action comète concurrency, mobility, and transactions

16 January 200416 January 2004 LIXLIX 11

Action ComèteAction ComèteConcurrency, Mobility, and TransactionsConcurrency, Mobility, and Transactions

Catuscia Catuscia PalamidessiPalamidessiINRIA-Futurs and LIXINRIA-Futurs and LIX


PeoplePeople

Permanent members:Permanent members:– Catuscia Palamidessi (coordinator)Catuscia Palamidessi (coordinator)– Fabrice Le FessantFabrice Le Fessant

CollaborationsCollaborations– Frank Valencia, BRICS and Uppsala Univ. Frank Valencia, BRICS and Uppsala Univ.

-calculus Concurrent Constraint Programming, Security-calculus Concurrent Constraint Programming, Security– Vijay Saraswat, IBM Yorktown Vijay Saraswat, IBM Yorktown

-calculus, Concurrent Constraint Programming-calculus, Concurrent Constraint Programming– Diletta Cacciagrano, Univ. de L’Aquila Diletta Cacciagrano, Univ. de L’Aquila

-calculus, fairness-calculus, fairness– Yuxin Deng, Paris VII Yuxin Deng, Paris VII

Type systems for probabilistic process calculiType systems for probabilistic process calculi– Bernadette Charron Bost, STIX Bernadette Charron Bost, STIX

Safety and livenessSafety and liveness


ProjectsProjects

ACI SecuritéACI Securité ROSSIGNOL: Verification of Cryptographic ROSSIGNOL: Verification of Cryptographic

ProtocolsProtocols– LIF responsable: D. LuigiezLIF responsable: D. Luigiez– LSV Responsable: F. JacquemardLSV Responsable: F. Jacquemard– INRIA-Futurs & LIX responsable: C. INRIA-Futurs & LIX responsable: C.

PalamidessiPalamidessi– Verimag Responsible: Y. LackhnechVerimag Responsible: Y. Lackhnech


Main GoalsMain Goals

Foundations of Languages for Foundations of Languages for Concurrent and Distributed SystemsConcurrent and Distributed Systems

Process Calculi (Process Calculi (-calculus)-calculus) Mobility, ProbabilitiesMobility, Probabilities

– Development of a probabilistic version of Development of a probabilistic version of the asynchronous the asynchronous -calculus-calculus

– Distributed implementation of the Distributed implementation of the -calculus-calculus– A language for specification and verification A language for specification and verification

of security protocols (ProPiS)of security protocols (ProPiS)– Development of a platform for distributed Development of a platform for distributed

programmingprogramming


Probabilistic AsynchronousProbabilistic Asynchronous papaCatuscia Palamidessi, INRIA Futurs, FranceCatuscia Palamidessi, INRIA Futurs, FranceMihaela Herescu, IBM, AustinMihaela Herescu, IBM, Austin

Aim: add the power of randomization to obtain Aim: add the power of randomization to obtain a language thata language that

is as expressive as is as expressive as (it is possible to encode (it is possible to encode into it) into it) can be implemented in a fully distributed waycan be implemented in a fully distributed way

Expressive power ofExpressive power ofpapa Solution to problems requiring distributed agreementSolution to problems requiring distributed agreement EncodingEncoding ofof into into papa completed and proved correct wrt completed and proved correct wrt

a notion of testing semanticsa notion of testing semantics


papa: : the the ProbabilisticProbabilistic

AsynchonousAsynchonous

SyntaxSyntax

g ::= x(y) | g ::= x(y) | prefixesprefixes

P ::=P ::= ii ppii ggii . P . Pii pr. inp. guard. choicepr. inp. guard. choice ii p pii = 1 = 1

|| x^yx^y outputoutput actionaction

| | P | PP | P parallelparallel

| | (x) P(x) P newnew namename

|| recrecAA P P recursionrecursion

| | AA procedureprocedure namename


1/2

1/21/3

1/31/3

1/32/3

1/2

1/21/3

1/31/3

1/32/3

1/2

1/21/3

1/31/3

1/32/3

The operational semantics The operational semantics ofof papa

Based on the Based on the Probabilistic AutomataProbabilistic Automata of Segala and Lynch of Segala and Lynch– Distinction betweenDistinction between

nondeterministic behavior (choice of the scheduler)nondeterministic behavior (choice of the scheduler) and and probabilistic behavior (choice of the process)probabilistic behavior (choice of the process)

Scheduling Policy:The scheduler chooses the group of transitions

Execution:The process chooses probabilistically the transition within the group


The operational semantics ofThe operational semantics of papa

Representation of a group of transitionRepresentation of a group of transition

P { --gP { --gii->-> p pii PPi i } } ii

RulesRules

Choice Choice ii p pii g gii . P . Pi i {--g{--gii->-> p pii PPi i }}i i

PP {--g{--gii->-> p piiPPi i }}i i

ParPar ____________________ ____________________

Q | P Q | P {--g{--gii->-> p piiQ | PQ | Pi i }}i i


The operational semantics The operational semantics ofof papa

Rules (continued)Rules (continued)

PP {--x{--xii(y(yii)->)-> p piiPPi i }}i i QQ {--x^z->{--x^z-> 1 1 Q’Q’ }}i i

ComCom ______________________________________________________________________________________

P | Q P | Q {--{--->-> p piiPPii[z/y[z/yii]] || Q’ }Q’ }xxii=x =x U { --xU { --xii(y(yii)->)-> p pi i

PPi i || Q }Q }xxii=/=x=/=x

PP {--x{--xii(y(yii)->)-> p piiPPi i }}ii

Res _____________________________ qRes _____________________________ q ii renormalized renormalized

(x) P { --x(x) P { --xii(y(yii)->)-> q qii (x) P (x) Pi i } }xxii =/= x =/= x

Implementation ofImplementation of papa

Compilation in Java << >> :Compilation in Java << >> : papa JavaJava

– DistributedDistributed

<<<> = <>. P | Q >> = <>.start();start(); << Q >> << Q >>.start();.start();

– CompositionalCompositional

<> = <> jop << Q >> <> = <> jop << Q >> for all opfor all op

– Channels are one-position buffers with test-and-set Channels are one-position buffers with test-and-set (synchronized) methods for input and output(synchronized) methods for input and output


EncodingEncoding intointo papa

[[ ]] :[[ ]] : papa

Fully distributedFully distributed [[ P | Q ]] = [[ P ]] | [[ Q ]][[ P | Q ]] = [[ P ]] | [[ Q ]]

Preserves the communication structurePreserves the communication structure[[ P[[ P ]] = [[ P ]]]] = [[ P ]]

Correct wrt a notion of probabilistic Correct wrt a notion of probabilistic testing semanticstesting semantics

P must O iff [[ P ]] must [[ O ]] with prob 1P must O iff [[ P ]] must [[ O ]] with prob 1


ConclusionConclusion

We have developed a probabilistic version of We have developed a probabilistic version of the asynchronous the asynchronous -calculus, -calculus, papa

We have provided an encoding of p into We have provided an encoding of p into papa

– fully distributedfully distributed– compositionalcompositional– correct wrt a notion of testing semanticscorrect wrt a notion of testing semantics

Advantages: Advantages: – high-level solutions to distributed algorithmshigh-level solutions to distributed algorithms– Easier to prove correct (no reasoning about Easier to prove correct (no reasoning about

randomization required)randomization required)


Features of Features of ProPiSProPiS

ProProbabilistic babilistic PiPi for for SSecurityecurity

papa enriched with cryptographic primitives similar to enriched with cryptographic primitives similar to those of the spi-calculus [Abadi and Gordon]those of the spi-calculus [Abadi and Gordon]

– The probability features will allow to analyse security The probability features will allow to analyse security protocols at a finer level (cryptographic level), i.e. protocols at a finer level (cryptographic level), i.e. beyond the Dolew-Yao assumptions of perfect beyond the Dolew-Yao assumptions of perfect cryptography:cryptography: In our approach an attacker can try to In our approach an attacker can try to guess a key, for instance. The point is to prove that the guess a key, for instance. The point is to prove that the probability that his attack can be effective is negligible.probability that his attack can be effective is negligible.

– The probability features will also allow to express The probability features will also allow to express protocols that require randomizationprotocols that require randomization..


Example: The dining cryptographersExample: The dining cryptographers

Crypt(0)

Crypt(1) Crypt(2)

Master

pays0notpays0

A problem of anonymity


The dining cryptographersThe dining cryptographers

The Problem:The Problem:– Three cryptographers share a mealThree cryptographers share a meal– The meal is paid either by the organization (master) or The meal is paid either by the organization (master) or

by one of them. The master decides who paysby one of them. The master decides who pays– Each of the cryptographers is informed by the master Each of the cryptographers is informed by the master

whether or not he is payingwhether or not he is paying

Goal:Goal: – The cryptographers would like to know whether the meal The cryptographers would like to know whether the meal

is being paid by the master or by one of them, but is being paid by the master or by one of them, but without knowing who is paying (if it is one of them).without knowing who is paying (if it is one of them).


The dining cryptographers: The dining cryptographers: SolutionSolution

Solution:Solution: Each cryptographer tosses a coin (probabilistic Each cryptographer tosses a coin (probabilistic choice). Each coin is in between two cryptographers.choice). Each coin is in between two cryptographers.

The result of each coin-tossing is visible to the adjacent The result of each coin-tossing is visible to the adjacent cryptographers, and only to them.cryptographers, and only to them.

Each cryptographer examines the two adjacent coins Each cryptographer examines the two adjacent coins – If he is paying, he announces “If he is paying, he announces “agreeagree” if the results are the ” if the results are the

same, and “same, and “disagreedisagree” otherwise.” otherwise.– If he is not paying, he says the oppositeIf he is not paying, he says the opposite

Claim 1:Claim 1: if the number of “disagree” is even, then the if the number of “disagree” is even, then the master is paying. Otherwise, one of them is paying. master is paying. Otherwise, one of them is paying.

Claim 2:Claim 2: In the latter case, In the latter case, if the coin is fairif the coin is fair the non paying the non paying cryptographers will not be able to deduce whom exactly is cryptographers will not be able to deduce whom exactly is payingpaying


The dining cryptographers: The dining cryptographers: SolutionSolution

Crypt(0)

Crypt(1) Crypt(2)

Master

Coin(2)

Coin(1) Coin(0)

pays0notpays0

look20

out1

action comète concurrency, mobility, and transactions

Documents