Roberto M. Amadio

An Asynchronous Model of Locality, Failurem and Process Mobility

We present a model of distributed computation which is based on a fragment of the π-calculus relying on asynchronous communication. We enrich the model with the following features: the explicit distribution of processes to locations, the failure of locations and their detection, and the mobility of processes. Our contributions are two folds. At the specification level, we give a synthetic and flexible formalization of the features mentioned above. At the verification level, we provide original methods to reason about the bisimilarity of processes in the presence of failures.

On the Reachability Problem in Cryptographic Protocols

We study the verification of secrecy and authenticity properties for cryptographic protocols which rely on symmetric shared keys. The verification can be reduced to check whether a certain parallel program which models the protocol and the specification can reach an erroneous state while interacting with an adversary. Assuming finite principals, we present a decision procedure for the reachability problem which is based on a symbolic reduction system.

On the symbolic reduction of processes with cryptographic functions

We study the reachability problem for cryptographic protocols represented as processes relying on perfect cryptographic functions. We introduce a symbolic reduction system that can handle hashing functions, symmetric keys, and public keys. Desirable properties such as secrecy or authenticity are specified by inserting logical assertions in the processes.We show that the symbolic reduction system provides a flexible decision procedure for finite processes and a reference for sound implementations. The symbolic reduction system can be regarded as a variant of syntactic unification which is compatible with certain set-membership constraints. For a significant fragment of our formalism, we argue that a dag implementation of the symbolic reduction system leads to an algorithm running in NPTIME thus matching the lower bound of the problem.In the case of iterated or finite control processes, we show that the problem is undecidable in general and in PTIME for a subclass of iterated processes that do not rely on pairing. Our technique is based on rational transductions of regular languages and it applies to a class of processes containing the ping-pong protocols presented in Dolev et al. (Inform. Comput. (55) (1982) 57).

Recursion over realizability structures

Abstract Realizability structures play a major role in the metamathematics of intuitionistic systems and they are a basic tool in the extraction of the computational content of constructive proofs. Besides their rich categorical structure and effectiveness properties provide a privileged mathematical setting for the semantics of data types of programming languages. In this paper we emphasize the modelling of recursive definitions of programs and types. A realizability model for a language including Girards system F and an operator of recursion on types is given and some of its local properties are studied.

Resource control for synchronous cooperative threads

We develop new methods to statically bound the resources needed for the execution of systems of concurrent, interactive threads. Our study is concerned with a synchronous model of interaction based on cooperative threads whose execution proceeds in synchronous rounds called instants. Our contribution is a system of compositional static analyses to guarantee that each instant terminates and to bound the size of the values computed by the system as a function of the size of its parameters at the beginning of the instant.Our method generalises an approach designed for first-order functional languages that relies on a combination of standard termination techniques for term rewriting systems and an analysis of the size of the computed values based on the notion of quasi-interpretation. We show that these two methods can be combined to obtain an explicit polynomial bound on the resources needed for the execution of the system during an instant.As a second contribution, we introduce a virtual machine and a related bytecode thus producing a precise description of the resources needed for the execution of a system. In this context, we present a suitable control flow analysis that allows to formulate the static analyses for resource control at bytecode level.

A Functional Scenario for Bytecode Verification of Resource Bounds

We consider a scenario where (functional) programs in pre-compiled form are exchanged among untrusted parties. Our contribution is a system of annotations for the code that can be verified at load time so as to ensure bounds on the time and space resources required for its execution, as well as to guarantee the usual integrity properties.

Analysis of a guard condition in type theory

We present a realizability interpretation of co-inductive types based on partial equivalence relations (pers). We extract from the pers interpretation sound rules to type recursive definitions. These recursive definitions are needed to introduce infinite and total objects of coinductive type such as an infinite stream, a digital transducer, or a nonterminating process. We show that the proposed type system subsumes those studied by Coquand and Gimenez while still enjoying the basic syntactic properties of subject reduction and strong normalization with respect to a confluent rewriting system first put forward by Gimenez.

The Game of the Name in Cryptographic Tables

We present a name-passing calculus that can be regarded as a simplified π-calculus equipped with a cryptographic table. The latter is a data structure representing the relationships among names. We illustrate how the calculus may be used for modelling cryptographic protocols relying on symmetric shared keys and verifying secrecy and authenticity properties. Following classical approaches [3], we formulate the verification task as a reachability problem and prove its decidability assuming finite principals and bounds on the sorts of the messages synthesized by the attacker.

The Receptive Distributed π-Calculus

In this paper we study an asynchronous distributed π-calculus, with constructs for localities and migration. We show that a simple static analysis ensures the receptiveness of channel names, which, together with a simple type system, guarantees that any migrating message will find an appropriate receiver at its destination locality. We argue that this receptive calculus is still expressive enough, by showing that it contains the π1-calculus, up to weak asynchronous bisimulation.In this paper we study an asynchronous distributed π-calculus, with constructs for localities and migration. We show that a simple static analysis ensures the receptiveness of channel names, which, together with a simple type system, guarantees that any migrating message will find an appropriate receiver at its destination locality. We argue that this receptive calculus is still expressive enough, by showing that it contains the π1-calculus, up to weak asynchronous bisimulation.

The receptive distributed π-calculus

We study an asynchronous distributed π-calculus, with constructs for localities and migration. We show that a static analysis ensures the receptiveness of channel names, which, together with a simple type system, guarantees the message deliverability property. This property states that any migrating message will find an appropriate receiver at its destination locality. We argue that this distributed, receptive calculus is still expressive enough while allowing for an effective type inference à la ML.