Results 1  10
of
13
Channel Dependent Types for HigherOrder Mobile Processes (Extended Abstract)
 In POPL’04
, 2004
"... Nobuko Yoshida Imperial College London ABSTRACT We introduce a new expressive theory of types for the higherorder pcalculus and demonstrate its applicability via nontrivial security analyses of a simple classbased language with distributed code mobility. The new theory significantly improves ..."
Abstract

Cited by 23 (6 self)
 Add to MetaCart
(Show Context)
Nobuko Yoshida Imperial College London ABSTRACT We introduce a new expressive theory of types for the higherorder pcalculus and demonstrate its applicability via nontrivial security analyses of a simple classbased language with distributed code mobility. The new theory significantly improves our previous one presented in [52] by the use of channel dependent/existential types. New dependent types control dynamic change of process accessibility via channel passing, while existential types guarantee safe scopeextrusion in higherorder process passing. This solves an open issue in [52], leading to significant enlargement of original typability. Two basic security concerns for mobile computation, secrecy for data confidentiality and access controls for authorised resources are analysed in a uniform typebased static framework, culminating in the noninterference theorem and authorityerror freedom in the presence of higherorder code mobility. The generality and expressiveness of the new type discipline are tested with a sound embedding of multithreaded classbased language with dynamic code/class distribution, enforcing secrecy and accessibility.
A Calculus for Modeling Software Components
, 2002
"... Many competing definitions of software components have been proposed over the years, but still today there is only partial agreement over such basic issues as granularity (are components bigger or smaller than objects, packages, or application?), instantiation (do components exist at runtime or ..."
Abstract

Cited by 19 (3 self)
 Add to MetaCart
Many competing definitions of software components have been proposed over the years, but still today there is only partial agreement over such basic issues as granularity (are components bigger or smaller than objects, packages, or application?), instantiation (do components exist at runtime or only at compiletime?), and state (should we distinguish between components and "instances" of components?).
Abstractions for FaultTolerant Global Computing
, 2003
"... ... This paper introduces the pikcalculus and the pikecalculus, kernel programming languages for faulttolerant distributed programming. The calculi incorporate various abstractions for fault tolerance, from which several forms of distributed transactions and optimistic computation may be built ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
(Show Context)
... This paper introduces the pikcalculus and the pikecalculus, kernel programming languages for faulttolerant distributed programming. The calculi incorporate various abstractions for fault tolerance, from which several forms of distributed transactions and optimistic computation may be built. As an example application, a calculus of atomic failures is presented, the atfcalculus, and its encoding in the pikcalculus used to verify a correctness property. The pik
A calculus for reasoning about software composition
 Theoretical Computer Science
, 2005
"... www.iam.unibe.ch/∼scg Although the term software component has become commonplace, there is no universally accepted definition of the term, nor does there exist a common foundation for specifying various kinds of components and their compositions. We propose such a foundation. The Piccola calculus i ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
(Show Context)
www.iam.unibe.ch/∼scg Although the term software component has become commonplace, there is no universally accepted definition of the term, nor does there exist a common foundation for specifying various kinds of components and their compositions. We propose such a foundation. The Piccola calculus is a process calculus, based on the asynchronous πcalculus, extended with explicit namespaces. The calculus is highlevel, rather than minimal, and is consequently convenient for expressing and reasoning about software components, and different styles of composition. We motivate and present the calculus, and outline how it is used to specify the semantics of Piccola, a small composition language. We demonstrate how the calculus can be used to simplify compositions by partial evaluation, and we briefly outline some other applications of the calculus to reasoning about compositional styles.
A Semantic Theory for Global Computing Systems
, 2004
"... We introduce cKlaim, a process calculus that can be thought of as a variant of the #calculus with process distribution, process mobility and asynchronous communication through distributed repositories. Upon it, we develop a semantic theory to reason about programs. More precisely, we introduce a ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
We introduce cKlaim, a process calculus that can be thought of as a variant of the #calculus with process distribution, process mobility and asynchronous communication through distributed repositories. Upon it, we develop a semantic theory to reason about programs. More precisely, we introduce a natural contextually defined behavioural semantics, give a coinductive characterization in terms of a labelled bisimulation and illustrate some significant laws. Then, we smoothly tune the theory to model two more concrete settings obtained by explicitly considering failures and node connections, two lowlevel features that in real life can a#ect the underlying network infrastructure and, hence, the ability of processes to perform remote operations.
Welcome to the Jungle A subjective guide to mobile process calculi
"... Abstract. Almost 30 years ago, the research on process calculi gained a lot of momentum with the invention of ACP, CCS and CSP. Later on, but also already 20 years ago, researchers started to consider socalled mobile variants of process calculi, in which communication channels were themselves treat ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Almost 30 years ago, the research on process calculi gained a lot of momentum with the invention of ACP, CCS and CSP. Later on, but also already 20 years ago, researchers started to consider socalled mobile variants of process calculi, in which communication channels were themselves treated as the exchanged data. The original Pi Calculus arose out of a reformulation and extension of CCS. In turn, it boosted the invention and study of a whole zoo of further process calculi. In this tutorial, we provide a bird’seye view on the jungle of results, techniques and subtleties about mobile process calculi. Next to a rough overview on the zoo of calculi, this includes the coverage of both semantic and pragmatic aspects, ranging from notions of equivalence and expressiveness to challenging application domains. Disclaimer This document does not intend to constitute yet another, possibly updated bibliographic article about mobile process calculi. There have been several already. To my knowledge, Kohei Honda did the first one in 1998, published online. Silvano DalZilio did another one in 2001 [Dal01], integrating references to “truly mobile ” calculi reminiscent of Mobile Ambients. Finally, during the years 1994– 2003, Björn Victor and I actively comaintained an online bibliography and web pages on the topic of Calculi for Mobile Processes [NV98]. When we stopped updating the bibfiles, the corresponding L ATEX’ed version of the complete bibliography was 29 pages long, of course not even being complete at that time. This document neither intends to constitute a typical technical tutoriallike introduction to mobile process calculi. There have been several already. The usual suspects that I would recommend are the ones listed on the mobility web pages, carefully written by Milner et. al. [MPW92,Mil99], Parrow [Par01],
Access Control Based on Code Identity for Open Distributed Systems
"... Abstract. In computing systems, trust is an expectation on the dynamic behavior of an agent; static analysis is a collection of techniques for establishing static bounds on the dynamic behavior of an agent. We study the relationship between code identity, static analysis and trust in open distribute ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In computing systems, trust is an expectation on the dynamic behavior of an agent; static analysis is a collection of techniques for establishing static bounds on the dynamic behavior of an agent. We study the relationship between code identity, static analysis and trust in open distributed systems. Our primary result is a robust safety theorem expressed in terms of a distributed higherorder picalculus with code identity and a primitive for remote attestation; types in the language make use of a rich specification language for access control policies.
Reflections on Trust Trust Assurance by Dynamic Discovery of Static Properties
"... Abstract. Static analyses allow dangerous code to be rejected before it runs. The distinct security concerns of code providers and end users necessitate that analysis be performed, or at least confirmed, during deployment rather than development; examples of this approach include bytecode verificati ..."
Abstract
 Add to MetaCart
Abstract. Static analyses allow dangerous code to be rejected before it runs. The distinct security concerns of code providers and end users necessitate that analysis be performed, or at least confirmed, during deployment rather than development; examples of this approach include bytecode verification and proofcarrying code. The situation is more complex in multiparty distributed systems, in which the multiple web services deploying code may have their own competing interests. Applying static analysis techniques to such systems requires the ability to identify the codebase running at a remote location and to dynamically determine the static properties of a codebase associated with an identity. In this paper, we provide formal foundations for these requirements. Rather than craft specialpurpose combinators to address these specific concerns, we define a reflective, higherorder applied pi calculus and apply it. We treat process abstractions as serialized program files, and thus permit the direct observation of process syntax. This leads to a semantics quite different from that of higherorder pi or applied pi. 1 Security in Distributed Open Systems
Localité Dans Le PiCalcul Et Applications Aux . . .
, 2000
"... This thesis is concerned with the calculus, the prototypical namepassing calculus of mobile processes, i.e. processes with a dynamically changing communication topology. Through the years, several variants and/or subcalculi of the calculus have been proposed to naturally model, and prove properti ..."
Abstract
 Add to MetaCart
This thesis is concerned with the calculus, the prototypical namepassing calculus of mobile processes, i.e. processes with a dynamically changing communication topology. Through the years, several variants and/or subcalculi of the calculus have been proposed to naturally model, and prove properties of, important classes of distributed concurrent systems. We introduce the Local calculus, L, an asynchronous variant of the calculus, where the process receiving a name may only use it in output actions. L can be seen as a simple basis of concurrent and/or distributed languages such as Pict and Join. We study the foundational theory of L. The behavioural equivalence we adopt in the calculus is barbed congruence. We give two labelled bisimilarities which characterise barbed congruence in L. The first is based on an embedding of L into a subcalculus where all names emitted are private. The second is based on a new labelled transition system which reveals what is observable in L. Our bisimilarities form congruence relations and can be enhanced by means of upto proof techniques. In the characterisation proofs, no matching construct for testing equality between names is used. One of the main motivations of L is its rich algebraic theory. A certain number of applications of this theory is presented, including a fullyabstract encoding of polyadic L into monadic L. Much of the theory of L is generalised to the asynchronous , a , in which there is no constraint on received names. Applications of this new theory of a include: (i) a fullyabstract encoding of external mobility (global names are communicated) in terms of internal mobility (only private names are communicated); (ii) a fullyabstract encoding of an asynchronous variant of the Fusion calculus into a . Finally...