A. W. Roscoe

A Theory of Communicating Sequential Processes

A mathematical model for communicating sequential processes isgiven, and a number of its interesting and useful properties arestated and proved. The possibilities of nondetermimsm are fullytaken into account.

A timed model for communicating sequential processes

The parallel language CSP [9], an earlier version of which was described in [7], has become a major tool for the analysis of structuring methods and proof systems involving parallelism. The significance of CSP is in the elegance by which a few simply stated constructs (e.g., sequential and parallel composition, nondeterministic choice, concealment, and recursion) lead to a language capable of expressing the full complexity of distributed computing. The difficulty in achieving satisfactory semantic models containing these constructs has been in providing an adequate treatment of nondeterminism, deadlock, and divergence. Fortunately, as a result of an evolutionay development in [S], [lo], [15], [l], [14], [2], and [4] we now have several such models. The purpose of this paper is to report the development of the first real-time models of CSP to be compatible with the properties and proof systems of the abovementioned untimed models. Our objective in this development is the construction of a timed CSP model which satisfies the following: (1) Continuous with respect to time. The time domain should consist of all nonnegative real numbers, and there should be no lower bound on the time difference between consecutive observable events from two processes operating asynchronously in parallel. (2) Realistic. A given process should engage in only finitely many events in a bounded period of time. (3) Continuous and distributive with respect to semantic operators. All semantic operators should be continuous, and all the basic operators as defined in [2], except recursion, should distribute over nondeterministic choice. (4) Verijiable design. The model should provide a basis for the definition, specification, and verification of time critical processes with an adequate treatment of nondeterminism, which assists in avoidance of deadlock and divergence.

Laws of programming

A complete set of algebraic laws is given for Dijkstras nondeterministic sequential programming language. Iteration and recursion are explained in terms of Scotts domain theory as fixed points of continuous functionals. A calculus analogous to weakest preconditions is suggested as an aid to deriving programs from their specifications.

Understanding Concurrent Systems

CSP notation has been used extensively for teaching and applying concurrency theory, ever since the publication of the text Communicating Sequential Processes by C.A.R. Hoare in 1985. Both a programming language and a specification language, the theory of CSP helps users to understand concurrent systems, and to decide whether a program meets its specification. As a member of the family of process algebras, the concepts of communication and interaction are presented in an algebraic style. An invaluable reference on the state of the art in CSP, Understanding Concurrent Systems also serves as a comprehensive introduction to the field, in addition to providing material for a number of more advanced courses. A first point of reference for anyone wanting to use CSP or learn about its theory, the book also introduces other views of concurrency, using CSP to model and explain these. The text is fully integrated with CSP-based tools such as FDR, and describes how to create new tools based on FDR. Most of the book relies on no theoretical background other than a basic knowledge of sets and sequences. Sophisticated mathematical arguments are avoided whenever possible. Topics and features: presents a comprehensive introduction to CSP; discusses the latest advances in CSP, covering topics of operational semantics, denotational models, finite observation models and infinite-behaviour models, and algebraic semantics; explores the practical application of CSP, including timed modelling, discrete modelling, parameterised verifications and the state explosion problem, and advanced topics in the use of FDR; examines the ability of CSP to describe and enable reasoning about parallel systems modelled in other paradigms; covers a broad variety of concurrent systems, including combinatorial, timed, priority-based, mobile, shared variable, statecharts, buffered and asynchronous systems; contains exercises and case studies to support the text; supplies further tools and information at the associated website: http://www.comlab.ox.ac.uk/ucs/. From undergraduate students of computer science in need of an introduction to the area, to researchers and practitioners desiring a more in-depth understanding of theory and practice of concurrent systems, this broad-ranging text/reference is essential reading for anyone interested in Hoares CSP.

CSP and determinism in security modelling

We show how a variety of confidentiality properties can be expressed in terms of the abstraction mechanisms that CSP provides. We argue that determinism of the abstracted low-security viewpoint provides the best type of property. By changing the form of abstraction mechanism we are able to model different assumptions about how systems behave, including handling the distinction between input and output actions. A detailed analysis of the nature of nondeterminism shows why certain security properties have had the paradoxical property of not being preserved by refinement-a disadvantage not shared by the determinism-based conditions. Finally we give an efficient algorithm for testing the determinism properties on a model-checker.<<ETX>>

Modelling and verifying key-exchange protocols using CSP and FDR

We discuss the issues involved in modelling and verifying key-exchange protocols within the framework of CSP and its model-checking tool FDR. Expressing such protocols within a process algebra forces careful consideration of exception handling, and makes it natural to consider the closely connected issues of commitment and no-loss-of service. We argue that it is often better to specify key exchange mechanisms in the context of an enclosing system rather than in isolation.

The laws of Occam programming

Abstract One of the attractive features of occam is the large number of memorable algebraic laws which exist relating programs. We investigate these laws and, by discovering a normal form for WHILE-free programs, show that they completely characterise the languages semantics.

Non-interference through determinism

The standard approach to the specification of a secure system is to present a (usually state-based) abstract security model separately from the specification of the systems functional requirements, and establishing a correspondence between the two specifications. This complex treatment has resulted in development methods distinct from those usually advocated for general applications.

Hierarchical Compression for Model-Checking CSP or How to Check 1020 Dining Philosophers for Deadlock

We have given details of how FDR2s compression works, and some simple examples of how it can expand the size of problem we can automatically check. At the time of writing we have not had time to carry out many evaluations of this new functionality on realistic-sized examples, but we have no reason to doubt that compression will allow comparable improvements in these.

Proving security protocols with model checkers by data independence techniques

Model checkers such as FDR have been extremely effective in checking for, and finding, attacks on cryptographic protocols. Their use in proving protocols has, on the other hand, generally been limited to showing that a given small instance, usually restricted by the finiteness of some set of resources such as keys and nonces, is free of attacks. While for specific protocols there are frequently good reasons for supposing that this will find any attack, it leaves a substantial gap in the method. The purpose of this paper is to show how techniques borrowed from data independence and related fields can be used to achieve the illusion, that nodes can call upon an infinite supply of different nonces, keys, etc., even though the actual types used for these things remain finite. It is thus possible to create models of protocols in which nodes do not have to stop after a small number of runs and to claim that, within certain limits, a finite-state run on a model checker has proved that a given protocol is secure from attack. The author uses a single protocol as a case study, but believe our techniques are much more widely applicable.