Marcelo P. Fiore

Computing symbolic models for verifying cryptographic protocols

Abstract: We consider the problem of automatically verifying infinite-state cryptographic protocols. Specifically, we present an algorithm that given a finite process describing a protocol in a hostile environment (trying to force the system into a bad state) computes a model of traces on which security properties can be checked. Because of unbounded inputs from the environment, even finite processes have an infinite set of traces; the main focus of our approach is the reduction of this infinite set to a finite set by a symbolic analysis of the knowledge of the environment. Our algorithm is sound (and we conjecture complete) for protocols with shared-key encryption/decryption that use arbitrary messages as keys; further it is complete in the common and important case in which the cryptographic keys are messages of bounded size.

Comparing operational models of name-passing process calculi

We study three operational models of name-passing process calculi: coalgebras on (pre)sheaves, indexed labelled transition systems, and history dependent automata. The coalgebraic model is considered both for presheaves over the category of finite sets and injections, and for its subcategory of atomic sheaves known as the Schanuel topos. Each coalgebra induces an indexed labelled transition system. Such transition systems are characterised, relating the coalgebraic approach to an existing model of name-passing. Further, we consider internal labelled transition systems within the sheaf topos, and axiomatise a class that is in precise correspondence with the coalgebraic and the indexed labelled transition system models. By establishing and exploiting the equivalence of the Schanuel topos with a category of named-sets, these internal labelled transition systems are also related to the theory of history dependent automata.

Weak bisimulation and open maps

A systematic treatment of weak bisimulation and observational congruence on presheaf models is presented. The theory is developed with respect to a hiding functor from a category of paths to observable paths. Via a view of processes as bundles, we are able to account for weak morphisms (roughly only required to preserve observable paths) and to derive a saturation monad (on the category of presheaves over the category of paths). Weak morphisms may be encoded as strong ones via the Kleisli construction associated to the saturation monad. A general notion of weak open-map bisimulation is introduced, and results relating various notions of strong and weak bisimulation are provided. The abstract theory is accompanied by fine concrete study of two key models for concurrency, the interleaving model of synchronisation trees and the independence model of labelled event structures.

A Congruence Rule Format for Name-Passing Process Calculi from Mathematical Structural Operational Semantics

We introduce a mathematical structural operational semantics that yields a congruence result for bisimilarity and is suitable for investigating rule formats for name-passing systems. Indeed, we instantiate this general abstract model theory in a framework of nominal sets and extract from it a GSOS-like rule format for name-passing process calculi for which the associated notion of behavioural equivalence - given by a form of open bisimilarity - is a congruence

A theory of recursive domains with applications to concurrency

We develop a 2-categorical theory for recursively defined domains. In particular we generalise the traditional approach based on order-theoretic structures to category-theoretic ones. A motivation for this development is the need of a domain theory for concurrency, with an account of bisimulation. Indeed, the leading examples throughout the paper are provided by recursively defined presheaf models for concurrent process calculi. Further we use the framework to study (open-map) bisimulation.

A congruence rule format for name-passing process calculi

Abstract We introduce a GSOS-like rule format for name-passing process calculi. Specifications in this format correspond to theories in nominal logic. The intended models of such specifications arise by initiality from a general categorical model theory. For operational semantics given in this rule format, a natural behavioural equivalence—a form of open bisimilarity—is a congruence.

Unique factorisation lifting functors and categories of linearly-controlled processes

We consider processes consisting of a category of states varying over a control category as prescribed by a unique factorisation lifting functor. After a brief analysis of the structure of general processes in this setting, we restrict attention to linearly-controlled ones. To this end, we introduce and study a notion of path-linearisable category in which any two paths of morphisms with equal composites can be linearised (or interleaved) in a canonical fashion. Our main result is that categories of linearly-controlled processes (viz., processes controlled by path-linearisable categories) are sheaf models.

Recursive types in games: axiomatics and process representation

This paper presents two basic results on game-based semantics of FPC, a metalanguage with sums, products, exponentials and recursive types. First we give an axiomatic account of the category of games G, offering a fundamental structural analysis of the category as well as a transparent way to prove computational adequacy. As a consequence we obtain an intensional full-abstraction result through a standard definability argument. Next we extend the category G by introducing a category of games G/sub i/ with optimised strategies; we show that the denotational semantics in G/sub i/ gives a compilation of FPC terms into core Pict codes (the asynchronous polyadic /spl pi/-calculus without summation). The process representation follows a pioneering idea of Hyland and Ong (1995). However we advance their representation by introducing semantically well-founded optimisation techniques; we also extend the setting to encompass the rich type structure of FPC. The resulting code gives basic insight on the relationship between the abstract, categorical, types and their possible implementations.

Comparing Operational Models of Name-Passing Process Calculi

We study three operational models of name-passing process calculi: coalgebras on (pre)sheaves, indexed labelled transition systems, and history dependent automata.The coalgebraic model is considered both for presheaves over the category of finite sets and injections, and for its subcategory of atomic sheaves known as the Schanuel topos. We characterise the transition relations induced by the coalgebraic model, observing the differences between the first two models. Furthermore by imposing conditions on history dependent automata, this model is shown to become equivalent to the sheaf-theoretic coalgebraic model.

Fibred Models of Processes: Discrete, Continuous, and Hybrid Systems

We present the rudiments of a unifying theory of general processes encompassing discrete, continuous, and hybrid systems. The main focus is on the study of process behaviour, but constructions on processes are also considered in some detail. In particular, we show that processes admit an abstract, conceptual treatment of bisimilarity via the notion of open map (as advocated by Winskel et al.). Furthermore, we present a tool-kit of categorical constructions on processes that can be regarded as the basis of a process description language. Within the general theory, typical operations of process calculi on discrete and hybrid systems are discussed.