Results 1  10
of
14
SafeDPi: A language for controlling mobile code
 In Proc. FOSSACS, LNCS 2987
, 2003
"... Abstract. safeDpi is a distributed version of the Picalculus, in which processes are located at dynamically created sites. Parametrised code may be sent between sites using socalled ports, which are essentially higherorder versions of Picalculus communication channels. A host location may protect ..."
Abstract

Cited by 43 (5 self)
 Add to MetaCart
Abstract. safeDpi is a distributed version of the Picalculus, in which processes are located at dynamically created sites. Parametrised code may be sent between sites using socalled ports, which are essentially higherorder versions of Picalculus communication channels. A host location may protect itself by only accepting code which conforms to a given type associated to the incoming port. We define a sophisticated static type system for these ports, which restrict the capabilities and access rights of any processes launched by incoming code. Dependent and existential types are used to add flexibility, allowing the behaviour of these launched processes, encoded as process types, to depend on the host’s instantiation of the incoming code. We also show that a natural contextually defined behavioural equivalence can be characterised coinductively, using bisimulations based on typed actions. The characterisation is based on the idea of knowledge acquisition by a testing environment and makes explicit some of the subtleties of determining equivalence in this language of highly constrained distributed code. 1
The Seal Calculus
, 2005
"... The Seal Calculus is a process language for describing mobile computation. Threads and resources are tree structured; the nodes thereof correspond to agents, the units of mobility. The Calculus extends a �calculus core with synchronous, objective mobility of agents over channels. This paper syste ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
The Seal Calculus is a process language for describing mobile computation. Threads and resources are tree structured; the nodes thereof correspond to agents, the units of mobility. The Calculus extends a �calculus core with synchronous, objective mobility of agents over channels. This paper systematically compares all previous variants of Seal Calculus. We study their operational behaviour with labelled transition systems and bisimulations; by comparing the resulting algebraic theories we highlight the differences between these apparently similar approaches. This leads us to identify the dialect of Seal that is most amenable to operational reasoning and can form the basis of a distributed programming language. We propose type systems for characterising the communications in which an agent can engage. The type systems thus enforce a discipline of agent mobility, since the latter is coded in terms of higherorder communication.
Bisimulation Proof Methods for Mobile Ambients
 IN PROC. OF ICALP’03, VOLUME 2719 OF LNCS
, 2003
"... We study the behavioural theory of Cardelli and Gordon's Mobile Ambients. We give an LTS based operational semantics, and a labelled bisimulation based equivalence that coincides with reduction barbed congruence. We also provide two upto proof techniques that we use to prove a set of algebraic laws ..."
Abstract

Cited by 21 (3 self)
 Add to MetaCart
We study the behavioural theory of Cardelli and Gordon's Mobile Ambients. We give an LTS based operational semantics, and a labelled bisimulation based equivalence that coincides with reduction barbed congruence. We also provide two upto proof techniques that we use to prove a set of algebraic laws, including the perfect firewall equation.
Basic Observables for a Calculus for Global Computing
, 2004
"... We discuss a basic process calculus useful for modelling applications over global computing systems and present the associated semantic theories as determined by some basic notions of observation. The main features of the calculus are explicit distribution, remote operations, process mobility and ..."
Abstract

Cited by 17 (6 self)
 Add to MetaCart
We discuss a basic process calculus useful for modelling applications over global computing systems and present the associated semantic theories as determined by some basic notions of observation. The main features of the calculus are explicit distribution, remote operations, process mobility and asynchronous communication through distributed data spaces. We introduce some natural notions of extensional observations and study their closure under operational reductions and/or language contexts to obtain barbed congruence and may testing. For these equivalences, we provide alternative tractable characterizations as labelled bisimulation and trace equivalence. We discuss some of the induced equational laws and relate them to design choices of the calculus. In particular, we show that some of these laws do not hold any longer if the language is rendered less abstract by introducing (asynchronous and undetectable) failures or by implementing remote communications via process migrations and local exchanges. In both
Behavioural Theory for Mobile Ambients
 In: Proceedings of the 3rd International Conference on Theoretical Computer Science (IFIP TCS
, 2004
"... We study a behavioural theory of Mobile Ambients, a process calculus for modelling mobile agents in widearea networks, focussing on reduction barbed congruence. Our contribution is threefold. (1) We prove a context lemma which shows that only parallel and nesting contexts need be examined to recove ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
We study a behavioural theory of Mobile Ambients, a process calculus for modelling mobile agents in widearea networks, focussing on reduction barbed congruence. Our contribution is threefold. (1) We prove a context lemma which shows that only parallel and nesting contexts need be examined to recover this congruence. (2) We characterise this congruence using a labelled bisimilarity: this requires novel techniques to deal with asynchronous movements of agents and with the invisibility of migrations of secret locations. (3) We develop refined proof methods involving upto proof techniques, which allow us to verify a set of algebraic laws and the correctness of more complex examples.
A bisimulationbased semantic theory of safe ambients
 ACM Transactions on Programming Languages and Systems
, 2006
"... We develop a semantics theory for SAP, a variant of Levi and Sangiorgi’s Safe Ambients, SA. The dynamics of SA relies upon capabilities (and cocapabilities) exercised by mobile agents, called ambients, to interact with each other. These capabilities contain references, the names of ambients with wh ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
We develop a semantics theory for SAP, a variant of Levi and Sangiorgi’s Safe Ambients, SA. The dynamics of SA relies upon capabilities (and cocapabilities) exercised by mobile agents, called ambients, to interact with each other. These capabilities contain references, the names of ambients with which they wish to interact. In SAP we generalise the notion of capability: in order to interact with an ambient n, an ambient m must exercise a capability indicating both n and a password h to access n; the interaction between n and m takes place only if n is willing to perform a corresponding cocapability with the same password h. The name h can also be looked upon as a port to access ambient n via port h. In SAP by managing passwords/ports, for example generating new ones and distributing them selectively, an ambient may now program who may migrate into its computation space, and when. Moreover in SAP an ambient may provide different services/resources depending on the port accessed by the incoming clients. Then, we give an ltsbased operational semantics for SAP and a labelled bisimulation equivalence which is proved to coincide with reduction barbed congruence. We use our notion of bisimulation to prove a set of algebraic laws which are subsequently exploited to prove more significant examples.
Confining Data and Processes in Global Computing Applications
 Science of Computer Programming
, 2004
"... A programming notation is introduced that can be used for protecting secrecy and integrity of data in global computing applications. The approach is based on the explicit annotations of data and network nodes. Data are tagged with information about the allowed movements, while network nodes are t ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
A programming notation is introduced that can be used for protecting secrecy and integrity of data in global computing applications. The approach is based on the explicit annotations of data and network nodes. Data are tagged with information about the allowed movements, while network nodes are tagged with information about which nodes can send data and spawn processes over them. These restrictions/annotations are used to confine the movement of data and processes. First, a general framework for describing global computing applications is proposed and the issues related to confinement are discussed in such a context. Then, the general framework is instantiated onto three models for process interaction and mobility, namely cKlaim (the kernel of Klaim), D# (a distributed version of the #calculus) and M (a variant of the Mobile Ambient Calculus). For all of these formalisms, it is shown that their semantics guarantees that computations proceed only while respecting confinement constraints. It is proven that, after successful static type checking, data can reside at, and cross only, authorized nodes. Possible "localizations" of this property are discussed that require checking only relevant subnets. Finally, the theory is used to model secure behaviours of a UNIXlike multiuser system.
A Semantic Theory for Global Computing Systems
, 2004
"... We introduce cKlaim, a process calculus that can be thought of as a variant of the #calculus with process distribution, process mobility and asynchronous communication through distributed repositories. Upon it, we develop a semantic theory to reason about programs. More precisely, we introduce a ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
We introduce cKlaim, a process calculus that can be thought of as a variant of the #calculus with process distribution, process mobility and asynchronous communication through distributed repositories. Upon it, we develop a semantic theory to reason about programs. More precisely, we introduce a natural contextually defined behavioural semantics, give a coinductive characterization in terms of a labelled bisimulation and illustrate some significant laws. Then, we smoothly tune the theory to model two more concrete settings obtained by explicitly considering failures and node connections, two lowlevel features that in real life can a#ect the underlying network infrastructure and, hence, the ability of processes to perform remote operations.
ComponentOriented Programming with Sharing: Containment is not Ownership
 in "4th International Conference on Generative Programming and Component Engineering (GPCE
, 2005
"... Abstract. Componentoriented programming yields a tension between higherorder features (deployment, reconfiguration, passivation), encapsulation, and component sharing. We propose a discipline for componentoriented programming to address this issue, and we define a process calculus whose operationa ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. Componentoriented programming yields a tension between higherorder features (deployment, reconfiguration, passivation), encapsulation, and component sharing. We propose a discipline for componentoriented programming to address this issue, and we define a process calculus whose operational semantics embodies this programming discipline. We present several examples that illustrate how the calculus supports component sharing, while allowing strong encapsulation and higherorder primitives. 1
Specifying and Implementing Secure Mobile Applications in the Channel Ambient System
, 2005
"... The Internet has grown substantially in recent years, and an increasing number of applications are now being developed to exploit this distributed infrastructure. Mobility is an important paradigm for such applications, where mobile code is supplied on demand and mobile components interact freely wi ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
The Internet has grown substantially in recent years, and an increasing number of applications are now being developed to exploit this distributed infrastructure. Mobility is an important paradigm for such applications, where mobile code is supplied on demand and mobile components interact freely within a given network. However, mobile applications are difficult to develop: not only do they involve complex parallel interactions between multiple components, but they must also satisfy strict security requirements. One could argue that the development of such applications requires a rigorous means of describing and reasoning about mobile computation, through the use of an appropriate model. Foundational research by Cardelli and Gordon on the Ambient Calculus has shown that process calculi are a promising approach to modelling mobile computation. This thesis builds on more recent research in the field of process calculi, and presents a new model of computation known as the Channel Ambient calculus, which can be used both to specify mobile applications and to reason about their security properties. The primitives of the model were developed with realworld applications in mind, and are designed to be at a level of abstraction suitable for an application programmer. The thesis also bridges a gap between theory and implementation by defining a distributed abstract machine for the Channel Ambient calculus. The abstract machine uses a list semantics, which is close to an implementation language, and a blocking semantics, which leads to an efficient implementation. The machine is proved sound and complete with respect to the underlying calculus. A prototype implementation is also described, together with an application for tracking the location of migrating ambients. The correctness of the machine ensures that the work done in specifying and analysing mobile applications is not lost during their implementation.