Showing papers on "Process calculus published in 2007"

A calculus for orchestration of web services

Abstract: We introduce COWS (Calculus for Orchestration of Web Services), a new foundational language for SOC whose design has been influenced by WS-BPEL, the de facto standard language for orchestration of web services. COWS combines in an original way a number of ingredients borrowed from well-known process calculi, e.g. asynchronous communication, polyadic synchronization, pattern matching, protection, delimited receiving and killing activities, while resulting different fromany of them. Several examples illustrates COWS peculiarities and show its expressiveness both for modelling imperative and orchestration constructs, e.g. web services, flow graphs, fault and compensation handlers, and for encoding other process and orchestration languages.

Reactive Systems: Modelling, Specification and Verification

Abstract: Formal methods is the term used to describe the specification and verification of software and software systems using mathematical logic. Various methodologies have been developed and incorporated into software tools. An important subclass is distributed systems. There are many books that look at particular methodologies for such systems, e.g. CSP, process algebra. This book offers a more balanced introduction for graduate students that describes the various approaches, their strengths and weaknesses, and when they are best used. Milner CCS and its operational semantics are introduced, together with notions of behavioural equivalence based on bisimulation techniques and with variants of Hennessy-Milner modal logics. Later in the book, the presented theories are extended to take timing issues into account. The book has arisen from various courses taught in Iceland and Denmark and is designed to give students a broad introduction to the area, with exercises throughout.

Just fast keying in the pi calculus

Abstract: JFK is a recent, attractive protocol for fast key establishment as part of securing IP communication. In this paper, we formally analyze this protocol in the applied pi calculus (partly in terms of observational equivalences and partly with the assistance of an automatic protocol verifier). We treat JFK's core security properties and also other properties that are rarely articulated and rigorously studied, such as plausible deniability and resistance to denial-of-service attacks. In the course of this analysis, we found some ambiguities and minor problems, such as limitations in identity protection, but we mostly obtain positive results about JFK. For this purpose, we develop ideas and techniques that should be more generally useful in the specification and verification of security protocols.

Disciplining Orchestration and Conversation in Service-Oriented Computing

Abstract: We give a formal account of a calculus for modeling service-based systems, suitable to describe both service composition (orchestration) and the protocol that services run when invoked (conversation). The calculus includes primitives for defining and invoking services, for isolating conversations between clients and servers, and for orchestrating services. The calculus is equipped with a reduction and a labeled transition semantics related by an equivalence result. To hint how the structuring mechanisms of the language can be exploited for static analysis we present a simple type system guaranteeing the compatibility between client and server protocols, an application of bisimilarity to prove equivalence among services, and we discuss deadlock-avoidance.

An Observational Theory for Mobile Ad Hoc Networks

Abstract: We propose a process calculus to study the observational theory of Mobile Ad Hoc Networks. The operational semantics of our calculus is given both in terms of a Reduction Semantics and in terms of a Labelled Transition Semantics. We prove that the two semantics coincide. The labelled transition system is then used to derive the notions of simulation and bisimulation for ad hoc networks. As a main result, we prove that the (weak) labelled bisimilarity completely characterises (weak) reduction barbed congruence, a standard, branching-time, contextually-defined program equivalence. We then use our (bi)simulation proof methods to formally prove a number of non-trivial properties of ad hoc networks.

Stochastic process algebras

Abstract: In this tutorial we give an introduction to stochastic process algebras and their use in performance modelling, with a focus on the PEPA formalism. A brief introduction is given to the motivations for extending classical process algebra with stochastic times and probabilistic choice. We then present an introduction to the modelling capabilities of the formalism and the tools available to support Markovian based analysis. The chapter is illustrated throughout by small examples, demonstrating the use of the formalism and the tools.

A type discipline for authorization policies

Abstract: Distributed systems and applications are often expected to enforce high-level authorization policies. To this end, the code for these systems relies on lower-level security mechanisms such as digital signatures, local ACLs, and encrypted communications. In principle, authorization specifications can be separated from code and carefully audited. Logic programs in particular can express policies in a simple, abstract manner.We consider the problem of checking whether a distributed implementation based on communication channels and cryptography complies with a logical authorization policy. We formalize authorization policies and their connection to code by embedding logical predicates and claims within a process calculus. We formulate policy compliance operationally by composing a process model of the distributed system with an arbitrary opponent process. Moreover, we propose a dependent type system for verifying policy compliance of implementation code. Using Datalog as an authorization logic, we show how to type several examples using policies and present a general schema for compiling policies.

International Symposium on Fundamentals of Software Engineering, International Symposium, FSEN 2007, Tehran, Iran, April 17-19, 2007, Proceedings

Abstract: Finite Abstract Models for Deterministic Transition Systems: Fair Parallel Composition and Refinement-Preserving Logic.- Slicing Abstractions.- Nuovo DRM Paradiso: Towards a Verified Fair DRM Scheme.- Formalizing Compatibility and Substitutability in Communication Protocols Using I/O-Constraint Automata.- Is Your Security Protocol on Time ?.- Adapting the UPPAAL Model of a Distributed Lift System.- Zone-Based Universality Analysis for Single-Clock Timed Automata.- Compositional Semantics of System-Level Designs Written in SystemC.- Reusing Requirements: The Need for Extended Variability Models.- Test Selection Criteria for Quantifier-Free First-Order Specifications.- Formal Testing of Systems Presenting Soft and Hard Deadlines.- Automatic Composition of Stateless Components: A Logical Reasoning Approach.- A Model of Component-Based Programming.- Contract Based Multi-party Service Composition.- Regulating Data Exchange in Service Oriented Applications.- A Behavioural Congruence for Web Services.- Logic-Based Detection of Conflicts in Appel Policies.- Hoare Logic for ARM Machine Code.- Action Abstraction in Timed Process Algebra.- Type Abstractions of Name-Passing Processes.- Formal Specification of Multi-agent Systems by Using EUSMs.- Strong Safe Realizability of Message Sequence Chart Specifications.- Implication-Based Approximating Bounded Model Checking.- Logical Bisimulations and Functional Languages.- Efficient State Space Reduction for Automata by Fair Simulation.- Model Checking Temporal Metric Specifications with Trio2Promela.- Design and Implementation of a Dynamic-Reconfigurable Architecture for Protocol Stack.- Vulnerability Analysis in VGBPS Using Prolog.- An Alternative Algorithm for Constraint Automata Product.- A Review on Specifying Software Architectures Using Extended Automata-Based Models.- ArchC#: A New Architecture Description Language for Distributed Systems.- Relationships Meet Their Roles in Object Oriented Programming.

A process-algebraic approach to workflow specification and refinement

Abstract: This paper describes a process-algebraic approach to specification and refinement of workflow processes. In particular, we model both specification and implementation of workflows as CSP processes. CSP's behavioural models and their respective refinement relations not only enable us to prove correctness properties of an individual workflow process against its behavioural specification but also allows us to design and develop workflow processes compositionally. Moreover, coupled with CSP is an industrial strength automated model checker FDR, which allows behavioural properties of workflow models to be proved automatically. This paper details some CSP models of van der Aalst et al.'s control flow workflow patterns, and illustrates behavioural specification and refinement of workflow systems with a business process scenario.

The PEPA Plug-in Project

Abstract: We present a GUI-based tool supporting the stochastic process algebra PEPA with modules for performance evaluation through Markovian steady-state analysis, fluid flow analysis, and stochastic simulation.

A probabilistic applied pi-calculus

Abstract: We propose an extension of the Applied Pi-calculus by introducing nondeterministic and probabilistic choice operators. The semantics of the resulting model, in which probability and nondeterminism are combined, is given by Segala's Probabilistic Automata driven by schedulers which resolve the nondeterministic choice among the probability distributions over target states. Notions of static and observational equivalence are given for the enriched calculus. In order to model the possible interaction of a process with its surrounding environment a labeled semantics is given together with a notion of weak bisimulation which is shown to coincide with the observational equivalence. Finally, we prove that results in the probabilistic framework are preserved in a purely nondeterministic setting.

Qualitative and Quantitative Formal Modeling of Biological Systems

Abstract: Cell Biology, the study of the morphological and functional organization of cells, is now an established field in biochemical research. Computer Science can help the research in Cell Biology in several ways. For instance, it can provide biologists with models and formalisms able to describe and analyze complex systems such as cells. In the last few years many formalisms, originally developed by computer scientists to model systems of interacting components, have been applied to Biology. Among these, there are Petri Nets, Hybrid Systems, and the π-calculus. Moreover, formalisms such as P Systems, originally developed to study new computational paradigms inspired by Biology, have recently found application to the description of biological phenomena. Finally, some new formalisms have been proposed to describe biomolecular and membrane interactions. The first advantage of using formal models to describe biological systems is that they avoid ambiguities. In fact, ambiguity is often a problem of the notations used by biologists. Moreover, the formal modeling of biological systems allows the development of simulators, which can be used to understand how the described system behaves in normal conditions, and how it reacts to changes in the environment and to alterations of some of its components. Furthermore, formal models allow the verification of properties of the described systems, by means of tools (such as model checkers) which are well established and widely used in other application fields of Computer Science, but unknown to biologists. In this thesis we develop a formalism for the description of biological systems, called Calculus of Looping Sequences (CLS), based on term rewriting and including some typical features of process calculi for concurrency. What we want to achieve is a formalism that allows describing proteins, DNA fragments, membranes and other macromolecules, without ignoring the physical structure of these elements, and by keeping the syntax and the semantics of the formalism as simple as possible. CLS terms are constructed from an alphabet of basic symbols (representing simple molecules) and include operators for the creation of sequences (representing proteins and DNA fragments), of closed sequences which may contain something (representing membranes), and of multisets of all these elements (representing juxtaposition). A CLS term describes the structure of the system under study, and its evolution is given by the application of rewrite rules describing the events that may occur in the system, and how the system changes after the occurrence of one of these events. We equip CLS with an operational semantics describing the possible evolutions of the system by means of application of given rewrite rules, and we show that other formalisms for the description of membranes can be encoded into CLS in a sound and complete way. We propose bisimilarity as a tool to verify properties of the described systems. Bisimilarity is widely accepted as the finest extensional behavioral equivalence one may want to impose on systems. It may be used to verify a property of a system by assessing the bisimilarity of the considered system with a system one knows to enjoy that property. To define bisimilarity of systems, these must have semantics based on labeled transition relations capturing potential external interactions between systems and their environment. A labeled transition semantics for CLS is derived from rewrite rules by using as labels contexts that would allow rules to be applied. We define bisimulation relations upon this semantics, and we show them to be congruences with respect to the operators on terms. In order to model quantitative aspects of biological systems, such as the the frequency of a biological event, we develop a stochastic extension of CLS, called Stochastic CLS. Rates are associated with rewrite rules in order to model the speeds of the described activities. Therefore, transitions derived in Stochastic CLS are driven by exponential distributions, whose rates are obtained from the rates of the applied rewrite rules and characterize the stochastic behavior of the transitions. The choice of the next rule to be applied and of the time of its application is based on the classical Gillespie’s algorithm for simulation of chemical reactions. Stochastic CLS can be used as a formal foundation for a stochastic simulator, but also to build models to be given as an input to model checking tools. In fact, the transition system obtained by the semantics of Stochastic CLS can be easily transformed into a Continuous Time Markov Chain (CTMC). If the set of states of the CTMC is finite (namely, if the set of reachable CLS terms is finite) a standard probabilistic model checker (such as PRISM) can be used to verify properties of the described system. Finally, we propose a translation of Kohn Molecular Interaction Maps (MIMs), a compact graphical notation for biomolecular systems, into Stochastic CLS. By means of our translation, a simulator of systems described with Stochastic CLS can be used to simulate also systems described by using MIMs.

An automated translation from a narrative language for biological modelling into process algebra

Abstract: The aim of this work is twofold. First, we propose an high level textual modelling language, which is meant to be biologically intuitive and hence easily usable by life scientists in modelling intracellular systems. Secondly, we provide an automatic translation of the proposed language into Beta-binders, a bio-inspired process calculus, which allows life scientists to formally analyse and simulate their models. We use the Gp130 signalling pathway as a case study.

Stochastic COWS

Abstract: A stochastic extension of COWS is presented. First the formalism is given an operational semantics leading to finitely branching transition systems. Then its syntax and semantics are enriched along the lines of Markovian extensions of process calculi. This allows addressing quantitative reasoning about the behaviour of the specified web services. For instance, a simple case study shows that services can be analyzed using the PRISM probabilistic model checker.

Secure implementations of typed channel abstractions

Abstract: The challenges hidden in the implementation of high-level process calculi into low-level environments are well understood [3]. This paper develops a secure implementation of a typed pi calculus, in which capability types are employed to realize the policies for the access to communication channels. Our implementation compiles high-level processes of the pi-calculus into low-level principals of a cryptographic process calculus based on the applied-pi calculus [1]. In this translation, the high-level type capabilities are implemented as term capabilities protected by encryption keys only known to the intended receivers. As such, the implementation is effective even when the compiled, low-level principals are deployed in open contexts for which no assumption on trust and behavior may be made. Our technique and results draw on, and extend, previous work on secure implementation of channel abstractions in a dialect of the join calculus [2]. In particular, our translation preserves the forward secrecy of communications in a calculus that includes matching and supports the dynamic exchange of write and read access-rights among processes. We establish the adequacy and full abstraction of the implementation by contrasting the untyped equivalences of the low-level cryptographic calculus, with the typed equivalences of the high-level source calculus.

A core calculus for a comparative analysis of bio-inspired calculi

Abstract: The application of process calculi theory to the modeling and the analysis of biological phenomena has recently attracted the interests of the scientific community. To this aim several specialized, bio-inspired process calculi have been proposed, but a formal comparison of their expressivity is still lacking. In this paper we present π@, an extension of the π-Calculus with priorities and polyadic synchronisation that turns out to be suitable to act as a core platform for the comparison of other calculi. Here we show π@ at work by providing "reasonable" encodings of the two most popular calculi for modeling membrane interactions, namely, BioAmbients and Brane Calculi.

Semantic barbs and biorthogonality

Abstract: We use the framework of biorthogonality to introduce a novel semantic definition of the concept of barb (basic observable) for process calculi. We develop a uniform basic theory of barbs and demonstrate its robustness by showing that it gives rise to the correct observables in specific process calculi which model synchronous, asynchronous and broadcast communication regimes.

Formal Verification of CHP Specifications with CADP Illustration on an Asynchronous Network-on-Chip

Abstract: Few formal verification techniques are currently available for asynchronous designs. In this paper, we describe a new approach for the formal verification of asynchronous architectures described in the high-level language CHP, by using model checking techniques provided by the CADP toolbox. Our proposal is based on an automatic translation from CHP into LOTOS, the process algebra used in CADP. A translator has been implemented, which handles full CHP including the specific probe operator. The CADP toolbox capabilities allow the designer to verify properties such as deadlock-freedom or protocol correctness on substantial systems. Our approach has been successfully applied to formally verify two complex designs. In this paper, we illustrate our technique on an asynchronous network-on-chip architecture. Its formal verification highlights the need to carefully design systems exhibiting non-deterministic behavior.

Replicating web services for scalability

Abstract: Web service instances are often replicated to allow service provision to scale to support larger population sizes of users. However, such systems are difficult to analyse because the scale and complexity inherent in the system itself poses challenges for accurate qualitative or quantitative modelling. We use two process calculi cooperatively in the analysis of an example Web service replicated across many servers. The SOCK calculus is used to model service-oriented aspects closely and the PEPA calculus is used to analyse the performance of the system under increasing load.

A CSP model of Eiffel’s SCOOP

Abstract: The current informal semantics of the simple concurrent object-oriented programming (SCOOP) mechanism for Eiffel is described. We construct and discuss a model using the process algebra CSP. This model gives a more formal semantics for SCOOP than existed previously. We implement the model mechanically via a new tool called CSPsim. We examine two semantic variations of SCOOP: when and how far to pass locks, and when to wait for child calls to complete. We provide evidence that waiting for child calls to complete both unnecessarily reduces parallelism without any increase in safety and increases deadlocks involving callbacks. Through the creation and analysis of the model, we identify a number of ambiguities relating to reservations and the underlying run-time system and propose means to resolve them.

Model checking the probabilistic pi-calculus

Abstract: We present an implementation of model checking for the probabilistic pi-calculus-calculus, a process algebra which supports modelling of concurrency, mobility and discrete probabilistic behaviour. Formal verification techniques for this calculus have clear applications in several domains, including mobile ad-hoc network protocols and random security protocols. Despite this, no implementation of automated verification exists. Building upon the (non-probabilistic) pi-calculus model checker MMC, we first show an automated procedure for constructing the Markov decision process representing a probabilistic pi-calculus process. This can then be verified using existing probabilistic model checkers such as PRISM. Secondly, we demonstrate how for a large class of systems a more efficient, compositional approach can be applied, which uses our extension of MMC on each parallel component of the system and then translates the results into a high-level model description for the PRISM tool. The feasibility of our techniques is demonstrated through three case studies from the pi-calculus literature.

Formalising the π-calculus using nominal logic

Abstract: We formalise the pi-calculus using the nominal datatype package, a package based on ideas from the nominal logic by Pitts et al., and demonstrate an implementation in Isabelle/HOL. The purpose is to derive powerful induction rules for the semantics in order to conduct machine checkable proofs, closely following the intuitive arguments found in manual proofs. In this way we have covered many of the standard theorems of bisimulation equivalence and congruence, both late and early, and both strong and weak in a unison manner. We thus provide one of the most extensive formalisations of a process calculus ever done inside a theorem prover. A significant gain in our formulation is that agents are identified up to alpha-equivalence, thereby greatly reducing the arguments about bound names. This is a normal strategy for manual proofs about the pi-calculus, but that kind of hand waving has previously been difficult to incorporate smoothly in an interactive theorem prover. We show how the nominal logic formalism and its support in Isabelle accomplishes this and thus significantly reduces the tedium of conducting completely formal proofs. This improves on previous work using weak higher order abstract syntax since we do not need extra assumptions to filter out exotic terms and can keep all arguments within a familiar first-order logic.