Bigraphs are graphs whose nodes may be nested, representing locality, independently of the edges connecting them. They may be equipped with reaction rules, forming a bigraphical reactive system (Brs) in which bigraphs can reconfigure themselves. Following an earlier paper describing link graphs, a constituent of bigraphs, this paper is a devoted to pure bigraphs, which in turn underlie various more refined forms. Elsewhere it is shown that behavioural analysis for Petri nets, π-calculus and mobile ambients can all be recovered in the uniform framework of bigraphs. The paper first develops the dynamic theory of an abstract structure, a wide reactive system (Wrs), of which a Brs is an instance. In this context, labelled transitions are defined in such a way that the induced bisimilarity is a congruence. This work is then specialised to Brss, whose graphical structure allows many refinements of the theory. The latter part of the paper emphasizes bigraphical theory that is relevant to the treatment of dynamics via labelled transitions. As a running example, the theory is applied to finite pure CCS, whose resulting transition system and bisimilarity are analysed in detail. The paper also mentions briefly the use of bigraphs to model pervasive computing and

Abstract not found

We study a behavioural theory of Mobile Ambients, a process calculus for modelling mobile agents in wide-area networks, focussing on reduction barbed congruence. Our contribution is threefold. (1) We prove a context lemma which shows that only parallel and nesting contexts need be examined to recover this congruence. (2) We characterise this congruence using a labelled bisimilarity: this requires novel techniques to deal with asynchronous movements of agents and with the invisibility of migrations of secret locations. (3) We develop refined proof methods involving up-to proof techniques, which allow us to verify a set of algebraic laws and the correctness of more complex examples.

We discuss a basic process calculus useful for modelling applications over global computing systems and present the associated semantic theories as determined by some basic notions of observation. The main features of the calculus are explicit distribution, remote operations, process mobility and asynchronous communication through distributed data spaces. We introduce some natural notions of extensional observations and study their closure under operational reductions and/or language contexts to obtain barbed congruence and may testing. For these equivalences, we provide alternative tractable characterizations as labelled bisimulation and trace equivalence. We discuss some of the induced equational laws and relate them to design choices of the calculus. In particular, we show that some of these laws do not hold any longer if the language is rendered less abstract by introducing (asynchronous and undetectable) failures or by implementing remote communications via process migrations and local exchanges. In both

First of all, I would like to thank my supervisor Dr. Iain C. C. Phillips, for his support and collaboration during this period of research. I thank Iain for having taught me to be more precise and sharp, and for long, detailed and inspiring discussions on the topic of this dissertation. Finally I thank him for his enormous patience towards my stubbornness. I would like to thank Dr. Nobuko Yoshida for many useful discussions and for being very supportive and positive about my work. To Sergio Maffeis go thanks for many discussions on various subjects of research and philosophy during the last two years at Imperial College. He suggested an improvement to the solution for the leader election problem for the Ambient Calculus. I would like to thank also Andrew Phillips, and the concurrency group at Imperial for the Monday lunch meetings. This has been a wonderful forum for discussing various aspects of my work. I like to thank Prof. Chris Hankin and Dr. Sophia Drossopoulou for helping me on various occasions with administrative problems and (especially Chris) for supporting most of my travelling. I do not know how I could have ever achieved this without my husband, Steffen van Bakel. He

A programming notation is introduced that can be used for protecting secrecy and integrity of data in global computing applications. The approach is based on the explicit annotations of data and network nodes. Data are tagged with information about the allowed movements, while network nodes are tagged with information about which nodes can send data and spawn processes over them. These restrictions/annotations are used to confine the movement of data and processes. First, a general framework for describing global computing applications is proposed and the issues related to confinement are discussed in such a context. Then, the general framework is instantiated onto three models for process interaction and mobility, namely cKlaim (the kernel of Klaim), D# (a distributed version of the #-calculus) and M (a variant of the Mobile Ambient Calculus). For all of these formalisms, it is shown that their semantics guarantees that computations proceed only while respecting confinement constraints. It is proven that, after successful static type checking, data can reside at, and cross only, authorized nodes. Possible "localizations" of this property are discussed that require checking only relevant sub-nets. Finally, the theory is used to model secure behaviours of a UNIX-like multiuser system.

We develop a semantics theory for SAP, a variant of Levi and Sangiorgi’s Safe Ambients, SA. The dynamics of SA relies upon capabilities (and co-capabilities) exercised by mobile agents, called ambients, to interact with each other. These capabilities contain references, the names of ambients with which they wish to interact. In SAP we generalise the notion of capability: in order to interact with an ambient n, an ambient m must exercise a capability indicating both n and a password h to access n; the interaction between n and m takes place only if n is willing to perform a corresponding co-capability with the same password h. The name h can also be looked upon as a port to access ambient n via port h. In SAP by managing passwords/ports, for example generating new ones and distributing them selectively, an ambient may now program who may migrate into its computation space, and when. Moreover in SAP an ambient may provide different services/resources depending on the port accessed by the incoming clients. Then, we give an lts-based operational semantics for SAP and a labelled bisimulation equivalence which is proved to coincide with reduction barbed congruence. We use our notion of bisimulation to prove a set of algebraic laws which are subsequently exploited to prove more significant examples.

We introduce cKlaim, a process calculus that can be thought of as a variant of the #-calculus with process distribution, process mobility and asynchronous communication through distributed repositories. Upon it, we develop a semantic theory to reason about programs. More precisely, we introduce a natural contextually defined behavioural semantics, give a coinductive characterization in terms of a labelled bisimulation and illustrate some significant laws. Then, we smoothly tune the theory to model two more concrete settings obtained by explicitly considering failures and node connections, two low-level features that in real life can a#ect the underlying network infrastructure and, hence, the ability of processes to perform remote operations.

The operational semantics of interactive systems is usually described by labeled transition systems. Abstract semantics is defined in terms of bisimilarity that, in the finite case, can be computed via the well-known partition refinement algorithm. However, the behaviour of interactive systems is in many cases infinite and thus checking bisimilarity in this way is unfeasible. Symbolic semantics allows to define smaller, possibly finite, transition systems, by employing symbolic actions and avoiding some sources of infiniteness. Unfortunately, the standard partition refinement algorithm does not work with symbolic bisimilarity.

Abstract. The operational semantics of interactive systems is usually described by labeled transition systems. Abstract semantics (that is defined in terms of bisimilarity) is characterized by the final morphism in some category of coalgebras. Since the behaviour of interactive systems is for many reasons infinite, symbolic semantics were introduced as a mean to define smaller, possibly finite, transition systems, by employing symbolic actions and avoiding some sources of infiniteness. Unfortunately, symbolic bisimilarity has a different “shape ” with respect to ordinary bisimilarity, and thus the standard coalgebraic characterization does not work. In this paper, we introduce its coalgebraic models. 1