Mobile Ambients, named Controlled Ambients, that is suited for expressing such issues, speci cally Denial of Service attacks. We present a type system for Controlled Ambients, which makes resource control possible in our setting.
A theoretical basis of communicationcentred concurrent programming
, 2006
"... This document presents two different paradigms of description of communication behaviour, one focussing on global message flows and another on endpoint behaviours, as formal calculi based on session types. The global calculus originates from Choreography Description Language, a web service descript ..."
Abstract

Cited by 35 (11 self)
 Add to MetaCart
This document presents two different paradigms of description of communication behaviour, one focussing on global message flows and another on endpoint behaviours, as formal calculi based on session types. The global calculus originates from Choreography Description Language, a web service description language developed by W3C WSCDL working group. The endpoint calculus is a typed πcalculus. The global calculus describes an interaction scenario from a vantage viewpoint; the endpoint calculus precisely identifies a local behaviour of each participant. After introducing the static and dynamic semantics of these two calculi, we explore a theory of endpoint projection which defines three principles for wellstructured global description. The theory then defines a translation under the three principles which is sound and complete in the sense that all and only behaviours specified in the global description are realised as communications among endpoint processes. Throughout the theory, underlying type structures play a fundamental role. The document is divided in two parts: part I introduces the two descriptive frameworks using simple but nontrivial examples; the second part establishes a theory of the global and endpoint formalisms.
Towards a unified approach to encodability and separation results for process calculi
 Proc. of 19th International Conference on Concurrency Theory (CONCUR’08), number 5201 in LNCS
, 2008
"... Abstract. In this paper, we present a unified approach to evaluating the relative expressive power of process calculi. In particular, we identify a small set of criteria (that have already been somehow presented in the literature) that an encoding should satisfy to be considered a good means for lan ..."
Abstract

Cited by 34 (6 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we present a unified approach to evaluating the relative expressive power of process calculi. In particular, we identify a small set of criteria (that have already been somehow presented in the literature) that an encoding should satisfy to be considered a good means for language comparison. We argue that the combination of such criteria is a valid proposal by noting that: (i) the best known encodings appeared in the literature satisfy them; (ii) this notion is not trivial, because there exist encodings that do not satisfy all the criteria we have proposed; (iii) the best known separation results can be formulated in terms of our criteria; and (iv) some widely believed (but never formally proved) separation results can be proved by using the criteria we propose. Moreover, the way in which we prove known separation results is easier and more uniform than the way in which such results were originally proved. 1
Subtyping and Locality in Distributed Higher Order Processes (Extended Abstract)
, 1999
"... . This paper studies one important aspect of distributed systems, locality, using a calculus of distributed higherorder processes in which not only basic values or channels, but also parameterised processes are transferred across distinct locations. An integration of the subtyping of lcalculus a ..."
Abstract

Cited by 34 (4 self)
 Add to MetaCart
(Show Context)
. This paper studies one important aspect of distributed systems, locality, using a calculus of distributed higherorder processes in which not only basic values or channels, but also parameterised processes are transferred across distinct locations. An integration of the subtyping of lcalculus and IOsubtyping of the pcalculus offers a tractable tool to control the locality of channel names in the presence of distributed higher order processes. Using a local restriction on channel capabilities together with a subtyping relation, locality is preserved during reductions even if we allow new receptors to be dynamically created by instantiation of arbitrary higherorder values and processes. We also show that our method is applicable to more general constraints, based on local and global channel capabilities. 1 Introduction There have been a number of attempts at adapting traditional process calculi, such as CCS and CSP, so as to provide support for the modelling of certain asp...
On the Expressive Power of Polyadic Synchronisation in πCalculus
, 2003
"... We extend the πcalculus with polyadic synchronisation, a generalisation of the communication mechanism which allows channel names to be composite. We show that this operator embeds nicely in the theory of πcalculus, we suggest that it permits divergencefree encodings of distributed calculi, and w ..."
Abstract

Cited by 33 (9 self)
 Add to MetaCart
We extend the πcalculus with polyadic synchronisation, a generalisation of the communication mechanism which allows channel names to be composite. We show that this operator embeds nicely in the theory of πcalculus, we suggest that it permits divergencefree encodings of distributed calculi, and we show that a limited form of polyadic synchronisation can be encoded weakly in πcalculus. After showing that matching cannot be derived in πcalculus, we compare the expressivity of polyadic synchronisation, mixed choice and matching. In particular we show that the degree of synchronisation of a language increases its expressive power by means of a separation result in the style of Palamidessi's result for mixed choice.
Validating a Web Service Security Abstraction by Typing
, 2002
"... An XML web service is, to a first approximation, an RPC service in which requests and responses are encoded in XML as SOAP envelopes, and transported over HTTP. We consider the problem of authenticating requests and responses at the SOAPlevel, rather than relying on transportlevel security. We ..."
Abstract

Cited by 33 (7 self)
 Add to MetaCart
(Show Context)
An XML web service is, to a first approximation, an RPC service in which requests and responses are encoded in XML as SOAP envelopes, and transported over HTTP. We consider the problem of authenticating requests and responses at the SOAPlevel, rather than relying on transportlevel security. We propose a security abstraction, inspired by earlier work on secure RPC, in which the methods exported by a web service are annotated with one of three security levels: none, authenticated, or both authenticated and encrypted. We model our abstraction as an object calculus with primitives for defining and calling web services. We describe the semantics of our object calculus by translating to a lowerlevel language with primitives for message passing and cryptography. To validate our semantics, we embed correspondence assertions that specify the correct authentication of requests and responses. By appeal to the type theory for cryptographic protocols of Gordon and Jeffrey's Cryptyc, we verify the correspondence assertions simply by typing. Finally, we describe an implementation of our semantics via custom SOAP headers.
The Seal Calculus
, 2005
"... The Seal Calculus is a process language for describing mobile computation. Threads and resources are tree structured; the nodes thereof correspond to agents, the units of mobility. The Calculus extends a �calculus core with synchronous, objective mobility of agents over channels. This paper syste ..."
Abstract

Cited by 31 (0 self)
 Add to MetaCart
The Seal Calculus is a process language for describing mobile computation. Threads and resources are tree structured; the nodes thereof correspond to agents, the units of mobility. The Calculus extends a �calculus core with synchronous, objective mobility of agents over channels. This paper systematically compares all previous variants of Seal Calculus. We study their operational behaviour with labelled transition systems and bisimulations; by comparing the resulting algebraic theories we highlight the differences between these apparently similar approaches. This leads us to identify the dialect of Seal that is most amenable to operational reasoning and can form the basis of a distributed programming language. We propose type systems for characterising the communications in which an agent can engage. The type systems thus enforce a discipline of agent mobility, since the latter is coded in terms of higherorder communication.