Results 1  10
of
50
Mobile ambients
 In Proceedings of POPL'98
, 1998
"... Laboratory We introduce a calculus describing the movement of processes and devices, including movement through administrative domains. ..."
Abstract

Cited by 812 (29 self)
 Add to MetaCart
Laboratory We introduce a calculus describing the movement of processes and devices, including movement through administrative domains.
The Update Calculus
, 1997
"... In the update calculus concurrent processes can perform update actions with side effects, and a scoping operator can be used to control the extent of the update. In this way it incorporates fundamental concepts both from imperative languages or concurrent constraints formalisms, and from functional ..."
Abstract

Cited by 72 (3 self)
 Add to MetaCart
In the update calculus concurrent processes can perform update actions with side effects, and a scoping operator can be used to control the extent of the update. In this way it incorporates fundamental concepts both from imperative languages or concurrent constraints formalisms, and from functional formalisms such as the  and calculi. Structurally it is similar to but simpler than the calculus; it has only one binding operator and a symmetry between input and output. We define the structured operational semantics and the proper bisimulation equivalence and congruence, and give a complete axiomatization. The calculus turns out to be an asymmetric subcalculus. 1 Introduction Theory of concurrent computation is a diverse field where many different approaches have been proposed and no consensus has emerged on the best paradigms. In this paper we take a step towards unifying two seemingly contradictory schools of thought: global vs local effects of concurrent actions. We define a calc...
Verification of Control Flow Based Security Properties
, 1998
"... A fundamental problem in softwarebased security is whether local security checks inserted into the code are sufficient to implement a global security property. We introduce a formalism based on a twolevel lineartime temporal logic for specifying global security properties pertaining to the contro ..."
Abstract

Cited by 70 (5 self)
 Add to MetaCart
A fundamental problem in softwarebased security is whether local security checks inserted into the code are sufficient to implement a global security property. We introduce a formalism based on a twolevel lineartime temporal logic for specifying global security properties pertaining to the controlflow of the program, and illustrate its expressive power with a number of existing properties. We define a minimalistic, securitydedicated program model that only contains procedure call and runtime security checks and propose an automatic method for verifying that an implementation using local security checks satisfies a global security property. For a given formula in the temporal logic we prove that there exists a bound on the size of the states that have to be considered in order to assure the validity of the formula: this reduces the problem to finitestate model checking. Finally, we instantiate the framework to the security architecture proposed for Java (JDK 1.2).
Model checking security properties of control flow graphs
 Journal of Computer Security
"... graphs ..."
On Bisimulations for the Asynchronous πcalculus
, 1996
"... The asynchronous picalculus is a variant of the picalculus where message emission is nonblocking. Honda and Tokoro have studied a semantics for this calculus based on bisimulation. Their bisimulation relies on a modified transition system where, at any moment, a process can perform any input acti ..."
Abstract

Cited by 32 (0 self)
 Add to MetaCart
The asynchronous picalculus is a variant of the picalculus where message emission is nonblocking. Honda and Tokoro have studied a semantics for this calculus based on bisimulation. Their bisimulation relies on a modified transition system where, at any moment, a process can perform any input action. In this paper we propose a new notion of bisimulation for the asynchronous picalculus, dened on top of the standard labelled transition system. We give several characterizations of this equivalence including one in terms of Honda and Tokoro's bisimulation, and one in terms of barbed equivalence. We show that this bisimulation is preserved by name substitutions, hence by input prefix. Finally, we give a complete axiomatization of the (strong) bisimulation for finite terms.
Verification of Temporal Properties of Processes in a Setting with Data
 In A.M. Haeberer, editor, AMAST’98, volume 1548 of LNCS
, 1999
"... . We define a valuebased modal calculus, built from firstorder formulas, modalities, and fixed point operators parameterized by data variables, which allows to express temporal properties involving data. We interpret this logic over Crl terms defined by linear process equations. The satisfacti ..."
Abstract

Cited by 24 (8 self)
 Add to MetaCart
. We define a valuebased modal calculus, built from firstorder formulas, modalities, and fixed point operators parameterized by data variables, which allows to express temporal properties involving data. We interpret this logic over Crl terms defined by linear process equations. The satisfaction of a temporal formula by a Crl term is translated to the satisfaction of a firstorder formula containing parameterized fixed point operators. We provide proof rules for these fixed point operators and show their applicability on various examples. 1 Introduction In recent years we have applied process algebra in numerous settings [4, 8, 12]. The first lesson we learned is that process algebra pur sang is not very handy, and we need an extension with data. This led to the language Crl (micro Common Representation Language) [13]. The next observation was that it is very convenient to eliminate the parallel operator from a process description and reduce it to a very restricted form, whi...
Reasoning about HigherOrder Processes
, 1994
"... We address the specification and verification problem for process calculi such as Chocs, CML and Facile where processes or functions are transmissible values. Our work takes place in the context of a static treatment of restriction and of a bisimulationbased semantics. As a paradigmatic and simple ..."
Abstract

Cited by 17 (8 self)
 Add to MetaCart
We address the specification and verification problem for process calculi such as Chocs, CML and Facile where processes or functions are transmissible values. Our work takes place in the context of a static treatment of restriction and of a bisimulationbased semantics. As a paradigmatic and simple case we concentrate on (Plain) Chocs. We show that Chocs bisimulation can be characterized by an extension of HennessyMilner logic including a constructive implication, or function space constructor. This result is a nontrivial extension of the classical characterization result for labelled transition systems. In the second part of the paper we address the problem of developing a proof system for the verification of process specifications. Building on previous work for CCS we present an infinitary sound and complete proof system for the fragment of the calculus not handling restriction. Keywords: Higherorder process calculi; Bisimulation; Modal logics; Program specification; Program verif...
Model checking for πcalculus using proof search
 CONCUR, volume 3653 of LNCS
, 2005
"... Abstract. Model checking for transition systems specified in πcalculus has been a difficult problem due to the infinitebranching nature of input prefix, namerestriction and scope extrusion. We propose here an approach to model checking for πcalculus by encoding it into a logic which supports rea ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
Abstract. Model checking for transition systems specified in πcalculus has been a difficult problem due to the infinitebranching nature of input prefix, namerestriction and scope extrusion. We propose here an approach to model checking for πcalculus by encoding it into a logic which supports reasoning about bindings and fixed points. This logic, called F Oλ ∆ ∇ , is a conservative extension of Church’s Simple Theory of Types with a “generic ” quantifier. By encoding judgments about transitions in picalculus into this logic, various conditions on the scoping of names and restrictions on name instantiations are captured naturally by the quantification theory of the logic. Moreover, standard implementation techniques for (higherorder) logic programming are applicable for implementing proof search for this logic, as illustrated in a prototype implementation discussed in this paper. The use of logic variables and eigenvariables in the implementation allows for exploring the state space of processes in a symbolic way. Compositionality of properties of the transitions is a simple consequence of the meta theory of the logic (i.e., cut elimination). We illustrate the benefits of specifying systems in this logic by studying several specifications of modal logics for picalculus. These specifications are also executable directly in the prototype implementation of F Oλ ∆ ∇. 1
A Modal Logic for Mobile Agents
"... KLAIM is an experimental programming language that supports a programming paradigm where both processes and data can be moved across different computing environments. The language relies on the use of explicit localities. This paper presents a temporal logic for specifying properties of Klaim progra ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
KLAIM is an experimental programming language that supports a programming paradigm where both processes and data can be moved across different computing environments. The language relies on the use of explicit localities. This paper presents a temporal logic for specifying properties of Klaim programs. The logic is inspired by HennessyMilner Logic (HML) and the calculus, but has novel features that permit dealing with state properties and impact of actions and movements over the different sites. The logic is equipped with a complete proof system that enables one to prove properties of mobile systems. Keywords: Mobile Code Languages, Temporal Logics of Programs, Coordination Models, Proof Systems. 1
Proving Trust in Systems of SecondOrder Processes: Preliminary results
 In Proceedings of the 31th Hawaii International Conference on System Sciences, volume VII
, 1997
"... We consider the problem of proving correctness properties for concurrent systems with features such as higherorder communication and dynamic resource generation. As examples we consider operational models of security and authentication protocols based on the higherorder calculus. In the setting ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
We consider the problem of proving correctness properties for concurrent systems with features such as higherorder communication and dynamic resource generation. As examples we consider operational models of security and authentication protocols based on the higherorder calculus. In the setting we propose key features such as nonces/time stamps, encryption /decryption, and key generation can be modelled in a simple and abstract fashion using channel name generation and secondorder process communication. A temporal logic is proposed as an appropriate logic to express crucial correctness properties such as secrecy and authenticity. The logic is based on the modal calculus with only greatest fixed points and universal nextstate quantification, extended with firstorder features to deal with names, and secondorder features including function space constructions to deal with process input and output. A difficulty is that formulas need recursion in both covariant and contravariant po...