Results 1  10
of
14
Algorithmic Game Semantics
 In Schichtenberg and Steinbruggen [16
, 2001
"... Introduction SAMSON ABRAMSKY (samson@comlab.ox.ac.uk) Oxford University Computing Laboratory 1. Introduction Game Semantics has emerged as a powerful paradigm for giving semantics to a variety of programming languages and logical systems. It has been used to construct the first syntaxindependen ..."
Abstract

Cited by 47 (3 self)
 Add to MetaCart
Introduction SAMSON ABRAMSKY (samson@comlab.ox.ac.uk) Oxford University Computing Laboratory 1. Introduction Game Semantics has emerged as a powerful paradigm for giving semantics to a variety of programming languages and logical systems. It has been used to construct the first syntaxindependent fully abstract models for a spectrum of programming languages ranging from purely functional languages to languages with nonfunctional features such as control operators and locallyscoped references [4, 21, 5, 19, 2, 22, 17, 11]. A substantial survey of the state of the art of Game Semantics circa 1997 was given in a previous Marktoberdorf volume [6]. Our aim in this tutorial presentation is to give a first indication of how Game Semantics can be developed in a new, algorithmic direction, with a view to applications in computerassisted verification and program analysis. Some promising steps have already been taken in this
Logical Relations for Monadic Types
, 2002
"... Logical relations and their generalizations are a fundamental tool in proving properties of lambdacalculi, e.g., yielding sound principles for observational equivalence. We propose a natural notion of logical relations able to deal with the monadic types of Moggi's computational lambdacalculus ..."
Abstract

Cited by 19 (7 self)
 Add to MetaCart
Logical relations and their generalizations are a fundamental tool in proving properties of lambdacalculi, e.g., yielding sound principles for observational equivalence. We propose a natural notion of logical relations able to deal with the monadic types of Moggi's computational lambdacalculus. The treatment is categorical, and is based on notions of subsconing and distributivity laws for monads. Our approach has a number of interesting applications, including cases for lambdacalculi with nondeterminism (where being in logical relation means being bisimilar), dynamic name creation, and probabilistic systems.
Data Independent Induction over structured networks
 In International Conference on Parallel and Distributed Processing Techniques and Applications, Las Vegas
, 2000
"... We extend the classes of network which Data Independent Induction can be used to reason about. Through the use of constants and predicates in the data independent type we build proofs of structured networks' behaviours, where a network's topology need not be as regular as one might expect data indep ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
We extend the classes of network which Data Independent Induction can be used to reason about. Through the use of constants and predicates in the data independent type we build proofs of structured networks' behaviours, where a network's topology need not be as regular as one might expect data independence to imply. These properties hold true independent of the size of the type, and so for arbitrary network size. The inductions combine the use of the process algebra CSP to model systems and their specifications, and the FDR tool to discharge the various proof obligations.
On Model Checking Dataindependent Systems with Arrays without Reset
 THEORY AND PRACTICE OF LOGIC PROGRAMMING
, 2004
"... A system is dataindependent with respect to a data type X iff the only operation it can perform on values of type X is equality testing. The system may also store, input and output values of type X. We study model checking of systems which are dataindependent with respect to two distinct type vari ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
A system is dataindependent with respect to a data type X iff the only operation it can perform on values of type X is equality testing. The system may also store, input and output values of type X. We study model checking of systems which are dataindependent with respect to two distinct type variables X and Y, and may in addition use arrays with indices from X and values from Y. The main problem of interest is the following parameterised modelchecking problem: whether a given program satisfies a given temporallogic formula for all nonempty finite instances of X and Y. Initially, we consider instead the abstraction where X and Y are infinite and where partial functions with finite domains are used to model arrays. Using a translation to dataindependent systems without arrays, we show that the mucalculus modelchecking problem is decidable for these systems. From this result, we can deduce properties of all systems with finite instances of X and Y. We show that there is a procedure for the above parameterised modelchecking problem of the universal fragment of the mucalculus, such that it always terminates but may give false negatives. We also deduce that there is a procedure for the parameterised modelchecking problem of the universal disjunctionfree fragment of the mucalculus. Practical motivations for model checking dataindependent systems with arrays include verification of faulttolerant cache systems, where X is the type of memory addresses, and Y the type of storable values. As an example we verify a faulttolerant memory interface over a set of unreliable memories.
Automating Data Independence
 IN COMPUTER SECURITY  ESORICS 2000, VOLUME 1895 OF LNCS
, 2000
"... In this paper, we generalise and fully automate the use of data independence techniques in the analysis of security protocols, developed in [16, 17]. In [17], we successfully applied these techniques to a series of case studies; however, our scripts were carefully crafted by hand to suit each ca ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
In this paper, we generalise and fully automate the use of data independence techniques in the analysis of security protocols, developed in [16, 17]. In [17], we successfully applied these techniques to a series of case studies; however, our scripts were carefully crafted by hand to suit each case study, a rather timeconsuming and errorprone task. We have fully automated the data independence techniques by incorporating them into Casper, thus abstracting away from the user the complexity of the techniques, making them much more accessible.
A Succinct Canonical Register Automaton Model for Data Domains . . .
 ATVA 2012. LNCS
, 2012
"... We present a novel canonical automaton model for languages over infinite data domains, that is suitable for specifying the behavior of services, protocol components, interfaces, etc. The model is based on register automata. A major contribution is a construction of succinct canonical register automa ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
We present a novel canonical automaton model for languages over infinite data domains, that is suitable for specifying the behavior of services, protocol components, interfaces, etc. The model is based on register automata. A major contribution is a construction of succinct canonical register automata, which is parameterized on the set of relations by which elements in the data domain can be compared. We also present a Myhill Nerodelike theorem, from which minimal canonical automata can be constructed. This canonical form is as expressive as general deterministic register automata, but much better suited for modeling in practice since we lift many of the restrictions on the way variables can be accessed and stored: this allows our automata to be significantly more succinct than previously proposed canonical forms. Key to the canonical form is a symbolic treatment of data languages, which allows us to construct minimal representations whenever the set of relations can be equipped with a socalled branching framework.
What Can You Decide About Resetable Arrays?
 DEPARTMENT OF ELECTRONICS AND COMPUTER SCIENCE, UNIVERSITY OF SOUTHAMPTON
, 2001
"... We investigate the decidability of reachability specifications in programs dataindependent in two types X and Y , and which can contain arrays X Y . We show that this type of specification is undecidable in general for programs that may contain a Reset operation for setting all members of an ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
We investigate the decidability of reachability specifications in programs dataindependent in two types X and Y , and which can contain arrays X Y . We show that this type of specification is undecidable in general for programs that may contain a Reset operation for setting all members of an array to a member of Y . However, if either X or Y is of fixed finite size (and not necessarily data independent) then we can obtain decidability results. The main
Formal Verification for Survivable Key Management Systems
 Workshop  ISW2000 October 2426, 2000. Available through http://www.cert.org/research/isw/isw2000/index.html 14 S. Agerholm and P.G. Larsen, “Modeling and Validating SAFER in VDM SL”, Proc., Fourth NASA Langley Formal Methods Workshop
, 2000
"... Introduction Key management systems are central to secure informations systems. Changing paradigms in technology and the increasing dependency on technology, by all aspect of society, will mean that key management systems will be more important than ever. In particular, future key management systems ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Introduction Key management systems are central to secure informations systems. Changing paradigms in technology and the increasing dependency on technology, by all aspect of society, will mean that key management systems will be more important than ever. In particular, future key management systems must be : 1. highly dependable, capable of surviving a range of attack; 2. scalable, to very large numbers of nodes and very, very large numbers of keys; 3. dynamic, providing services across networks of variable connectivity, and changing sets of principals. Studies conducted by DERA have also identified that future key management systems should also: 4. merge key management functions onto backbone networks, rather than having separate, dedicated key management networks; 5. utilise the civil communications infrastructure, for key distribution, where necessary. Together, the five requirements above, raise very significant questions for high integrity design, implementation and accreditation
State of the Art Survey
"... Machine) formalism has been used for describing the structure and abstract behaviour of a specific architecture (i.e., the one of a compiler) in [Inverardi & Wolf 1995]. The Z language has been used to characterise architectural styles and has later led to define a framework for such characterisatio ..."
Abstract
 Add to MetaCart
Machine) formalism has been used for describing the structure and abstract behaviour of a specific architecture (i.e., the one of a compiler) in [Inverardi & Wolf 1995]. The Z language has been used to characterise architectural styles and has later led to define a framework for such characterisations so as to enable comparing styles sharing a common semantic model [Abowd et al. 1995]. Logic has been used in [Moriconi et al. 1995] for supporting correct stepwise refinement of configurations. Graph grammars are exploited in [Le Metayer 1996] for enabling constrained architecture evolution. The advantages of introducing ADLs over the above works are obvious with respect to leveraging the elaboration of software architectures. An overview of existing ADLs is provided hereafter, and is followed by a discussion about the relation of such notations with the UML standard software modelling language that is becoming a major player in industry. We conclude this section by sketching some ongoing...
On a Semantic Definition of Data Independence
, 2002
"... A variety of results which enable model checking of important classes of infinitestate systems are based on exploiting the property of data independence. The literature contains a number of definitions of variants of data independence which are by syntactic restrictions in particular formalisms. Mo ..."
Abstract
 Add to MetaCart
A variety of results which enable model checking of important classes of infinitestate systems are based on exploiting the property of data independence. The literature contains a number of definitions of variants of data independence which are by syntactic restrictions in particular formalisms. More recently, data independence was defined for labelled transition systems using logical relations, enabling results about data independent systems to be proved without reference to a particular syntax. In this paper, we show that the semantic definition is suciently strong for this purpose. More precisely, it was known that any syntactically data independent symbolic LTS denotes a semantically data independent family of LTSs, but here we show that the converse also holds.