Matthew Collinson

Algebra and logic for resource-based systems modelling

Mathematical modelling is one of the fundamental tools of science and engineering. Very often, models are required to be executable, as a simulation, on a computer. In this paper, we present some contributions to the process-theoretic and logical foundations of discrete-event modelling with resources and processes. We present a process calculus with an explicit representation of resources in which processes and resources co-evolve. The calculus is closely connected to a logic that may be used as a specification language for properties of models. The logic is strong enough to allow requirements that a system has a certain structure: for example, that it is a parallel composite of subsystems. This work consolidates, extends and improves upon aspects of earlier work of ours in this area. An extended example, consisting of a semantics for a simple parallel programming language, indicates a connection with separating logics for concurrency.

A Logical and Computational Theory of Located Resource

Experience of practical systems modelling suggests that the key conceptual components of a model of a system are processes. resources, locations and environment. In recent work, we have given a process-theoretic account of this view in which resources as well as processes are first-class citizens. This process calculus, SCRP, captures the structural aspects of the semantics of the Demos2k (D2K) modelling tool. D2K represents environment stochastically using a wide range of probability distributions and queue-like data structures. Associated with SCRP is I (bunched) modal logic. MBI, which combines the usual additive connectives of Hennessy-Milner logic with their multiplicative counterparts. In this article, we complete our conceptual framework by adding to SCRP and MBI an account of a notion of location that is simple, yet sufficiently expressive to capture naturally a wide range of forms of location, both spatial and logical. We also provide a description of an extension of the D2K tool to incorporate this notion of location.

Semantics for structured systems modelling and simulation

Simulation modelling is an important tool for exploring and reasoning about complex systems. Many supporting languages are available. Commonly occurring features of these languages are constructs capturing concepts such as process, resource, and location. We describe a mathematical framework that supports a modelling idiom based on these core concepts, and which adopts stochastic methods for representing the environments within which systems exist. We explain how this framework can be used to give a semantics to a simulation modelling language, Core Gnosis, that includes basic constructs for process, resource, and location. We include a brief discussion of a logic for reasoning about models that is compositional with respect to their structure. Our mathematical analysis of systems in terms of process, resource, location, and stochastic environment, together with a language that captures these concepts quite directly, yields an efficient and robust modelling framework within which natural mathematical reasoning about systems is captured.

Algebra and logic for access control

The access control problem in computer security is fundamentally concerned with the ability of system entities to see, make use of, or alter various system resources. We provide a mathematical framework for modelling and reasoning about (distributed) systems with access control. This is based on a calculus of resources and processes together with a Hennessy–Milner-style modal logic, based on the connectives of bunched logic, for which an appropriate correspondence theorem obtains. As a consequence we get a consistent account of both operational behaviour and logical reasoning for systems with access control features. In particular, we are able to introduce a process combinator that describes, as a form of concurrent composition, the action of one agent in the role of another, and provide a logical characterization of this operator via a modality ‘says’. We give a range of examples, including analyses of co-signing, roles, and chains of trust, which illustrates the utility of our mathematical framework.

A substructural logic for layered graphs

Complex systems, be they natural or synthetic, are ubiquitous. In particular, complex networks of devices and services underpin most of societys operations. By their very nature, such systems are difficult to conceptualize and reason about effectively. The concept of layering is widespread in complex systems, but has not been considered conceptually. Noting that graphs are a key formalism in the description of complex systems, we establish a notion of a layered graph. We provide a logical characterization of this notion of layering using a non-associative, non-commutative substructural, separating logic. We provide soundness and completeness results for a class of algebraic models that includes layered graphs, which give a mathematically substantial semantics to this very weak logic. We explain, via examples, applications in information processing and security.

Bunched polymorphism

We describe a polymorphic, typed lambda calculus with substructural features. This calculus extends the first-order substructural lambda calculus αλ associated with bunched logic. A particular novelty of our new calculus is the substructural treatment of second-order variables. This is accomplished through the use of bunches of type variables in typing contexts. Both additive and multiplicative forms of polymorphic abstraction are then supported. The calculus has sensible proof-theoretic properties and a straightforward categorical semantics using indexed categories. We produce a model for additive polymorphism with first-order bunching based on partial equivalence relations. We consider additive and multiplicative existential quantifiers separately from the universal quantifiers.

Errata for Formal Aspects of Computing (2006) 18: 495---517 and their consequences

We present a correction for an error that occurs in the following paper Formal Aspects of Computing (2006) 18:495–517. Atfirst sight, the error appears tobe simply amisplacedquantifier in thedefinitionof bisimulation.Weexplain, however, that the error and its correction reveal a subtle interaction between the substructural connectives of MBI and the resource–process calculus SCRP. We begin with a specific example which illustrates the error. We include also the known typographical errors. We include also a statement of the consequences of these errata for the paperElectronic Notes in Theoretical Computer Science 172, 545–587, 2007, which builds directly upon Formal Aspects of Computing (2006) 18:495–517 and which illustrates the significance of these errata.

Trust Domains: An Algebraic, Logical, and Utility-Theoretic Approach

Complex systems of interacting agents are ubiquitous in the highly interconnected, information-rich ecosystems upon which the world is more-or-less wholly dependent. Within these systems, it is often necessary for an agent, or a group of agents, such as a business, to establish within a given ecosystem a trusted group, or a region of trust. Building on an established mathematical systems modelling framework — based on process algebra, logic, and stochastic methods — we give a characterization of such ‘trust domains’ that employs logical assertions of the properties required for trust and utility-theoretic constraints on the cost of establishing compliance with those properties. We develop the essential meta-theory and give a range of examples.

Erratum to: Algebra and logic for access control

1. Replace the words ‘a congruence’ by ‘an equivalence’ in Proposition 4.1 and the sentence immediately preceeding it. 2. In Proposition 4.1 delete the second enumerated point and the sentence immediately following the proof. 3. Replace the proof of Proposition 4.1 by the following sentence: ‘The proofs of all parts of this follow from the definition of ≈ and by applying the standard methods for bisimulation relations.’ 4. Delete the third, fifth, sixth, seventh and eighth enumerated points from Proposition 4.2 and replace the proof of 4.2 with: ‘Again, the proofs of these points are direct uses of the definition of simulation.’ 5. The sentence immediately following the proof of Proposition 4.2 should be replaced by: ‘The above results tell us that we have a system that formally reconstructs the following natural properties of roles: any agent acting in one of its roles is less powerful (has fewer or equal capabilities) than the original agent; an agent E in the role E is as powerful as the agent E ; if E is less powerful than F then every role of E is less powerful than the corresponding role of F .’ 6. Delete the fifth points from both Proposition 5.1 and its proof. 7. In Sect. 8 (lines 9, 10) replace ≈ by ∼ in the unit property for × and the associativity property for ∝.

Economic Impacts of Rules- versus Risk-Based Cybersecurity Regulations for Critical Infrastructure Providers

Whats the optimal way to regulate cybersecurity for the critical infrastructure operators in charge of electricity transmission? Should regulation follow the US style (a mostly rules-based model), the EU approach (which is mostly risk-based), or a balance of both? The authors discuss the economic issues behind making this choice and present a cybersecurity economics model for public policy in the presence of strategic attackers. They calibrated these models in the field with the support of National Grid, which operates in the UK and on the US East Coast. The model shows that optimal choices are subject to phase transitions: depending on the combination of incentives, operators will stop investing in risk assessment and only care about compliance (and vice versa). This finding suggests that different approaches might be more appropriate in different conditions and that just pushing for more rules could have unintended consequences.