Results 1  10
of
83
An Asynchronous Model of Locality, Failure, and Process Mobility
 Theoretical Computer Science
, 1997
"... We present a model of distributed computation which is based on a fragment of the picalculus relying on asynchronous communication. We enrich the model with the following features: the explicit distribution of processes to locations, the failure of locations and their detection, and the mobility of ..."
Abstract

Cited by 117 (4 self)
 Add to MetaCart
We present a model of distributed computation which is based on a fragment of the picalculus relying on asynchronous communication. We enrich the model with the following features: the explicit distribution of processes to locations, the failure of locations and their detection, and the mobility of processes. Our contributions are two folds. At the specification level, we give a synthetic and flexible formalization of the features mentioned above. At the verification level, we provide original methods to reason about the bisimilarity of processes in the presence of failures.
The Fusion Calculus: Expressiveness and Symmetry in Mobile Processes (Extended Abstract)
 LICS'98
, 1998
"... We present the fusion calculus as a significant step towards a canonical calculus of concurrency. It simplifies and extends the πcalculus.
The fusion calculus contains the polyadic πcalculus as a proper subcalculus and thus inherits all its expressive power. The gain is that fusion contains action ..."
Abstract

Cited by 110 (13 self)
 Add to MetaCart
We present the fusion calculus as a significant step towards a canonical calculus of concurrency. It simplifies and extends the πcalculus.
The fusion calculus contains the polyadic πcalculus as a proper subcalculus and thus inherits all its expressive power. The gain is that fusion contains actions akin to updating a shared state, and a scoping construct for bounding their effects. Therefore it is easier to represent computational models such as concurrent constraints formalisms. It is also easy to represent the so called strong reduction strategies in the lambdacalculus, involving reduction under abstraction. In the πcalculus these tasks require elaborate encodings.
The dramatic main point of this paper is that we achieve these improvements by simplifying the πcalculus rather than adding features to it. The fusion calculus has only one binding operator where the πcalculus has two (input and restriction). It has a complete symmetry between input and output actions where the πcalculus has not. There is only one sensible variety of bisimulation congruence where the picalculus has at least three (early, late and open). Proofs about the fusion calculus, for example in complete axiomatizations and full abstraction, therefore are shorter and clearer.
Our results on the fusion calculus in this paper are the following. We give a structured operational semantics in the traditional style. The novelty lies in a new kind of action, fusion actions for emulating updates of a shared state. We prove that the calculus contains the πcalculus as a subcalculus. We define and motivate the bisimulation equivalence and prove a simple characterization of its induced congruence, which is given two versions of a complete axiomatization for finite terms. The expressive power of the calculus is demonstrated by giving a straightforward encoding of the strong lazy lambdacalculus, which admits reduction under lambda abstraction.
On Asynchrony in NamePassing Calculi
 In
, 1998
"... The asynchronous picalculus is considered the basis of experimental programming languages (or proposal of programming languages) like Pict, Join, and Blue calculus. However, at a closer inspection, these languages are based on an even simpler calculus, called Local (L), where: (a) only the output c ..."
Abstract

Cited by 87 (14 self)
 Add to MetaCart
The asynchronous picalculus is considered the basis of experimental programming languages (or proposal of programming languages) like Pict, Join, and Blue calculus. However, at a closer inspection, these languages are based on an even simpler calculus, called Local (L), where: (a) only the output capability of names may be transmitted; (b) there is no matching or similar constructs for testing equality between names. We study the basic operational and algebraic theory of Lpi. We focus on bisimulationbased behavioural equivalences, precisely on barbed congruence. We prove two coinductive characterisations of barbed congruence in Lpi, and some basic algebraic laws. We then show applications of this theory, including: the derivability of delayed input; the correctness of an optimisation of the encoding of callbyname lambdacalculus; the validity of some laws for Join.
Types as Models: Model Checking MessagePassing Programs
 In Principles of Programming Languages (POPL
, 2001
"... Abstraction and composition are the fundamental issues in making model checking viable for software. This paper proposes new techniques for automating abstraction and decomposition using source level type information provided by the programmer. Our system includes two novel components to achieve thi ..."
Abstract

Cited by 81 (3 self)
 Add to MetaCart
Abstraction and composition are the fundamental issues in making model checking viable for software. This paper proposes new techniques for automating abstraction and decomposition using source level type information provided by the programmer. Our system includes two novel components to achieve this end: (1) a new behavioral typeandeffect system for the picalculus, which extracts sound models as types, and (2) a new assumeguarantee proof rule for carrying out compositional model checking on the types. Open simulation between CCS processes is used as both the subtyping relation in the type system and the abstraction relation for compositional model checking. We have implemented these ideas in a tool  Piper. Piper exploits type signatures provided by the programmer to partition the model checking problem, and emit model checking obligations that are discharged using the Spin model checker. We present the details on applying Piper on two examples: (1) the SIS standard for managing trouble tickets across multiple organizations and (2) a file reader from the pipelined implementation of a web server.
A Uniform Type Structure for Secure Information Flow
, 2002
"... The \picalculus is a formalism of computing in which we can compositionally represent dynamics of major programming constructs by decomposing them into a single communication primitive, the name passing. This work reports our experience in using a linear/affine typed \picalculus for the analysis a ..."
Abstract

Cited by 77 (11 self)
 Add to MetaCart
The \picalculus is a formalism of computing in which we can compositionally represent dynamics of major programming constructs by decomposing them into a single communication primitive, the name passing. This work reports our experience in using a linear/affine typed \picalculus for the analysis and development of type systems of programming languages, focussing on secure information flow analysis. After presenting a basic typed calculus for secrecy, we demonstrate its usage by a sound embedding of the dependency core calculus (DCC) and by the development of a novel type discipline for imperative programs which extends both a secure multithreaded imperative language by Smith and Volpano and (a callbyvalue version of) DCC. In each case, the embedding gives a simple proof of noninterference.
The Update Calculus
, 1997
"... In the update calculus concurrent processes can perform update actions with side effects, and a scoping operator can be used to control the extent of the update. In this way it incorporates fundamental concepts both from imperative languages or concurrent constraints formalisms, and from functional ..."
Abstract

Cited by 72 (3 self)
 Add to MetaCart
In the update calculus concurrent processes can perform update actions with side effects, and a scoping operator can be used to control the extent of the update. In this way it incorporates fundamental concepts both from imperative languages or concurrent constraints formalisms, and from functional formalisms such as the  and calculi. Structurally it is similar to but simpler than the calculus; it has only one binding operator and a symmetry between input and output. We define the structured operational semantics and the proper bisimulation equivalence and congruence, and give a complete axiomatization. The calculus turns out to be an asymmetric subcalculus. 1 Introduction Theory of concurrent computation is a diverse field where many different approaches have been proposed and no consensus has emerged on the best paradigms. In this paper we take a step towards unifying two seemingly contradictory schools of thought: global vs local effects of concurrent actions. We define a calc...
Bisimulation for higherorder process calculi
 INFORMATION AND COMPUTATION
, 1996
"... A higherorder process calculus is a calculus for communicating systems which contains higherorder constructs like communication of terms. We analyse the notion of bisimulation in these calculi. We argue that both the standard definition of bisimulation (i.e., the one for CCS and related calculi), ..."
Abstract

Cited by 58 (4 self)
 Add to MetaCart
A higherorder process calculus is a calculus for communicating systems which contains higherorder constructs like communication of terms. We analyse the notion of bisimulation in these calculi. We argue that both the standard definition of bisimulation (i.e., the one for CCS and related calculi), as well as higherorder bisimulation [E. Astesiano,
Secure Information Flow as Typed Process Behaviour
, 2000
"... We propose a new type discipline for the calculus in which secure information ow is guaranteed by static type checking. Secrecy levels are assigned to channels and are controlled by subtyping. A behavioural notion of types capturing causality of actions plays an essential role for ensuring safe ..."
Abstract

Cited by 53 (0 self)
 Add to MetaCart
We propose a new type discipline for the calculus in which secure information ow is guaranteed by static type checking. Secrecy levels are assigned to channels and are controlled by subtyping. A behavioural notion of types capturing causality of actions plays an essential role for ensuring safe information ow in diverse interactive behaviours, making the calculus powerful enough to embed known calculi for typebased security. The paper introduces the core part of the calculus, presents its basic syntactic properties, and illustrates its use as a tool for programming language analysis by a sound embedding of a secure multithreaded imperative calculus of Volpano and Smith. The embedding leads to a practically meaningful extension of their original type discipline.
Presheaf Models for Concurrency
, 1999
"... In this dissertation we investigate presheaf models for concurrent computation. Our aim is to provide a systematic treatment of bisimulation for a wide range of concurrent process calculi. Bisimilarity is defined abstractly in terms of open maps as in the work of Joyal, Nielsen and Winskel. Their wo ..."
Abstract

Cited by 45 (19 self)
 Add to MetaCart
In this dissertation we investigate presheaf models for concurrent computation. Our aim is to provide a systematic treatment of bisimulation for a wide range of concurrent process calculi. Bisimilarity is defined abstractly in terms of open maps as in the work of Joyal, Nielsen and Winskel. Their work inspired this thesis by suggesting that presheaf categories could provide abstract models for concurrency with a builtin notion of bisimulation. We show how
Weak probabilistic anonymity
 INRIA FUTURS AND LIX
, 2005
"... Anonymity means that the identity of the user performing a certain action is maintained secret. The protocols for ensuring anonymity often use random mechanisms which can be described probabilistically. In this paper we propose a notion of weak probabilistic anonymity, where weak refers to the fact ..."
Abstract

Cited by 38 (10 self)
 Add to MetaCart
Anonymity means that the identity of the user performing a certain action is maintained secret. The protocols for ensuring anonymity often use random mechanisms which can be described probabilistically. In this paper we propose a notion of weak probabilistic anonymity, where weak refers to the fact that some amount of probabilistic information may be revealed by the protocol. This information can be used by an observer to infer the likeliness that the action has been performed by a certain user. The aim of this work is to study the degree of anonymity that the protocol can still ensure, despite the leakage of information. We illustrate our ideas by using the example of the dining cryptographers with biased coins. We consider both the cases of nondeterministic and probabilistic users. Correspondingly, we propose two notions of weak anonymity and we investigate their respective dependencies on the biased factor of the coins.