Uwe Nestmann

Symbolic bisimulation in the Spi calculus

The spi calculus is an executable model for the description and analysis of cryptographic protocols. Security objectives like secrecy and authenticity can be formulated as equations between spi calculus terms, where equality is interpreted as a contextual equivalence.

On Bisimulations for the Spi Calculus

The spi calculus is an extension of the pi calculus with cryptographic primitives, designed for the verification of cryptographic protocols. Due to the extension, the naive adaptation of labeled bisimulations for the pi calculus is too strong to be useful for the purpose of verification. Instead, as a viable alternative, several environment-sensitive bisimulations have been proposed. In this paper we formally study the differences between these bisimulations.

Modeling Consensus in a Process Calculus

We give a process calculus model that formalizes a well-known algorithm (introduced by Chandra and Toueg) solving consensus in the presence of a particular class of failure detectors ((diamondsuit mathcal{S})); we use our model to formally prove that the algorithm satisfies its specification.

On bisimulations for the spi calculus

The spi calculus is an extension of the pi calculus with cryptographic primitives, which was designed for the verification of cryptographic protocols. Because of this extension, the naive adaptation of labelled bisimulations from the pi calculus is too strong to be useful for the purposes of verification. Instead, as a viable alternative, several ‘environment-sensitive’ bisimulations have been proposed. In this paper, we present a formal study of the differences between these bisimulations.

Verifying a structured peer-to-peer overlay network: the static case

Structured peer-to-peer overlay networks are a class of algorithms that provide e.cient message routing for distributed applications using a sparsely connected communication network. In this paper, we formally verify a typical application running on a .xed set of nodes. This work is the foundation for studies of a more dynamic system. n nWe identify a value and expression language for a value-passing CCS that allows us to formally model a distributed hash table implemented over a static DKS overlay network. We then provide a speci.cation of the lookup operation in the same language, allowing us to formally verify the correctness of the system in terms of observational equivalence between implementation and speci.cation. For the proof, we employ an abstract notation for reachable states that allows us to work conveniently up to structural congruence, thus drastically reducing the number and shape of states to consider. The structure and techniques of the correctness proof are reusable for other overlay networks.

Unreliable Failure Detectors via Operational Semantics

The concept of unreliable failure detectors for reliable distributed systems was introduced by Chandra and Toueg as a fine-grained means to add weak forms of synchrony into asynchronous systems. Various kinds of such failure detectors have been identified as each being the weakest to solve some specific distributed programming problem. In this paper, we provide a fresh look at failure detectors from the point of view of programming languages, more precisely using the formal tool of operational semantics. Inspired by this, we propose a new failure detector model that we consider easier to understand, easier to work with and more natural. Using operational semantics, we prove formally that representations of failure detectors in the new model are equivalent to their original representations within the model used by Chandra and Toueg.

On the Expressive Power of Joint Input

Abstract The join-calculus was introduced as an ‘extended subset’ of the asynchronous π-calculus by amalgamating the three operators for input, restriction, and replication into a single operator, called definition , but with the additional capability to describe the atomic joint reception of values from two different channels. In this paper, we just extend the asynchronous π-calculus with joint input . By studying its expressive power, using slight variations of previously investigated choice encodings, we also conclude on the expressiveness of the join-calculus.

Mobile objects as mobile processes

Obliq is a lexically scoped, distributed, object-based programming language. In Obliq, the migration of an object is proposed as creating a clone of the object at the target site, whereafter the original object is turned into an alias for the clone. Obliq has only an informal semantics, so there is no proof that this style of migration is safe, i.e., transparent to object clients. In previous work, we introduced ojeblik, an abstraction of Obliq, where, by lexical scoping, sites have been abstracted away. We used ojeblik in order to exhibit how the semantics behind Obliqs implementation renders migration unsafe. We also suggested a modified semantics that we conjectured instead to be safe. In this paper, we rewrite our modified semantics of ojeblik in terms of the π-calculus, and we use it to formally prove the correctness of object surrogation, the abstraction of object migration in Ojeblik.

A formal semantics for protocol narrations

Protocol narrations are an informal means to describe, in an idealistic manner, the functioning of cryptographic protocols as a single intended sequence of cryptographic message exchanges among the protocols participants. Protocol narrations have also been informally turned into a number of formal protocol descriptions, e.g., using the spi-calculus. In this paper, we propose a direct formal operational semantics for protocol narrations that fixes a particular and, as we argue, wellmotivated interpretation on how the involved protocol participants are supposed to execute. Based on this semantics, we explain and formally justify a natural and precise translation of narrations into spi-calculus.

Advances in the design and implementation of group communication middleware

Group communication is a programming abstraction that allows a distributed group of processes to provide a reliable service in spite of the possibility of failures within the group. The goal of the project was to improve the state of the art of group communication in several directions: protocol frameworks, group communication stacks, specification, verification and robustness. The paper discusses the results obtained.