Results 1  10
of
143
Mobile ambients
 In Proceedings of POPL'98
, 1998
"... Laboratory We introduce a calculus describing the movement of processes and devices, including movement through administrative domains. ..."
Abstract

Cited by 920 (29 self)
 Add to MetaCart
Laboratory We introduce a calculus describing the movement of processes and devices, including movement through administrative domains.
Formalizing a Language for Institutions and Norms
, 2001
"... One source of trust for physical trading systems is their physical assets and simply their presence. A similar baseline does not exist for electronic trading systems, but one way in which it may be possible to create that initial trust is through the abstract notion of an institution, defined in ..."
Abstract

Cited by 83 (8 self)
 Add to MetaCart
One source of trust for physical trading systems is their physical assets and simply their presence. A similar baseline does not exist for electronic trading systems, but one way in which it may be possible to create that initial trust is through the abstract notion of an institution, defined in terms of norms [19] and the scenes within which (software) agents may play roles in different trading activities, governed by those norms. We present here a case for institutions in electronic trading, a specification language for institutions (covering norms, performative structure, scenes, roles, etc.) and its semantics and how this may be mapped into formal languages such as process algebra and various forms of logic, so that there is a framework within which norms can be stated and proven.
Ambient Groups and Mobility Types
 In International Conference IFIP TCS, number 1872 in Lecture Notes in Computer Science
, 2000
"... . We add name groups and group creation to the typed ambient calculus. Group creation is surprisingly interesting: it has the effect of statically preventing certain communications, and can thus block the accidental or malicious escape of capabilities that is a major concern in practical systems. Mo ..."
Abstract

Cited by 76 (6 self)
 Add to MetaCart
(Show Context)
. We add name groups and group creation to the typed ambient calculus. Group creation is surprisingly interesting: it has the effect of statically preventing certain communications, and can thus block the accidental or malicious escape of capabilities that is a major concern in practical systems. Moreover, ambient groups allow us to refine our earlier work on type systems for ambient mobility. We present type systems in which groups identify the set of ambients that a process may cross or open. 1 Introduction The Ambient Calculus is a process calculus based on local communication and on process mobility. The basic, untyped, calculus can be decorated with static information to restrict either local communication, or mobility, or both. Exchange control systems can be used to restrict communication. In [CG99] we have investigated exchange types, which subsume standard type systems for processes and functions, but do not impose restrictions on mobility. Mobility control systems can be u...
The Mcalculus: A HigherOrder Distributed Process Calculus
, 2003
"... This paper presents a new distributed process calculus, called the Mcalculus, that can be understood as a higherorder version of the Distributed Join calculus with programmable localities. The calculus retains the implementable character of the Distributed Join calculus while overcoming several im ..."
Abstract

Cited by 57 (5 self)
 Add to MetaCart
This paper presents a new distributed process calculus, called the Mcalculus, that can be understood as a higherorder version of the Distributed Join calculus with programmable localities. The calculus retains the implementable character of the Distributed Join calculus while overcoming several important limitations: insufficient control over communication and mobility, absence of dynamic binding, and limited locality semantics. The calculus is equipped with a polymorphic type system that guarantees the unicity of locality names, even in presence of higherorder communications a crucial propertyfor the determinacy of message routing in the calculus.
Secure Safe Ambients
 In Proc. of the 28th ACM Symposium on Principles of Programming Languages
, 2001
"... . Secure Safe Ambients (SSA) are a typed variant of Safe Ambients [9], whose type system allows behavioral invariants of ambients to be expressed and verified. The most significant aspect of the type system is its ability to capture both explicit and implicit process and ambient behavior: process ty ..."
Abstract

Cited by 53 (14 self)
 Add to MetaCart
. Secure Safe Ambients (SSA) are a typed variant of Safe Ambients [9], whose type system allows behavioral invariants of ambients to be expressed and verified. The most significant aspect of the type system is its ability to capture both explicit and implicit process and ambient behavior: process types account not only for immediate behavior, but also for the behavior resulting from capabilities a process acquires during its evolution in a given context. Based on that, the type system provides for static detection of security attacks such as Trojan Horses and other combinations of malicious agents. We study the type system of SSA, define algorithms for type checking and type reconstruction, define powerful languages for expressing security properties, and study a distributed version of SSA and its type system. For the latter, we show that distributed type checking ensures security even in illtyped contexts, and discuss how it relates to the security architecture of the Java Virtual M...
An Asynchronous, Distributed Implementation of Mobile Ambients
, 2000
"... We present a first distributed implementation of the CardelliGordon's ambient calculus. We use Jocaml as an implementation language and we present a formal translation of Ambients in the distributed Join Calculus, the process calculus associated with Jocaml. We prove the correctness of the ..."
Abstract

Cited by 50 (6 self)
 Add to MetaCart
We present a first distributed implementation of the CardelliGordon's ambient calculus. We use Jocaml as an implementation language and we present a formal translation of Ambients in the distributed Join Calculus, the process calculus associated with Jocaml. We prove the correctness of the translation. The operational semantics of Ambients requires that complex migration steps be performed atomically. As a result, direct implementations rely on the serialization of migrations via a centralized control. In contrast, our implementation is fully asynchronous and allows concurrent reduction steps. It relies on a messagepassing protocol between an ambient and its parent. Only the actions involving an ambient migrating or being opened are blocked during a reduction step. The proof of correctness of this implementation is two staged. First, an extended ambient calculus with a refined semantics is introduced, and the two semantics are related using coupledsimulations. Then, a b...
Types for the Ambient Calculus
, 2001
"... interpretation is a methodology for deriving program analyses systematically from the semantics of a programming language. Hansen, Jensen, Nielson, and Nielson [20] describe a constraintbased framework for abstract interpretation of mobile ambients; instances of the framework include an analysis co ..."
Abstract

Cited by 44 (0 self)
 Add to MetaCart
interpretation is a methodology for deriving program analyses systematically from the semantics of a programming language. Hansen, Jensen, Nielson, and Nielson [20] describe a constraintbased framework for abstract interpretation of mobile ambients; instances of the framework include an analysis counting occurrences of ambients, and also the original control ow analysis for the ambient calculus [29]. Levi and Maeis [24] and Feret [19] present abstract interpretations based on alternative semantics of the ambient calculus. Some analyses have been developed in the setting of Levi and Sangiorgi's calculus of safe ambients [25], a generalization of the original ambient calculus that gives processes greater control over synchronization, and hence avoids certain kinds of nondeterminism. In their paper, Levi and Sangiorgi propose a type system to guarantee immobility and singlethreadedness. Security properties are considered by several authors. Bugliesi and Castagna [8] describe a type system for safe ambients that checks security properties, including security in a distributed setting. They rely on a notion of ambient domain that is similar to the notion of an ambient group, but have no counterpart to the group creation operator. DezaniCiancaglini and Salvo [18] present a type system for safe ambients where each ambient has a security level, akin to a group. Unlike our system, security levels are partially ordered, allowing the system to express trust relationships. Degano, Levi, and Bodei [17, 23] rene Nielson and Nielson's original ow analysis [29] for the calculus of safe ambients. The analysis allows the proof of simple secrecy properties; they formally distinguish between trustworthy and untrustworthy ambients, and show that no trustworthy ambient may be ope...
Communication interference in mobile boxed ambients
 In FST & TCS
, 2002
"... communication primitives acting across ambient boundaries. Expressiveness is achieved at the price of communication interferences on message reception whose resolution requires synchronisation of activities at multiple, distributed locations. We study a variant of BA aimed at controlling communicati ..."
Abstract

Cited by 42 (7 self)
 Add to MetaCart
(Show Context)
communication primitives acting across ambient boundaries. Expressiveness is achieved at the price of communication interferences on message reception whose resolution requires synchronisation of activities at multiple, distributed locations. We study a variant of BA aimed at controlling communication interferences as well as mobility ones. Our calculus draws inspiration from Safe Ambients (SA) (with passwords) and modifies the communication mechanism of BA. Expressiveness is maintained through a new form of cocapability that at the same time registers incoming agents with the receiver ambient and performs access control.
A calculus of mobile resources
, 2002
"... Abstract. We introduce a calculus of Mobile Resources (MR) tailored for the design and analysis of systems containing mobile, possibly nested, computing devices that may have resource and access constraints, and which are not copyable nor modifiable per se. We provide a reduction as well as a labell ..."
Abstract

Cited by 39 (11 self)
 Add to MetaCart
(Show Context)
Abstract. We introduce a calculus of Mobile Resources (MR) tailored for the design and analysis of systems containing mobile, possibly nested, computing devices that may have resource and access constraints, and which are not copyable nor modifiable per se. We provide a reduction as well as a labelled transition semantics and prove a correspondence between barbed bisimulation congruence and a higherorder bisimulation. We provide examples of the expressiveness of the calculus, and apply the theory to prove one of its characteristic properties.
Using Ambients to Control Resources
, 2002
"... Current software and hardware systems, being parallel and recon gurable, raise new safety and reliability problems, and the resolution of these problems requires new methods. Numerous proposals attempt at reducing the threat of bugs and preventing several kinds of attacks. In this paper, we dev ..."
Abstract

Cited by 36 (9 self)
 Add to MetaCart
Current software and hardware systems, being parallel and recon gurable, raise new safety and reliability problems, and the resolution of these problems requires new methods. Numerous proposals attempt at reducing the threat of bugs and preventing several kinds of attacks. In this paper, we develop an extension of the calculus of Mobile Ambients, named Controlled Ambients, that is suited for expressing such issues, speci cally Denial of Service attacks. We present a type system for Controlled Ambients, which makes resource control possible in our setting.