## Bisimulation Congruences in Safe Ambients (2001)

Venue: | In 29th ACM Symposium on Principles of Programming Languages (POPL |

Citations: | 55 - 7 self |

### BibTeX

@INPROCEEDINGS{Merro01bisimulationcongruences,

author = {Massimo Merro and Matthew Hennessy},

title = {Bisimulation Congruences in Safe Ambients},

booktitle = {In 29th ACM Symposium on Principles of Programming Languages (POPL},

year = {2001},

pages = {71--80},

publisher = {ACM Press}

}

### Years of Citing Articles

### OpenURL

### Abstract

We study a variant of Levi and Sangiorgi's Safe Ambients (SA) enriched with passwords (SAP). In SAP by managing passwords, for example generating new ones and distributing them selectively, an ambient may now program who may migrate into its computation space, and when. Moreover in SAP an ambient may provide different services depending on the passwords exhibited by its incoming clients. We give an lts based operational semantics for SAP and a labelled bisimulation based equivalence which is proved to coincide with barbed congruence. Our notion of bisimulation is used to prove a set of algebraic laws which are subsequently exploited to prove more significant examples. 1

### Citations

3360 |
Communication and Concurrency
- Milner
- 1989
(Show Context)
Citation Context ...w that = remains invariant under a large choice of possible observation predicates. 3 A Labelled Transition Semantics The capabilities or prefixes C in our language give rise, in the standard manner, =-=[10]-=-, to actions of the form C:P C 7\Gamma! Q. These actions could be used to define a versions of weak bisimulation equivalence over processes,sbad , again in the standard manner, [10]. However it should... |

1048 | A Calculus of Mobile Processes
- Milner, Parrow, et al.
- 1992
(Show Context)
Citation Context ...es, which allow entry to or exit from named ambients. Thus ambient names, such as n, are used to control access to the ambient's computation space and may be dynamically created as in the Picalculus, =-=[11]-=-, using the construct nP ; here knowledge of n is restricted to P . For example the system k[ inhni:R 1 j R 2 ] j n[ openhki:P j m[outhni:Q 1 j Q 2 ] ] contains two ambients, k and n, running concurre... |

836 | Mobile ambients
- Cardelli, Gordon
(Show Context)
Citation Context ...on is used to prove a set of algebraic laws which are subsequently exploited to prove more significant examples. 1 Introduction The calculus of Mobile Ambients, abbreviated MA, has been introduced in =-=[5]-=- as a novel process calculus for describing mobile agents. The term n[P ] represents an agent, or ambient, named n, executing the code P . Intuitively n[P ] represents a bounded and protected space in... |

266 |
Expressing Mobility in Process Algebras: First-Order and Higher-Order Paradigms
- Sangiorgi
- 1992
(Show Context)
Citation Context ... about; see for example the proof of the equational laws in [8]. However bisimulation relations, because of their co-inductive nature, provide powerful proof techniques for establishing equivalences, =-=[13, 17, 14]-=-; these are based on descriptions of processes in terms of a labelled transition system, or lts, a collection of relations of the form P ff \Gamma\Gamma! Q: Intuitively this means that the system P ma... |

230 | Barbed bisimulation
- Sangiorgi, Milner
- 1992
(Show Context)
Citation Context ...sswords exhibited by its clients. We call this extended language Safe Ambients with Passwords, abbreviated SAP. It is formally defined, with a reduction semantics in Section 2. Following the ideas of =-=[7, 12]-=- it is straightforward to define a contextual equivalence between terms in SAP, or indeed any of the many other variants of ambients. We let = be the largest equivalence relation between terms which i... |

165 | anywhere: Modal logics for mobile ambients
- Cardelli, Gordon, et al.
(Show Context)
Citation Context ...tensional bisimilarity for MA which separates terms on the basis of their internal structure. Sangiorgi shows that his bisimilarity coincides with the equivalence induced by the logic for MA given in =-=[4]-=- and and more surprisingly with structural congruence 2 . This result somehow shows that the algebraic theory of Mobile Ambient is quite poor. With some work our lts can be adapted to both MA and SA. ... |

161 | Types for mobile ambients
- Cardelli, Gordon
- 1999
(Show Context)
Citation Context ...The second, n, contains a sub-ambient m[ : : : ], in addition to the capability openhki, which allows the opening of any ambient named k which migrates into the computation space of n. Papers such as =-=[5, 3]-=- demonstrate that this calculus is very effective in formally describing the run-time behaviour of mobile agents. However we believe that the development of semantic theories for ambients has had more... |

144 | On reduction-based process semantics
- Honda, Yoshida
- 1995
(Show Context)
Citation Context ...sswords exhibited by its clients. We call this extended language Safe Ambients with Passwords, abbreviated SAP. It is formally defined, with a reduction semantics in Section 2. Following the ideas of =-=[7, 12]-=- it is straightforward to define a contextual equivalence between terms in SAP, or indeed any of the many other variants of ambients. We let = be the largest equivalence relation between terms which i... |

97 | Seal: A framework for Secure Mobile Computations
- Vitek, Castagna
- 1999
(Show Context)
Citation Context ... as P , and an input process 8 (x):Q which on receiving a message binds it to x in Q which then executes; here occurrences of x in Q are bound. Notice that we have synchronous output; as discussed in =-=[19, 16, 1]-=- this is not unrealistic because communication is always local. The syntax of our extended language is given in the Appendix in Table 5. The operational semantics is defined over processes, i.e. terms... |

80 | Boxed ambients
- Bugliesi, Castagna, et al.
(Show Context)
Citation Context ... as P , and an input process 8 (x):Q which on receiving a message binds it to x in Q which then executes; here occurrences of x in Q are bound. Notice that we have synchronous output; as discussed in =-=[19, 16, 1]-=- this is not unrealistic because communication is always local. The syntax of our extended language is given in the Appendix in Table 5. The operational semantics is defined over processes, i.e. terms... |

58 | Bisimulation for Higher-Order Process Calculi
- Sangiorgi
- 1996
(Show Context)
Citation Context ... original definition. 4.2 Labelled Bisimilarity One possible approach to defining a behavioural equivalence would be to adapt to our language SAP the notion of higher-order weak bisimilarity given in =-=[15]-=- for HO. This uses weak actions of the form \Gamma!sff \Gamma\Gamma!, and since certain actions have concretions as residuals it also requires a method for comparing concretions. In the full version o... |

57 | The lazy lambda calculus in a concurrency scenario
- Sangiorgi
- 1994
(Show Context)
Citation Context ... about; see for example the proof of the equational laws in [8]. However bisimulation relations, because of their co-inductive nature, provide powerful proof techniques for establishing equivalences, =-=[13, 17, 14]-=-; these are based on descriptions of processes in terms of a labelled transition system, or lts, a collection of relations of the form P ff \Gamma\Gamma! Q: Intuitively this means that the system P ma... |

43 | Extensionality and intensionality of the ambient logic
- Sangiorgi
- 2001
(Show Context)
Citation Context ... as P , and an input process 8 (x):Q which on receiving a message binds it to x in Q which then executes; here occurrences of x in Q are bound. Notice that we have synchronous output; as discussed in =-=[19, 16, 1]-=- this is not unrealistic because communication is always local. The syntax of our extended language is given in the Appendix in Table 5. The operational semantics is defined over processes, i.e. terms... |

31 | Typed behavioural equivalences for processes in the presence of subtyping
- Hennessy, Rathke
(Show Context)
Citation Context ...teresting typing disciplines for mobile code making use of passwords. Even more, we think we can derive a labelled characterisation of typed barbed congruence along the lines of Hennessy and Rathke's =-=[6]-=-. Acknowledgements The authors would like to thank Julian Rathke and Davide Sangiorgi for insightful discussions on higherorder process calculi and Safe Ambients, respectively, and the anonymous refer... |

17 |
The problem of "weak bisimulation up to
- Sangiorgi, Milner
- 1992
(Show Context)
Citation Context ... about; see for example the proof of the equational laws in [8]. However bisimulation relations, because of their co-inductive nature, provide powerful proof techniques for establishing equivalences, =-=[13, 17, 14]-=-; these are based on descriptions of processes in terms of a labelled transition system, or lts, a collection of relations of the form P ff \Gamma\Gamma! Q: Intuitively this means that the system P ma... |

8 |
Transition Systems for the Ambient Calculus
- Vigliotti
- 1998
(Show Context)
Citation Context ...ned by keeping the passwords secret, in this law we have to restrict on these, rather than on the names f and a. 10 7 Conclusion and Related Work Higher-order ltss for Mobile Ambients can be found in =-=[2, 18]-=-. However we are not aware of any form of bisimilarity defined using these ltss. Our lts is inspired by that in [8] which differs from ours mainly in two respects. The first is that in our lts the co-... |

5 |
A commitment relation for the ambient calculus, unpublished notes
- Cardelli, Gordon
- 1996
(Show Context)
Citation Context ...ned by keeping the passwords secret, in this law we have to restrict on these, rather than on the names f and a. 10 7 Conclusion and Related Work Higher-order ltss for Mobile Ambients can be found in =-=[2, 18]-=-. However we are not aware of any form of bisimilarity defined using these ltss. Our lts is inspired by that in [8] which differs from ours mainly in two respects. The first is that in our lts the co-... |

2 |
Controlling interference in ambients. Short version appeared
- Levi, Sangiorgi
- 2000
(Show Context)
Citation Context ...s two questions: ffl What is the appropriate notion of semantic equivalencesfor ambients? 1 ffl What proof methods exist for establishing such equivalences? This is the topic of the current paper. In =-=[8]-=- it has been argued that the calculus MA, as given in [5], is qualitatively different from more standard process calculi such as the Picalculus [11]. It is difficult for ambients to control potential ... |