Pierpaolo Degano

A distributed operational semantics for CCS based on condition/event systems

SummaryA new set of inference rules for the guarded version of Milner’s Calculus of Communicating Systems is proposed. They not only describe the actions agents may perform when in a given state, but also say which parts of the agents move when the global state changes. From the transition relation a particular Petri Net, namely a Condition/Event system called ΣCCS, is immediately derived. Our construction gives a semantics which is consistent with the interleaving semantics of CCS and exhibits full parallelism. The proof consists of relating the case graph of ΣCCS with the original and with the multiset (step) transition systems of the calculus.

Static validation of security protocols

We methodically expand protocol narrations into terms of a process algebra in order to specify some of the checks that need to be made in protocol. We then apply static analysis technology to develop an automatic validation procedure for protocols. Finally, we demonstrate that these techniques suffice to identify several authentication flaws in symmetric and asymmetric key protocols such as Needham-Schroeder symmetric key, Otway-Rees, Yahalom, Andrew Secure RPC, Needham-Schroeder asymmetric key. and Beller-Chang-Yacobi MSR.

A model for distributed systems based on graph rewriting

In our model, a graph describes a net of processes communicating through ports and, at the same time, its computation history consisting of a partial ordering of events. Stand-alone evolution of processes is specified by context-free productions. From productions and a basic synchronization mechanism, a set of context-sensitive rewriting rules that models the evolution of processes connected to the same ports can be derived. A computation is a sequence of graphs obtained by successive rewritings. The result of a finite computation is its last graph, whereas the result of an infinite computation is the limit, infinite graph defined through a completion technique based on metric spaces. A result characterizes a concurrent computation, since it abstracts from any particular interleaving of concurrent events, while in the meantime providing information about termination, partial or complete deadlocks, and fairness. Not every result is acceptable, however, but only the computations that produce a result no longer rewritable are successful. Infinite successful computations are shown to coincide with weakly fair computations, and a scheduler yielding all and only such computations is defined.

Axiomatizing net computations and processes

An algebraic axiomatization is proposed, where, given a net N, a term algebra P(N) with two operations of parallel and sequential composition is defined. The congruence classes generated by a few simple axioms are proved isomorphic to a slight refinement of classical processes. Actually, P(N) is a symmetric monoidal category, parallel composition is the monoidal operation on morphisms and sequential composition is morphism composition. Besides P(N), the authors introduce a category S(N) containing the classical occurrence and step sequences. The term algebras of P(N) and S(N) are in general incomparable, and thus they introduce two more categories, K(N) and T(N), providing a most concrete and a most abstract extremum, respectively. The morphisms of T(N) are proved isomorphic to the processes recently defined in terms of the swap transformation by E. Best and R. Devillers (Theor. Comput. Sci., vol.55, pp.87-136, 1987). Thus the diamond of the four categories gives a full account in algebraic terms of the relations between interleaving and partial ordering observations of place/transition net computations.<<ETX>>

Non-interleaving semantics for mobile processes

Abstract This paper studies causality in the π-calculus. Our notion of causality combines the dependencies given by the syntactic structure of processes with those originated by passing names. Our studies show that two transitions not causally related may however occur in a fixed ordering in any computation, i.e., the π-calculus may implicitly express a precedence between actions. The same partial order of transitions is associated with all the computations that are obtained by shuffling transitions that are concurrent (i.e. related neither by causality nor by precedence). Other non-interleaving semantics are investigated and compared. The presentation takes advantage of a parametric definition of process behaviour given in SOS style that permits us to take almost for free the interleaving theory and tools. Finally, we extend our approach to higher-order π-calculus, enriched with a spawn operation.

Concurrent histories: a basis for observing distributed systems

Abstract A new notion of transition systems, called distributed transition systems , is introduced, where states are sets of processes and transitions specify which processes stay idle. A notion of observations based on partial orderings, called concurrent histories , is defined on computations. Several observational equivalences, e.g., bisimulation, are given on observations. As case studies, Petri C/E systems and P/T nets, and Milners CCS are translated to distributed transition systems.

Static Analysis for the π-Calculus with Applications to Security

Abstract Control Flow Analysis is a static technique for predicting safe and computable approximations to the set of values that the objects of a program may assume during its execution. We present an analysis for the π-calculus that shows how names will be bound to actual channels at run time. The result of our analysis establishes a super-set of the set of channels to which a given name may be bound and of the set of channels that may be sent along a given channel. Besides a set of rules that permits one to validate a given solution, we also offer a constructive procedure that builds solutions in low polynomial time. Applications of our analysis include establishing two simple security properties of processes. One example is that P has no leaks: P offers communication to the external environment through public channels only and confines its secret channels within itself. The other example is connected to the no read-up/no write-down property of Bell and LaPadula: once processes are given levels of security clearance, we check that a process at a high level never sends channels to processes at a lower level.

Control Flow Analysis for the pi-calculus

Control Flow Analysis is a static technique for predicting safe and computable approximations to the set of values that the objects of a program may assume during its execution. We present an analysis for the π-calculus that shows how names will be bound to actual channels at run time. The formulation of the analysis requires no extensions to the π-calculus, except for assigning “channels” to the occurrences of names within restrictions, and assigning “binders” to the occurrences of names within input prefixes.

A partial ordering semantics for CCS

A new operational semantics for “pure” CCS is proposed that considers the parallel operator as a first class one, and permits a description of the calculus in terms of partial orderings. The new semantics (also for unguarded agents) is given in the SOS style via the partial ordering derivation relation. CCS agents are decomposed into sets of sequential subagents. The new derivations relate sets of subagents, and describe their actions and the casual dependencies among them. The computations obtained by composing partial ordering derivations are “observed” either as interleaving or partial orderings of events. Interleavings coincide with Milners many step derivations, and “linearizations” of partial orderings are all and only interleavings. Abstract semantics are obtained by introducing two relations of observational equivalence and congruence that preserve concurrency. These relations are finer than Milners in that they distinguish interleaving of sequential nondeterministic agents from their concurrent execution.

Axiomatizing the algebra of net computations and processes

Descriptions of concurrent behaviors in terms of partial orderings (callednonsequential processes or simplyprocesses in Petri net theory) have been recognized as superior when information about distribution in space, about causal dependency or about fairness must be provided. However, at least in the general case of Place/Transition (P/T) nets, the proposed models lack a suitable, general notion ofsequential composition.In this paper, a new algebraic axiomatization is proposed, where, given a netN, a term algebraP[N] with two operations of parallel and sequential composition is defined. The congruence classes generated by a few simple axioms are proved isomorphic to a slight refinement of classical processes.Actually,P[N] is a symmetric strict monoidal category1, parallel composition is the monoidal operation on morphisms and sequential composition is morphism composition. BesidesP[N], we introduce a categorys[N] containing the classical occurrence and step sequences. The term algebras ofP[N] and ofs[N] are in general incomparable, thus we introduce two more categoriesK[N] and ℐ[N] providing an upper and a lower bound, respectively. A simple axiom expressing the functoriality of parallel composition mapsK[N] toP[N] ands[N] to ℐ[N], while commutativity of parallel composition mapsK[N] tos[N] andP[N] to ℐ[N] (see Fig. 4).Morphisms ofK[N] constitute a new notion of concrete net computation, while the strictly symmetric strict monoidal category ℐ[N] was introduced previously by two of the authors as a new algebraic foundation for P/T nets [22]. In the context of the present paper, the morphisms of ℐ[N] are proved isomorphic to the processes defined in terms of the “swap” transformation by Best and Devillers [5]. Thus the diamond of the four categories gives a full account in algebraic terms of the relations between interleaving and partial ordering observations of P/T net computations.