action comète concurrency, mobility, and transactions
DESCRIPTION
Action Comète Concurrency, Mobility, and Transactions. Catuscia Palamidessi INRIA-Futurs and LIX. People. Permanent members: Catuscia Palamidessi (coordinator) Fabrice Le Fessant Collaborations Frank Valencia, BRICS and Uppsala Univ. - PowerPoint PPT PresentationTRANSCRIPT
16 January 200416 January 2004 LIXLIX 11
Action ComèteAction ComèteConcurrency, Mobility, and TransactionsConcurrency, Mobility, and Transactions
Catuscia Catuscia PalamidessiPalamidessiINRIA-Futurs and LIXINRIA-Futurs and LIX
16 January 200416 January 2004 LIXLIX 22
PeoplePeople
Permanent members:Permanent members:– Catuscia Palamidessi (coordinator)Catuscia Palamidessi (coordinator)– Fabrice Le FessantFabrice Le Fessant
CollaborationsCollaborations– Frank Valencia, BRICS and Uppsala Univ. Frank Valencia, BRICS and Uppsala Univ.
-calculus Concurrent Constraint Programming, Security-calculus Concurrent Constraint Programming, Security– Vijay Saraswat, IBM Yorktown Vijay Saraswat, IBM Yorktown
-calculus, Concurrent Constraint Programming-calculus, Concurrent Constraint Programming– Diletta Cacciagrano, Univ. de L’Aquila Diletta Cacciagrano, Univ. de L’Aquila
-calculus, fairness-calculus, fairness– Yuxin Deng, Paris VII Yuxin Deng, Paris VII
Type systems for probabilistic process calculiType systems for probabilistic process calculi– Bernadette Charron Bost, STIX Bernadette Charron Bost, STIX
Safety and livenessSafety and liveness
16 January 200416 January 2004 LIXLIX 33
ProjectsProjects
ACI SecuritéACI Securité ROSSIGNOL: Verification of Cryptographic ROSSIGNOL: Verification of Cryptographic
ProtocolsProtocols– LIF responsable: D. LuigiezLIF responsable: D. Luigiez– LSV Responsable: F. JacquemardLSV Responsable: F. Jacquemard– INRIA-Futurs & LIX responsable: C. INRIA-Futurs & LIX responsable: C.
PalamidessiPalamidessi– Verimag Responsible: Y. LackhnechVerimag Responsible: Y. Lackhnech
16 January 200416 January 2004 LIXLIX 44
Main GoalsMain Goals
Foundations of Languages for Foundations of Languages for Concurrent and Distributed SystemsConcurrent and Distributed Systems
Process Calculi (Process Calculi (-calculus)-calculus) Mobility, ProbabilitiesMobility, Probabilities
– Development of a probabilistic version of Development of a probabilistic version of the asynchronous the asynchronous -calculus-calculus
– Distributed implementation of the Distributed implementation of the -calculus-calculus– A language for specification and verification A language for specification and verification
of security protocols (ProPiS)of security protocols (ProPiS)– Development of a platform for distributed Development of a platform for distributed
programmingprogramming
16 January 200416 January 2004 LIXLIX 55
Probabilistic AsynchronousProbabilistic Asynchronous papaCatuscia Palamidessi, INRIA Futurs, FranceCatuscia Palamidessi, INRIA Futurs, FranceMihaela Herescu, IBM, AustinMihaela Herescu, IBM, Austin
Aim: add the power of randomization to obtain Aim: add the power of randomization to obtain a language thata language that
is as expressive as is as expressive as (it is possible to encode (it is possible to encode into it) into it) can be implemented in a fully distributed waycan be implemented in a fully distributed way
Expressive power ofExpressive power ofpapa Solution to problems requiring distributed agreementSolution to problems requiring distributed agreement EncodingEncoding ofof into into papa completed and proved correct wrt completed and proved correct wrt
a notion of testing semanticsa notion of testing semantics
16 January 200416 January 2004 LIXLIX 66
papa: : the the ProbabilisticProbabilistic
AsynchonousAsynchonous
SyntaxSyntax
g ::= x(y) | g ::= x(y) | prefixesprefixes
P ::=P ::= ii ppii ggii . P . Pii pr. inp. guard. choicepr. inp. guard. choice ii p pii = 1 = 1
|| x^yx^y outputoutput actionaction
| | P | PP | P parallelparallel
| | (x) P(x) P newnew namename
|| recrecAA P P recursionrecursion
| | AA procedureprocedure namename
16 January 200416 January 2004 LIXLIX 77
1/2
1/21/3
1/31/3
1/32/3
1/2
1/21/3
1/31/3
1/32/3
1/2
1/21/3
1/31/3
1/32/3
The operational semantics The operational semantics ofof papa
Based on the Based on the Probabilistic AutomataProbabilistic Automata of Segala and Lynch of Segala and Lynch– Distinction betweenDistinction between
nondeterministic behavior (choice of the scheduler)nondeterministic behavior (choice of the scheduler) and and probabilistic behavior (choice of the process)probabilistic behavior (choice of the process)
Scheduling Policy:The scheduler chooses the group of transitions
Execution:The process chooses probabilistically the transition within the group
16 January 200416 January 2004 LIXLIX 88
The operational semantics ofThe operational semantics of papa
Representation of a group of transitionRepresentation of a group of transition
P { --gP { --gii->-> p pii PPi i } } ii
RulesRules
Choice Choice ii p pii g gii . P . Pi i {--g{--gii->-> p pii PPi i }}i i
PP {--g{--gii->-> p piiPPi i }}i i
ParPar ____________________ ____________________
Q | P Q | P {--g{--gii->-> p piiQ | PQ | Pi i }}i i
16 January 200416 January 2004 LIXLIX 99
The operational semantics The operational semantics ofof papa
Rules (continued)Rules (continued)
PP {--x{--xii(y(yii)->)-> p piiPPi i }}i i QQ {--x^z->{--x^z-> 1 1 Q’Q’ }}i i
ComCom ______________________________________________________________________________________
P | Q P | Q {--{--->-> p piiPPii[z/y[z/yii]] || Q’ }Q’ }xxii=x =x U { --xU { --xii(y(yii)->)-> p pi i
PPi i || Q }Q }xxii=/=x=/=x
PP {--x{--xii(y(yii)->)-> p piiPPi i }}ii
Res _____________________________ qRes _____________________________ q ii renormalized renormalized
(x) P { --x(x) P { --xii(y(yii)->)-> q qii (x) P (x) Pi i } }xxii =/= x =/= x
16 January 200416 January 2004 LIXLIX 1010
Implementation ofImplementation of papa
Compilation in Java << >> :Compilation in Java << >> : papa JavaJava
– DistributedDistributed
<<<< P | Q >> = << P >>. P | Q >> = << P >>.start();start(); << Q >> << Q >>.start();.start();
– CompositionalCompositional
<< P op Q >> = << P >> jop << Q >> << P op Q >> = << P >> jop << Q >> for all opfor all op
– Channels are one-position buffers with test-and-set Channels are one-position buffers with test-and-set (synchronized) methods for input and output(synchronized) methods for input and output
16 January 200416 January 2004 LIXLIX 1111
EncodingEncoding intointo papa
[[ ]] :[[ ]] : papa
Fully distributedFully distributed [[ P | Q ]] = [[ P ]] | [[ Q ]][[ P | Q ]] = [[ P ]] | [[ Q ]]
Preserves the communication structurePreserves the communication structure[[ P[[ P ]] = [[ P ]]]] = [[ P ]]
Correct wrt a notion of probabilistic Correct wrt a notion of probabilistic testing semanticstesting semantics
P must O iff [[ P ]] must [[ O ]] with prob 1P must O iff [[ P ]] must [[ O ]] with prob 1
16 January 200416 January 2004 LIXLIX 1212
ConclusionConclusion
We have developed a probabilistic version of We have developed a probabilistic version of the asynchronous the asynchronous -calculus, -calculus, papa
We have provided an encoding of p into We have provided an encoding of p into papa
– fully distributedfully distributed– compositionalcompositional– correct wrt a notion of testing semanticscorrect wrt a notion of testing semantics
Advantages: Advantages: – high-level solutions to distributed algorithmshigh-level solutions to distributed algorithms– Easier to prove correct (no reasoning about Easier to prove correct (no reasoning about
randomization required)randomization required)
16 January 200416 January 2004 LIXLIX 1313
Features of Features of ProPiSProPiS
ProProbabilistic babilistic PiPi for for SSecurityecurity
papa enriched with cryptographic primitives similar to enriched with cryptographic primitives similar to those of the spi-calculus [Abadi and Gordon]those of the spi-calculus [Abadi and Gordon]
– The probability features will allow to analyse security The probability features will allow to analyse security protocols at a finer level (cryptographic level), i.e. protocols at a finer level (cryptographic level), i.e. beyond the Dolew-Yao assumptions of perfect beyond the Dolew-Yao assumptions of perfect cryptography:cryptography: In our approach an attacker can try to In our approach an attacker can try to guess a key, for instance. The point is to prove that the guess a key, for instance. The point is to prove that the probability that his attack can be effective is negligible.probability that his attack can be effective is negligible.
– The probability features will also allow to express The probability features will also allow to express protocols that require randomizationprotocols that require randomization..
16 January 200416 January 2004 LIXLIX 1414
Example: The dining cryptographersExample: The dining cryptographers
Crypt(0)
Crypt(1) Crypt(2)
Master
pays0notpays0
A problem of anonymity
16 January 200416 January 2004 LIXLIX 1515
The dining cryptographersThe dining cryptographers
The Problem:The Problem:– Three cryptographers share a mealThree cryptographers share a meal– The meal is paid either by the organization (master) or The meal is paid either by the organization (master) or
by one of them. The master decides who paysby one of them. The master decides who pays– Each of the cryptographers is informed by the master Each of the cryptographers is informed by the master
whether or not he is payingwhether or not he is paying
Goal:Goal: – The cryptographers would like to know whether the meal The cryptographers would like to know whether the meal
is being paid by the master or by one of them, but is being paid by the master or by one of them, but without knowing who is paying (if it is one of them).without knowing who is paying (if it is one of them).
16 January 200416 January 2004 LIXLIX 1616
The dining cryptographers: The dining cryptographers: SolutionSolution
Solution:Solution: Each cryptographer tosses a coin (probabilistic Each cryptographer tosses a coin (probabilistic choice). Each coin is in between two cryptographers.choice). Each coin is in between two cryptographers.
The result of each coin-tossing is visible to the adjacent The result of each coin-tossing is visible to the adjacent cryptographers, and only to them.cryptographers, and only to them.
Each cryptographer examines the two adjacent coins Each cryptographer examines the two adjacent coins – If he is paying, he announces “If he is paying, he announces “agreeagree” if the results are the ” if the results are the
same, and “same, and “disagreedisagree” otherwise.” otherwise.– If he is not paying, he says the oppositeIf he is not paying, he says the opposite
Claim 1:Claim 1: if the number of “disagree” is even, then the if the number of “disagree” is even, then the master is paying. Otherwise, one of them is paying. master is paying. Otherwise, one of them is paying.
Claim 2:Claim 2: In the latter case, In the latter case, if the coin is fairif the coin is fair the non paying the non paying cryptographers will not be able to deduce whom exactly is cryptographers will not be able to deduce whom exactly is payingpaying
16 January 200416 January 2004 LIXLIX 1717
The dining cryptographers: The dining cryptographers: SolutionSolution
Crypt(0)
Crypt(1) Crypt(2)
Master
Coin(2)
Coin(1) Coin(0)
pays0notpays0
look20
out1