Results 1  10
of
286
Secrecy by Typing in Security Protocols
 Journal of the ACM
, 1998
"... We develop principles and rules for achieving secrecy properties in security protocols. Our approach is based on traditional classification techniques, and extends those techniques to handle concurrent processes that use sharedkey cryptography. The rules have the form of typing rules for a basic co ..."
Abstract

Cited by 281 (15 self)
 Add to MetaCart
(Show Context)
We develop principles and rules for achieving secrecy properties in security protocols. Our approach is based on traditional classification techniques, and extends those techniques to handle concurrent processes that use sharedkey cryptography. The rules have the form of typing rules for a basic concurrent language with cryptographic primitives, the spi calculus. They guarantee that, if a protocol typechecks, then it does not leak its secret inputs.
A Calculus of Mobile Agents
, 1996
"... . We introduce a calculus for mobile agents and give its chemical semantics, with a precise definition for migration, failure, and failure detection. Various examples written in our calculus illustrate how to express remote executions, dynamic loading of remote resources and protocols with mobile ag ..."
Abstract

Cited by 281 (13 self)
 Add to MetaCart
. We introduce a calculus for mobile agents and give its chemical semantics, with a precise definition for migration, failure, and failure detection. Various examples written in our calculus illustrate how to express remote executions, dynamic loading of remote resources and protocols with mobile agents. We give the encoding of our distributed calculus into the joincalculus. 1 Introduction It is not easy to match concurrency and distribution. Suppose, for instance, that we want to implement a concurrent calculus with CCSlike communication channels and with processes running on different physical sites. If we do not locate channels, we quickly face a global consensus problem for nearly every communication which uses the interconnection network. In a previous work [6], we introduced the joincalculus, an asynchronous variant of Milner's ßcalculus with better locality and better static scoping rules. It avoids global consensus and thus may be implemented in a realistic distributed en...
Typing and Subtyping for Mobile Processes
 MATHEMATICAL STRUCTURES IN COMPUTER SCIENCE
, 1996
"... The picalculus is a process algebra that supports process mobility by focusing on the communication of channels. Milner's ..."
Abstract

Cited by 277 (18 self)
 Add to MetaCart
The picalculus is a process algebra that supports process mobility by focusing on the communication of channels. Milner's
KLAIM: a Kernel Language for Agents Interaction and Mobility
 IEEE Transactions on Software Engineering
, 1997
"... We investigate the issue of designing a kernel programming language for Mobile Computing and describe Klaim, a language that supports a programming paradigm where processes, like data, can be moved from one computing environment to another. The language consists of a core Linda with multiple tuple s ..."
Abstract

Cited by 253 (58 self)
 Add to MetaCart
(Show Context)
We investigate the issue of designing a kernel programming language for Mobile Computing and describe Klaim, a language that supports a programming paradigm where processes, like data, can be moved from one computing environment to another. The language consists of a core Linda with multiple tuple spaces and of a set of operators for building processes. Klaim naturally supports programming with explicit localities. Localities are firstclass data (they can be manipulated like any other data), but the language provides coordination mechanisms to control the interaction protocols among located processes. The formal operational semantics is useful for discussing the design of the language and provides guidelines for implementations. Klaim is equipped with a type system that statically checks access rights violations of mobile agents. Types are used to describe the intentions (read, write, execute, etc.) of processes in relation to the various localities. The type system is used...
Types for mobile ambients
 In Proc. 26th POPL
, 1999
"... Java has demonstrated the utility of type systems for mobile code, and in particular their use and implications for security. Security properties rest on the fact that a welltyped Java program (or the corresponding verified bytecode) cannot cause certain kinds of damage. In this paper we provide a ..."
Abstract

Cited by 172 (15 self)
 Add to MetaCart
(Show Context)
Java has demonstrated the utility of type systems for mobile code, and in particular their use and implications for security. Security properties rest on the fact that a welltyped Java program (or the corresponding verified bytecode) cannot cause certain kinds of damage. In this paper we provide a type system for mobile computation, that is, for computation that is continuously active before and after movement. We show that a welltyped mobile computation cannot cause certain kinds of runtime fault: it cannot cause the exchange of values of the wrong kind, anywhere in a mobile system. 1
On reductionbased process semantics
 in Proceedings of FSTTCS ’93, LNCS 761
, 1995
"... Abstract. A formulation of semantic theories for processes which is based on reduction relation and equational reasoning is studied. The new construction can induce meaningful theories for processes, both in strong and weak settings. The resulting theories in many cases coincide with, and sometimes ..."
Abstract

Cited by 162 (26 self)
 Add to MetaCart
(Show Context)
Abstract. A formulation of semantic theories for processes which is based on reduction relation and equational reasoning is studied. The new construction can induce meaningful theories for processes, both in strong and weak settings. The resulting theories in many cases coincide with, and sometimes generalise, observationbased formulation of behavioural equivalence. The basic construction of reductionbased theories is studied, taking a simple name passing calculus called $\nu$calculus as an example. Results on other calculi are also briefly discussed. 1
The Fusion Calculus: Expressiveness and Symmetry in Mobile Processes (Extended Abstract)
 LICS'98
, 1998
"... We present the fusion calculus as a significant step towards a canonical calculus of concurrency. It simplifies and extends the πcalculus.
The fusion calculus contains the polyadic πcalculus as a proper subcalculus and thus inherits all its expressive power. The gain is that fusion contains action ..."
Abstract

Cited by 138 (14 self)
 Add to MetaCart
(Show Context)
We present the fusion calculus as a significant step towards a canonical calculus of concurrency. It simplifies and extends the πcalculus.
The fusion calculus contains the polyadic πcalculus as a proper subcalculus and thus inherits all its expressive power. The gain is that fusion contains actions akin to updating a shared state, and a scoping construct for bounding their effects. Therefore it is easier to represent computational models such as concurrent constraints formalisms. It is also easy to represent the so called strong reduction strategies in the lambdacalculus, involving reduction under abstraction. In the πcalculus these tasks require elaborate encodings.
The dramatic main point of this paper is that we achieve these improvements by simplifying the πcalculus rather than adding features to it. The fusion calculus has only one binding operator where the πcalculus has two (input and restriction). It has a complete symmetry between input and output actions where the πcalculus has not. There is only one sensible variety of bisimulation congruence where the picalculus has at least three (early, late and open). Proofs about the fusion calculus, for example in complete axiomatizations and full abstraction, therefore are shorter and clearer.
Our results on the fusion calculus in this paper are the following. We give a structured operational semantics in the traditional style. The novelty lies in a new kind of action, fusion actions for emulating updates of a shared state. We prove that the calculus contains the πcalculus as a subcalculus. We define and motivate the bisimulation equivalence and prove a simple characterization of its induced congruence, which is given two versions of a complete axiomatization for finite terms. The expressive power of the calculus is demonstrated by giving a straightforward encoding of the strong lazy lambdacalculus, which admits reduction under lambda abstraction.
The reflexive CHAM and the joincalculus
 IN PROCEEDINGS OF THE 23RD ACM SYMPOSIUM ON PRINCIPLES OF PROGRAMMING LANGUAGES
"... By adding reflexion to the chemical machine of Berry and Boudol, we obtain a formal model of concurrency that is consistent with mobility and distribution. Our model provides the foundations of a programming language with functional and objectoriented features. It can also be seen as a process calc ..."
Abstract

Cited by 134 (0 self)
 Add to MetaCart
By adding reflexion to the chemical machine of Berry and Boudol, we obtain a formal model of concurrency that is consistent with mobility and distribution. Our model provides the foundations of a programming language with functional and objectoriented features. It can also be seen as a process calculus, the joincalculus, which we prove equivalent to the picalculus of Milner, Parrow and Walker.
Decoding Choice Encodings
, 1999
"... We study two encodings of the asynchronous #calculus with inputguarded choice into its choicefree fragment. One encoding is divergencefree, but refines the atomic commitment of choice into gradual commitment. The other preserves atomicity, but introduces divergence. The divergent encoding is ..."
Abstract

Cited by 108 (5 self)
 Add to MetaCart
We study two encodings of the asynchronous #calculus with inputguarded choice into its choicefree fragment. One encoding is divergencefree, but refines the atomic commitment of choice into gradual commitment. The other preserves atomicity, but introduces divergence. The divergent encoding is fully abstract with respect to weak bisimulation, but the more natural divergencefree encoding is not. Instead, we show that it is fully abstract with respect to coupled simulation, a slightly coarserbut still coinductively definedequivalence that does not enforce bisimilarity of internal branching decisions. The correctness proofs for the two choice encodings introduce a novel proof technique exploiting the properties of explicit decodings from translations to source terms.