Psi-calculi Workbench
|
|
- Dorothy Gibbs
- 5 years ago
- Views:
Transcription
1 Andrius Paulavičius SWEDEN Psi-calculi Workbench Ramūnas Gutkovas YR-CONCUR `12, Newcastle,
2 Application areas applied pi calculus Authentication protocols multicore programming spi-calculus wireless sensor networks concurrent constraint pi others... GAP Fundamental models of computation Turing machines pi-calculus lambda-calculus pi-calculus modal logics
3 Application areas Authentication protocols multicore programming applied pi calculus wireless sensor networks spi-calculus concurrent constraint pi others... GAP Fundamental models of computation pi-calculus Turing machines lambda-calculus pi-calculus modal logics
4 The Solution: Psi-calculi! Applications + Cryptography + Eq Logics + Data structures + many other exts... Reusable Ψ Nominal Correct framework for mobile process calculi
5 Part 1 Psi-Calculi Logical Methods in Computer Science Vol. 7 (1:11) 2011, pp Introduction PSI-CALCULI: A FRAMEWORK FOR MOBILE PROCESSES WITH NOMINAL DATA AND LOGIC Submitted Dec. 30, 2009 Published Mar. 29, 2011 JESPER BENGTSON, MAGNUS JOHANSSON, JOACHIM PARROW, AND BJÖRN VICTOR Department of Information Technology, Uppsala University, Sweden address: {jesper.bengtson,magnus.johansson,joachim.parrow,bjorn.victor}@it.uu.se Publications: Abstract. The framework of psi-calculi extends the pi-calculus with nominal datatypes for data structures and for logical assertions and conditions. These can be transmitted between processes and their names can be statically scoped as inthestandardpi-calculus. Psi-calculi can capture the same phenomena as other proposed extensionsofthepi-calculus such as the applied pi-calculus, the spi-calculus, the fusion calculus, the concurrent constraint pi-calculus, and calculi with polyadic communication channels or pattern matching. Psi-calculi can be even more general, for example by allowing structuredchannels, higherorder formalisms such as the lambda calculus for data structures, and predicate logic for assertions. We provide ample comparisons to related calculi and discuss afewsignificant applications. Our labelled operational semantics and definition of bisimulation is straightforward, without a structural congruence. We establish minimal requirements on the nominal data and logic in order to prove general algebraic properties of psi-calculi, all of which have been checked in the interactive theorem prover Isabelle. Expressiveness of psi-calculi significantly exceeds that of other formalisms, while the purity ofthesemanticsisonpar with the original pi-calculus. LICS 09, TPHOLs 09, LMCS 11, SOS 09, LICS 10, SEFM 11, JLAP 12, two PhD theses 1. Introduction Authors: The pi-calculus [MPW92] has a multitude of extensions where higher-level data structures and operations on them are given as primitive. To mention only two there are the spi-calculus by Abadi and Gordon [AG99] focusing on cryptographic primitives, and the applied pi-calculus of Abadi and Fournet [AF01] where agents can introduce statically scoped aliases of names for data, used e.g. to express how knowledge of an encryption is restricted. It is also parametrised by an arbitrary signature for expressing data and an equation system for expressing data equalities. The impact of these enriched calculi is considerable with hundreds of papers applying or developing the formalisms. As Abadi and Fournet rightly observe there is a trade-off between purity, meaning the simplicity and elegance Jesper Bengtson, Johannes Borgström, Shuqin Huang, Magnus Johansson, Joachim Received by the editors April 1, ACM Subject Classification: F.1.2, F.3.1, F.3.2. Key words and phrases: pi-calculus, nominal sets, bisimulation, operational semantics, theorem prover. c J. Bengtson, M. Johansson, J. Parrow, and B. Victor CC Creative Commons Parrow, Palle Raabjerg, LOGICAL METHODS IN COMPUTER SCIENCE DOI: /LMCS-7 (1:11) 2011 Björn Victor, Johannes Åman Pohjola,...
6 Part 1 Part 2 Psi-Calculi Logical Methods in Computer Science Vol. 7 (1:11) 2011, pp Introduction PSI-CALCULI: A FRAMEWORK FOR MOBILE PROCESSES WITH NOMINAL DATA AND LOGIC Submitted Dec. 30, 2009 Published Mar. 29, 2011 JESPER BENGTSON, MAGNUS JOHANSSON, JOACHIM PARROW, AND BJÖRN VICTOR Department of Information Technology, Uppsala University, Sweden address: {jesper.bengtson,magnus.johansson,joachim.parrow,bjorn.victor}@it.uu.se Publications: Abstract. The framework of psi-calculi extends the pi-calculus with nominal datatypes for data structures and for logical assertions and conditions. These can be transmitted between processes and their names can be statically scoped as inthestandardpi-calculus. Psi-calculi can capture the same phenomena as other proposed extensionsofthepi-calculus such as the applied pi-calculus, the spi-calculus, the fusion calculus, the concurrent constraint pi-calculus, and calculi with polyadic communication channels or pattern matching. Psi-calculi can be even more general, for example by allowing structuredchannels, higherorder formalisms such as the lambda calculus for data structures, and predicate logic for assertions. We provide ample comparisons to related calculi and discuss afewsignificant applications. Our labelled operational semantics and definition of bisimulation is straightforward, without a structural congruence. We establish minimal requirements on the nominal data and logic in order to prove general algebraic properties of psi-calculi, all of which have been checked in the interactive theorem prover Isabelle. Expressiveness of psi-calculi significantly exceeds that of other formalisms, while the purity ofthesemanticsisonpar with the original pi-calculus. LICS 09, TPHOLs 09, LMCS 11, SOS 09, LICS 10, SEFM 11, JLAP 12, two PhD theses 1. Introduction Authors: The pi-calculus [MPW92] has a multitude of extensions where higher-level data structures and operations on them are given as primitive. To mention only two there are the spi-calculus by Abadi and Gordon [AG99] focusing on cryptographic primitives, and the applied pi-calculus of Abadi and Fournet [AF01] where agents can introduce statically scoped aliases of names for data, used e.g. to express how knowledge of an encryption is restricted. It is also parametrised by an arbitrary signature for expressing data and an equation system for expressing data equalities. The impact of these enriched calculi is considerable with hundreds of papers applying or developing the formalisms. As Abadi and Fournet rightly observe there is a trade-off between purity, meaning the simplicity and elegance Jesper Bengtson, Johannes Borgström, Shuqin Huang, Magnus Johansson, Joachim Received by the editors April 1, ACM Subject Classification: F.1.2, F.3.1, F.3.2. Key words and phrases: pi-calculus, nominal sets, bisimulation, operational semantics, theorem prover. c J. Bengtson, M. Johansson, J. Parrow, and B. Victor CC Creative Commons Parrow, Palle Raabjerg, LOGICAL METHODS IN COMPUTER SCIENCE DOI: /LMCS-7 (1:11) 2011 Björn Victor, Johannes Åman Pohjola,... Psi-Calculi Workbench Pwb Tool for Psi
7 Part 1 Psi-Calculi Introduction
8 Psi by Example pi-calculus (Informal) nil output input parallel replication restriction match summation 0 a<b>.p a(x).p P Q!P (new a)p [a = b]p P + Q
9 Psi by Example pi-calculus (Informal) nil output input parallel replication restriction match summation 0 a<b>.p a(x).p P Q!P (new a)p case [a a = = b]p b : P case P true + Q : P [] true : Q
10 Psi by Example Explicit Fusion (Informal) Input prefix not binding a b. P a<c>.q τ b=c P Q Wischik & Gardner Equators in Psi (a la Merro): a(e).(( b=e ) P) a<c>.q ( b=c ) P Q 1-1 transition correspondence τ communication yields explicit fusion
11 Psi by Example Crypto (A Closer Look) Structured data: tuples with projection equations fst(t(x,y)) = x snd(t(x,y)) = y a<t(m,x)> (new s) Facts about data: the secret s and message M hashes to x ( ) ( hash(t(s,m)) = x ) a(y).if hash(t(s,fst(y))) = snd(y) then Ch(b)<fst(y)> Structured channels Equation as condition: checks if message and hash received via a is hashed with s
12 Psi-calculi Parameterized Calculi P, Q ::= T terms (processes in ASCII notation) Output: M<N>.P C conditions Input: M(x).P Case: case cnd 1 :P 1 []... [] cnd n :P n Assertion: ( Psi ) A assertions
13 Psi-calculi Parameterized Calculi P, Q ::= (processes in ASCII notation) Output: M<N>.P Input: M(x).P Case: case cnd 1 :P 1 []... [] cnd n :P n Assertion: ( Psi ) Nil: Parallel: Replication: Restriction: 0 P Q!P (new a)p
14 Psi-calculi Defining a calculus T subst : C List(name T) A chaneq : T T C Satisfy simple axioms, practically anything entails : A C bool Provide: T C A terms are not necesseraly defined by a signature compose : A A A unit : A T terms C conditions A assertions
15 Example Psi-calculus the pi-calculus (1) T = names terms are just names C = {a == b : a, b in names} conditions are equalities between names A = {unit} = {1} no facts in the environment
16 Example Psi-calculus the pi-calculus (2) T A C chaneq = λ(a,b).a == b channel equivalence is formation of equality conditions entails = λ(ѱ,a == b).a = b name equality is entailed whenever the names are the same
17 Example Psi-calculus the pi-calculus (2) T chaneq = names = λ(a,b).a == A = b {unit} = {1} channel equivalence is formation of C = {a == b : a, b in names} equality conditions entails = λ(ѱ,a == b).a = b name equality is entailed whenever the names are the same unit = 1 compose = λ(ѱ 1,ѱ 2 ).1 assertions are trivial
18 Example Psi-calculus the pi-calculus ~ coincides 1-1 correspondnce of A = {unit} = {1} T = names C = {a == b : a, b in names} chaneq = λ(a,b).a == b entails = λ(ѱ,a == b).a = b compose = λ(ѱ 1,ѱ 2 ).1 unit = 1 machine-checked proofs That s it! Psi instance defined
19 Example Psi-calculus Fusion Calculus T = names C = {a = b : a,b names} A = pow fin ({a = b : a,b names}) Done! chaneq = λ(a,b).a = b entails = λ(ѱ,a=b). (a,b) EQ(ѱ) compose = λ(ѱ 1,ѱ 2 ). ѱ 1 ѱ 2 unit = equivalence closure
20 Example Psi-calculus crypto Σ = {hash( ), enc(, ), dec(, ), pk( ), sk( ), } E = {dec(enc(x,y),y) = x, } T = {f(m 1,,M n ): M i T & f Σ} names C = {M=N : M,N T} Done! A = pow({m=n : M,N T}) chaneq = λ(m,n). M=N entails = λ(ѱ,m=n). E ѱ eq M=N compose = λ(ѱ 1,ѱ 2 ). ѱ 1 ѱ 2 unit =
21 Psi-Calculi Expressiveness Psi-calculi can capture + Higher Order Cryptography, like applied pi-calculus (Abadi, Fournet 2001) Fusion, like the explicit fusion calculus (Wischik, Gardner 2005) Concurrent constraints, like Concurrent constraint pi (Buscemi, Montanari 2007) Polyadic synchronisation (Carbone, Maffeis 2003) pattern matching, higher-order values (various) Extensions + Broadcast + Sorts, match + Types (Hüttel, CONCUR 11)
22 Part 1 Part 2 Psi-Calculi Logical Methods in Computer Science Vol. 7 (1:11) 2011, pp Introduction PSI-CALCULI: A FRAMEWORK FOR MOBILE PROCESSES WITH NOMINAL DATA AND LOGIC Submitted Dec. 30, 2009 Published Mar. 29, 2011 JESPER BENGTSON, MAGNUS JOHANSSON, JOACHIM PARROW, AND BJÖRN VICTOR Department of Information Technology, Uppsala University, Sweden address: {jesper.bengtson,magnus.johansson,joachim.parrow,bjorn.victor}@it.uu.se Publications: Abstract. The framework of psi-calculi extends the pi-calculus with nominal datatypes for data structures and for logical assertions and conditions. These can be transmitted between processes and their names can be statically scoped as inthestandardpi-calculus. Psi-calculi can capture the same phenomena as other proposed extensionsofthepi-calculus such as the applied pi-calculus, the spi-calculus, the fusion calculus, the concurrent constraint pi-calculus, and calculi with polyadic communication channels or pattern matching. Psi-calculi can be even more general, for example by allowing structuredchannels, higherorder formalisms such as the lambda calculus for data structures, and predicate logic for assertions. We provide ample comparisons to related calculi and discuss afewsignificant applications. Our labelled operational semantics and definition of bisimulation is straightforward, without a structural congruence. We establish minimal requirements on the nominal data and logic in order to prove general algebraic properties of psi-calculi, all of which have been checked in the interactive theorem prover Isabelle. Expressiveness of psi-calculi significantly exceeds that of other formalisms, while the purity ofthesemanticsisonpar with the original pi-calculus. LICS 09, TPHOLs 09, LMCS 11, SOS 09, LICS 10, SEFM 11, JLAP 12, two PhD theses 1. Introduction Authors: The pi-calculus [MPW92] has a multitude of extensions where higher-level data structures and operations on them are given as primitive. To mention only two there are the spi-calculus by Abadi and Gordon [AG99] focusing on cryptographic primitives, and the applied pi-calculus of Abadi and Fournet [AF01] where agents can introduce statically scoped aliases of names for data, used e.g. to express how knowledge of an encryption is restricted. It is also parametrised by an arbitrary signature for expressing data and an equation system for expressing data equalities. The impact of these enriched calculi is considerable with hundreds of papers applying or developing the formalisms. As Abadi and Fournet rightly observe there is a trade-off between purity, meaning the simplicity and elegance Jesper Bengtson, Johannes Borgström, Shuqin Huang, Magnus Johansson, Joachim Received by the editors April 1, ACM Subject Classification: F.1.2, F.3.1, F.3.2. Key words and phrases: pi-calculus, nominal sets, bisimulation, operational semantics, theorem prover. c J. Bengtson, M. Johansson, J. Parrow, and B. Victor CC Creative Commons Parrow, Palle Raabjerg, LOGICAL METHODS IN COMPUTER SCIENCE DOI: /LMCS-7 (1:11) 2011 Björn Victor, Johannes Åman Pohjola,... Psi-Calculi Workbench Pwb Tool for Psi
23 Part 2 Psi-Calculi Workbench Tool for Psi
24 Psi-Calculi Workbench Framework for implementing Psi-Calculi instances Experimental Platform for experimentation with semantics and Free pi-calculus extensions Implemented in SML (PolyML) For every psi implementation includes Transition simulator Weak bisim generator
25 Psi-Calculi Workbench Pwb Implementer Architecture Modular Pluggable Supp Lib Nominal PP Parser Comb... T C A chaneq entails compose unit subst Psi Core Transition Constraint Solver Symbolic Evaluator
26 Psi-Calculi Workbench Constraint Solver Pwb Implementer Process Transition Derivative Constraint Transition Derivative Constraint Solution P Symbolic Evaluator Transition Constraint Solver
27 Psi-Calculi Workbench Pwb Architecture Modular Pluggable Implementer Parser Supp Lib Nominal PP Parser Comb... T C A chaneq entails compose unit subst Psi Core Transition Constraint Solver Symbolic Evaluator Pretty Printer Bisimulation Constraint Solver Bisim Cnstr Generator Command Interp
28 Demo
29 Psi-Calculi Extensions (in progress) + Nominal Free Algebras + Broadcast communication Johannes Borgström + Hüttel s Types Amin Khorsandi, MSc Thesis
30 References Get Pwb at $ wget mobility/applied/psiworkbench Take a look $ wget Read LICS 09, TPHOLs 09, LMCS 11, SOS 09, LICS 10, SEFM 11, JLAP 12 Exercising Psi-calculi: A Psi-calculi workbench (my MSc Thesis)
The Psi-Calculi Workbench: a Generic Tool for Applied Process Calculi
The Psi-Calculi Workbench: a Generic Tool for Applied Process Calculi Johannes Borgström Ramūnas Gutkovas Iona Rodhe Björn Victor Uppsala University ProFuN meeting, Dec 18, 2013 Presented at ACSD 13 Barcelona,
More informationLANGUAGES, LOGICS, TYPES AND TOOLS FOR CONCURRENT SYSTEM MODELLING
LANGUAGES, LOGICS, TYPES AND TOOLS FOR CONCURRENT SYSTEM MODELLING Ramūnas Gutkovas ramunas@fct.unl.pt 2016-12-14 NOVA LINCS A LITTLE ABOUT MYSELF 2011 MSc 2016 PhD Uppsala, Sweden 2007 BSc Startup 2007-2009
More informationRule Formats for Nominal Modal Transition Systems
Rule Formats for Nominal Modal Transition Systems Anke Stüber Universitet Uppsala, Uppsala, Sweden anke.stuber@it.uu.se Abstract. Modal transition systems are specification languages that allow the expression
More informationSubstitution in Structural Operational Semantics and value-passing process calculi
Substitution in Structural Operational Semantics and value-passing process calculi Sam Staton Computer Laboratory University of Cambridge Abstract Consider a process calculus that allows agents to communicate
More informationPsi-calculi in Isabelle
Psi-calculi in Isabelle Jesper Bengtson and Joachim Parrow Dept. of Information Technology, Uppsala University, Sweden Abstract. Psi-calculi are extensions of the pi-calculus, accommodating arbitrary nominal
More informationVerifying Concurrent ML programs
Verifying Concurrent ML programs a research proposal Gergely Buday Eszterházy Károly University Gyöngyös, Hungary Synchron 2016 Bamberg December 2016 Concurrent ML is a synchronous language a CML program
More informationFunctional Programming with Isabelle/HOL
Functional Programming with Isabelle/HOL = Isabelle λ β HOL α Florian Haftmann Technische Universität München January 2009 Overview Viewing Isabelle/HOL as a functional programming language: 1. Isabelle/HOL
More informationExtensions of BAN. Overview. BAN Logic by Heather Goldsby Michelle Pirtle
Extensions of BAN by Heather Goldsby Michelle Pirtle Overview BAN Logic Burrows, Abadi, and Needham GNY Gong, Needham, Yahalom RV AT Abadi and Tuttle VO van Oorschot SVO Syverson and van Oorschot Wenbo
More informationCourse on Probabilistic Methods in Concurrency. (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1
Course on Probabilistic Methods in Concurrency (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1 The pi-calculus and the asynchronous pi-calculus. Catuscia Palamidessi INRIA
More informationThe Mobility Workbench User's Guide. Polyadic version Bjorn Victor. October 9, Introduction 2. 2 Input syntax 2
The Mobility Workbench User's Guide Polyadic version 3.122 Bjorn Victor October 9, 1995 Contents 1 Introduction 2 2 Input syntax 2 2.1 Model checking : : : : : : : : : : : : : : : : : : : : : : : : : :
More informationA well-behaved LTS for the Pi-calculus (Abstract)
SOS 2007 A well-behaved LTS for the Pi-calculus (Abstract) Pawe l Sobociński 1 ecs, University of Southampton, UK Abstract The pi-calculus and its many variations have received much attention in the literature.
More informationNew directions in implementing the pi calculus
In Cabernet Radicals Workshop, October 2002 http://www.wischik.com/lu/research/ New directions in implementing the pi calculus Lucian Wischik, University of Bologna 30th August 2002 Do you know what the
More informationFoundational Aspects of Syntax 1
Foundational Aspects of Syntax 1 Introduction Dale Miller and Catuscia Palamidessi Department of Computer Science and Engineering The Pennsylvania State University 220 Pond Laboratory University Park,
More informationVerification of Security Protocols
Verification of Security Protocols Chapter 12: The JFK Protocol and an Analysis in Applied Pi Christian Haack June 16, 2008 Exam When? Monday, 30/06, 14:00. Where? TUE, Matrix 1.44. Scheduled for 3 hours,
More informationA Remote Biometric Authentication Protocol for Online Banking
International Journal of Electrical Energy, Vol. 1, No. 4, December 2013 A Remote Biometric Authentication Protocol for Online Banking Anongporn Salaiwarakul Department of Computer Science and Information
More informationIntegration of SMT Solvers with ITPs There and Back Again
Integration of SMT Solvers with ITPs There and Back Again Sascha Böhme and University of Sheffield 7 May 2010 1 2 Features: SMT-LIB vs. Yices Translation Techniques Caveats 3 4 Motivation Motivation System
More information3.4 Deduction and Evaluation: Tools Conditional-Equational Logic
3.4 Deduction and Evaluation: Tools 3.4.1 Conditional-Equational Logic The general definition of a formal specification from above was based on the existence of a precisely defined semantics for the syntax
More informationCS 395T. JFK Protocol in Applied Pi Calculus
CS 395T JFK Protocol in Applied Pi Calculus Proving Security Real protocol Process-calculus specification of the actual protocol Ideal protocol Achieves the same goal as the real protocol, but is secure
More informationHOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1
LAST TIME ON HOL Proof rules for propositional and predicate logic Safe and unsafe rules NICTA Advanced Course Forward Proof Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 The Epsilon
More informationMoscova 07. Jean-Jacques Lévy. April 24, INRIA Rocquencourt
Moscova 07 Jean-Jacques Lévy INRIA Rocquencourt April 24, 2007 Research Part 1 Type-safe communication Acute communicating values of abstract data types and preserving abstraction between 2 distinct run-times;
More informationLecture 5: The Halting Problem. Michael Beeson
Lecture 5: The Halting Problem Michael Beeson Historical situation in 1930 The diagonal method appears to offer a way to extend just about any definition of computable. It appeared in the 1920s that it
More informationFrom Types to Sets in Isabelle/HOL
From Types to Sets in Isabelle/HOL Extented Abstract Ondřej Kunčar 1 and Andrei Popescu 1,2 1 Fakultät für Informatik, Technische Universität München, Germany 2 Institute of Mathematics Simion Stoilow
More informationTypes for Security Protocols 1
Types for Security Protocols 1 Riccardo FOCARDI a and Matteo MAFFEI b a University of Venice, Italy b Saarland University, Germany Abstract. We revise existing type-based analyses of security protocols
More informationWeb Services Choreography and Process Algebra
Web Services Choreography and Process Algebra 29th April 2004 Steve Ross-Talbot Chief Scientist, Enigmatec Corporation Ltd Chair W3C Web Services Activity Co-chair W3C Web Services Choreography Agenda
More informationContents. Chapter 1 SPECIFYING SYNTAX 1
Contents Chapter 1 SPECIFYING SYNTAX 1 1.1 GRAMMARS AND BNF 2 Context-Free Grammars 4 Context-Sensitive Grammars 8 Exercises 8 1.2 THE PROGRAMMING LANGUAGE WREN 10 Ambiguity 12 Context Constraints in Wren
More informationFrom natural numbers to the lambda calculus
From natural numbers to the lambda calculus Benedikt Ahrens joint work with Ralph Matthes and Anders Mörtberg Outline 1 About UniMath 2 Signatures and associated syntax Outline 1 About UniMath 2 Signatures
More information2 after reception of a message from the sender, do one of two things: either the message is delivered to the receiver, or it is lost. The loss of a me
Protocol Verification using UPPAAL: Exercises? Lab assistant: Alexandre David Department of Computer Systems (room 1237, mailbox 26), Uppsala University, Box 325, S751 05, Uppsala. Phone: 018-18 73 41.
More informationLess naive type theory
Institute of Informatics Warsaw University 26 May 2007 Plan 1 Syntax of lambda calculus Why typed lambda calculi? 2 3 Syntax of lambda calculus Why typed lambda calculi? origins in 1930s (Church, Curry)
More informationComputing Fundamentals 2 Introduction to CafeOBJ
Computing Fundamentals 2 Introduction to CafeOBJ Lecturer: Patrick Browne Lecture Room: K408 Lab Room: A308 Based on work by: Nakamura Masaki, João Pascoal Faria, Prof. Heinrich Hußmann. See notes on slides
More informationFunctional Languages. Hwansoo Han
Functional Languages Hwansoo Han Historical Origins Imperative and functional models Alan Turing, Alonzo Church, Stephen Kleene, Emil Post, etc. ~1930s Different formalizations of the notion of an algorithm
More informationDining Philosophers with π-calculus
Dining Philosophers with π-calculus Matthew Johnson January 28, 2015 Overview The primary goal of this project was to explore the π-calculus by implementing a deadlockfree solution to the dining philosophers
More informationEmbedding Cryptol in Higher Order Logic
Embedding Cryptol in Higher Order Logic Joe Hurd Computer Laboratory Cambridge University joe.hurd@cl.cam.ac.uk 10 March 2007 Abstract This report surveys existing approaches to embedding Cryptol programs
More informationEXTENSIONS OF FIRST ORDER LOGIC
EXTENSIONS OF FIRST ORDER LOGIC Maria Manzano University of Barcelona CAMBRIDGE UNIVERSITY PRESS Table of contents PREFACE xv CHAPTER I: STANDARD SECOND ORDER LOGIC. 1 1.- Introduction. 1 1.1. General
More informationFormally Linking Security Protocol Models and Implementations
Formally Linking Security Protocol Models and Implementations Alfredo Pironti Microsoft Research INRIA http://alfredo.pironti.eu/research/ Politecnico di Torino Formal Methods for Security Protocol Engineering
More informationCryptographic Primitives and Protocols for MANETs. Jonathan Katz University of Maryland
Cryptographic Primitives and Protocols for MANETs Jonathan Katz University of Maryland Fundamental problem(s) How to achieve secure message authentication / transmission in MANETs, when: Severe resource
More informationOn the Expressiveness of Polyadicity in Higher-Order Process Calculi
On the Expressiveness of Polyadicity in Higher-Order Process Calculi Ivan Lanese, Jorge A. Pérez, Davide Sangiorgi (Univ. di Bologna) Alan Schmitt (INRIA Grenoble - Rhône Alpes) ICTCS 09 Cremona, September
More informationCom S 541. Programming Languages I
Programming Languages I Lecturer: TA: Markus Lumpe Department of Computer Science 113 Atanasoff Hall http://www.cs.iastate.edu/~lumpe/coms541.html TR 12:40-2, W 5 Pramod Bhanu Rama Rao Office hours: TR
More informationRefinements to techniques for verifying shape analysis invariants in Coq
Refinements to techniques for verifying shape analysis invariants in Coq Kenneth Roe and Scott Smith The Johns Hopkins University Abstract. We describe the PEDANTIC framework for verifying the correctness
More informationOO-Motivated Process Algebra: A Calculus for CORBA-like Systems
OO-Motivated Process Algebra: A Calculus for CORBA-like Systems Malcolm Tyrrell Computer Science, Trinity College, Dublin University Dublin 2, Ireland Alexis Donnelly Computer Science, Trinity College,
More informationLecture 14 Alvaro A. Cardenas Kavitha Swaminatha Nicholas Sze. 1 A Note on Adaptively-Secure NIZK. 2 The Random Oracle Model
CMSC 858K Advanced Topics in Cryptography March 11, 2004 Lecturer: Jonathan Katz Lecture 14 Scribe(s): Alvaro A. Cardenas Kavitha Swaminatha Nicholas Sze 1 A Note on Adaptively-Secure NIZK A close look
More informationKey Escrow free Identity-based Cryptosystem
Key Escrow free Manik Lal Das DA-IICT, Gandhinagar, India About DA-IICT and Our Group DA-IICT is a private university, located in capital of Gujarat state in India. DA-IICT offers undergraduate and postgraduate
More informationResource-bound process algebras for Schedulability and Performance Analysis of Real-Time and Embedded Systems
Resource-bound process algebras for Schedulability and Performance Analysis of Real-Time and Embedded Systems Insup Lee 1, Oleg Sokolsky 1, Anna Philippou 2 1 RTG (Real-Time Systems Group) Department of
More information1. M,M sequential composition: try tactic M; if it succeeds try tactic M. sequential composition (, )
Dipl.-Inf. Achim D. Brucker Dr. Burkhart Wolff Computer-supported Modeling and Reasoning http://www.infsec.ethz.ch/ education/permanent/csmr/ (rev. 16802) Submission date: FOL with Equality: Equational
More informationThe Formal Semantics of Programming Languages An Introduction. Glynn Winskel. The MIT Press Cambridge, Massachusetts London, England
The Formal Semantics of Programming Languages An Introduction Glynn Winskel The MIT Press Cambridge, Massachusetts London, England Series foreword Preface xiii xv 1 Basic set theory 1 1.1 Logical notation
More information( It will be applied from Fall)
İZMİR INSTITUTE OF TECHNOLOGY GRADUATE SCHOOL OF ENGINEERING AND SCIENCES DEPARTMENT OF COMPUTER ENGINEERING MASTER OF SCIENCE PROGRAM IN COMPUTER ENGINEERING Core Courses ECTS *CENG 590 Seminar (0-2)
More informationThe design of a programming language for provably correct programs: success and failure
The design of a programming language for provably correct programs: success and failure Don Sannella Laboratory for Foundations of Computer Science School of Informatics, University of Edinburgh http://homepages.inf.ed.ac.uk/dts
More informationAn Algebraic Framework for Optimizing Parallel Programs
An Algebraic Framework for Optimizing Parallel Programs Ichiro Satoh Department of Information Sciences, Ochanomizu University 2-1-1 Otsuka Bunkyo-ku Tokyo 112, Japan ichiro@is.ocha.ac.jp Abstract This
More informationOn the Expressiveness of Infinite Behavior and Name Scoping in Process Calculi
On the Expressiveness of Infinite Behavior and Name Scoping in Process Calculi Pablo Giambiagi (KTH, Sweden) Gerardo Schneider (IRISA/INRIA) Speaker: Frank D. Valencia (Uppsala Univ., Sweden) FOSSACS 04,
More information(Refer Slide Time: 4:00)
Principles of Programming Languages Dr. S. Arun Kumar Department of Computer Science & Engineering Indian Institute of Technology, Delhi Lecture - 38 Meanings Let us look at abstracts namely functional
More informationReasoning about modules: data refinement and simulation
Reasoning about modules: data refinement and simulation David Naumann naumann@cs.stevens-tech.edu Stevens Institute of Technology Naumann - POPL 02 Java Verification Workshop p.1/17 Objectives of talk
More informationA CRASH COURSE IN SEMANTICS
LAST TIME Recdef More induction NICTA Advanced Course Well founded orders Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 Well founded recursion Calculations: also/finally {P}... {Q}
More informationLecture slides & distribution files:
Type Theory Lecture slides & distribution files: http://www.cs.rhul.ac.uk/home/zhaohui/ttlectures.html Zhaohui Luo Department of Computer Science Royal Holloway, University of London April 2011 2 Type
More informationCSC 501 Semantics of Programming Languages
CSC 501 Semantics of Programming Languages Subtitle: An Introduction to Formal Methods. Instructor: Dr. Lutz Hamel Email: hamel@cs.uri.edu Office: Tyler, Rm 251 Books There are no required books in this
More informationComponent-Based Semantics
Component-Based Semantics Peter D. Mosses Swansea University (emeritus) TU Delft (visitor) IFIP WG 2.2 Meeting, Bordeaux, September 2017 Component-based semantics Aims encourage language developers to
More informationGroup Oriented Identity-Based Deniable Authentication Protocol from the Bilinear Pairings
International Journal of Network Security, Vol.5, No.3, PP.283 287, Nov. 2007 283 Group Oriented Identity-Based Deniable Authentication Protocol from the Bilinear Pairings Rongxing Lu and Zhenfu Cao (Corresponding
More informationwhen a process of the form if be then p else q is executed and also when an output action is performed. 1. Unnecessary substitution: Let p = c!25 c?x:
URL: http://www.elsevier.nl/locate/entcs/volume27.html 7 pages Towards Veried Lazy Implementation of Concurrent Value-Passing Languages (Abstract) Anna Ingolfsdottir (annai@cs.auc.dk) BRICS, Dept. of Computer
More informationCSCI-GA Scripting Languages
CSCI-GA.3033.003 Scripting Languages 12/02/2013 OCaml 1 Acknowledgement The material on these slides is based on notes provided by Dexter Kozen. 2 About OCaml A functional programming language All computation
More informationSecurity Protocol Verification: Symbolic and Computational Models
Security Protocol Verification: Symbolic and Computational Models Bruno Blanchet INRIA, École Normale Supérieure, CNRS Bruno.Blanchet@ens.fr March 2012 Bruno Blanchet (INRIA, ENS, CNRS) ETAPS March 2012
More informationCOMP 3141 Software System Design and Implementation
Student Number: Family Name: Given Names: Signature: THE UNIVERSITY OF NEW SOUTH WALES Sample Exam 2018 Session 1 COMP 3141 Software System Design and Implementation Time allowed: 2 hours, plus 10 minutes
More informationCryptographically Sound Security Proofs for Basic and Public-key Kerberos
Cryptographically Sound Security Proofs for Basic and Public-key Kerberos ESORICS 2006 M. Backes 1, I. Cervesato 2, A. D. Jaggard 3, A. Scedrov 4, and J.-K. Tsay 4 1 Saarland University, 2 Carnegie Mellon
More informationAutomated Theorem Proving in a First-Order Logic with First Class Boolean Sort
Thesis for the Degree of Licentiate of Engineering Automated Theorem Proving in a First-Order Logic with First Class Boolean Sort Evgenii Kotelnikov Department of Computer Science and Engineering Chalmers
More informationTyped Lambda Calculus. Chapter 9 Benjamin Pierce Types and Programming Languages
Typed Lambda Calculus Chapter 9 Benjamin Pierce Types and Programming Languages t ::= x x. t t t Call-by-value small step perational Semantics terms variable v ::= values abstraction x. t abstraction values
More informationOASIS: Architecture, Model and Management of Policy
OASIS: Architecture, Model and Management of Policy Ken Moody Computer Laboratory, University of Cambridge 1 Overview OASIS : Architecture, Model and Policy 1. background to the research people, projects
More informationComplex Systems Design &DistributedCalculusandCoordination
Complex Systems Design &DistributedCalculusandCoordination Concurrency and Process Algebras: Theory and Practice - Klaim Francesco Tiezzi University of Camerino francesco.tiezzi@unicam.it A.A. 2014/2015
More informationUsing the π-calculus for Modeling and Verifying Processes on Web Services
Thesis Report Using the π-calculus for Modeling and Verifying Processes on Web Services Muhammad Fadlisyah s9995783@inf.tu-dresden.de mfadls@yahoo.com Supervised by Dr.rer.nat.habil. Michael Posegga Institute
More informationLogic of Authentication
Logic of Authentication Dennis Kafura Derived from materials authored by: Burrows, Abadi, Needham 1 Goals and Scope Goals develop a formalism to reason about authentication protocols uses determine guarantees
More informationSemantics for core Concurrent ML using computation types
Semantics for core Concurrent ML using computation types Alan Jeffrey Abstract This paper presents two typed higherorder concurrent functional programming languages based on Reppy s Concurrent ML. The
More informationAuthenticity by Typing for Security Protocols
Authenticity by Typing for Security Protocols Andrew D. Gordon Microsoft Research Alan Jeffrey DePaul University May 2001 Technical Report MSR TR 2001 49 Microsoft Research Microsoft Corporation One Microsoft
More informationDynamic Logic David Harel, The Weizmann Institute Dexter Kozen, Cornell University Jerzy Tiuryn, University of Warsaw The MIT Press, Cambridge, Massac
Dynamic Logic David Harel, The Weizmann Institute Dexter Kozen, Cornell University Jerzy Tiuryn, University of Warsaw The MIT Press, Cambridge, Massachusetts, 2000 Among the many approaches to formal reasoning
More information40 Behaviour Compatibility
40 Behaviour Compatibility [2] R. De Nicola, Extentional Equivalences for Transition Systems, Acta Informatica, vol. 24, pp. 21-237, 1987. [3] J. Gray, Notes on Data Base Operating Systems, in Operating
More informationFormal Systems and their Applications
Formal Systems and their Applications Dave Clarke (Dave.Clarke@cs.kuleuven.be) Acknowledgment: these slides are based in part on slides from Benjamin Pierce and Frank Piessens 1 Course Overview Introduction
More informationFormally Specifying Blockchain Protocols
Formally Specifying Blockchain Protocols 1 IOHK company building blockchain applications research focused invested in functional programming built Cardano network, Ada cryptocurrency 2 Blockchain Protocols
More informationSPi Calculus: Outline. What is it? Basic SPi Calculus Notation Basic Example Example with Channel Establishment Example using Cryptography
SPi Calculus: Outline What is it? Basic SPi Calculus Notation Basic Example Example with Channel Establishment Example using Cryptography SPi Calculus: What is it? SPi Calculus is an executable model for
More informationOverview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL
Overview A Compact Introduction to Isabelle/HOL Tobias Nipkow TU München 1. Introduction 2. Datatypes 3. Logic 4. Sets p.1 p.2 System Architecture Overview of Isabelle/HOL ProofGeneral Isabelle/HOL Isabelle
More informationFormal Methods and Cryptography
Formal Methods and Cryptography Michael Backes 1, Birgit Pfitzmann 2, and Michael Waidner 3 1 Saarland University, Saarbrücken, Germany, backes@cs.uni-sb.de 2 IBM Research, Rueschlikon, Switzerland, bpf@zurich.ibm.com
More informationIntroduction to Term Rewrite Systems and their Applications
Introduction to Term Rewrite Systems and their Applications Drexel University May 17, 2015 Motivation Overview What is a Term Rewrite System (TRS)? Tic-Tac-Toe The Maude System Cryptography Important Properties
More informationAnalysis Techniques. Protocol Verification by the Inductive Method. Analysis using theorem proving. Recall: protocol state space.
CS 259 Protocol Verification by the Inductive Method Analysis Techniques Crypto Protocol Analysis Formal Models Dolev-Yao (perfect cryptography) Computational Models John Mitchell Modal Logics Model Checking
More informationAutomatic Verification of Security Protocols in the Symbolic Model: the Verifier ProVerif
Automatic Verification of Security Protocols in the Symbolic Model: the Verifier ProVerif Bruno Blanchet INRIA Paris-Rocquencourt, France Bruno.Blanchet@inria.fr Abstract. After giving general context
More informationToward explicit rewrite rules in the λπ-calculus modulo
Toward explicit rewrite rules in the λπ-calculus modulo Ronan Saillard (Olivier Hermant) Deducteam INRIA MINES ParisTech December 14th, 2013 1 / 29 Motivation Problem Checking, in a trustful way, that
More informationObservable Behaviour Observable behaviour can be defined in terms of experimentation.
Observable Behaviour Observable behaviour can be defined in terms of experimentation. Consider a coffee machine. We don t need to understand and don t what to understand how the coffee machine works. All
More informationTheories of Information Hiding in Lambda-Calculus
Theories of Information Hiding in Lambda-Calculus Logical Relations and Bisimulations for Encryption and Type Abstraction Eijiro Sumii University of Pennsylvania Main Results Proof methods for two forms
More informationLecture Notes on Real-world SMT
15-414: Bug Catching: Automated Program Verification Lecture Notes on Real-world SMT Matt Fredrikson Ruben Martins Carnegie Mellon University Lecture 15 1 Introduction In the previous lecture we studied
More informationMATHEMATICAL STRUCTURES FOR COMPUTER SCIENCE
MATHEMATICAL STRUCTURES FOR COMPUTER SCIENCE A Modern Approach to Discrete Mathematics SIXTH EDITION Judith L. Gersting University of Hawaii at Hilo W. H. Freeman and Company New York Preface Note to the
More informationLecture 11 Lecture 11 Nov 5, 2014
Formal Verification/Methods Lecture 11 Lecture 11 Nov 5, 2014 Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems to be analyzed, and
More information15 212: Principles of Programming. Some Notes on Continuations
15 212: Principles of Programming Some Notes on Continuations Michael Erdmann Spring 2011 These notes provide a brief introduction to continuations as a programming technique. Continuations have a rich
More informationCS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Dan Grossman Spring 2011
CS152: Programming Languages Lecture 11 STLC Extensions and Related Topics Dan Grossman Spring 2011 Review e ::= λx. e x e e c v ::= λx. e c τ ::= int τ τ Γ ::= Γ, x : τ (λx. e) v e[v/x] e 1 e 1 e 1 e
More informationFunctional Programming. Pure Functional Languages
Functional Programming Pure functional PLs S-expressions cons, car, cdr Defining functions read-eval-print loop of Lisp interpreter Examples of recursive functions Shallow, deep Equality testing 1 Pure
More informationSecure Compilation of a Multi-tier Web Language
Secure Compilation of a Multi-tier Web Language Ioannis G. Baltopoulos (ioannis.baltopoulos@cl.cam.ac.uk) The Rise and Rise of the Declarative Datacentre (R2D2) Tuesday, May 13, 2008 Joint work with Andrew
More informationPlaintext Awareness via Key Registration
Plaintext Awareness via Key Registration Jonathan Herzog CIS, TOC, CSAIL, MIT Plaintext Awareness via Key Registration p.1/38 Context of this work Originates from work on Dolev-Yao (DY) model Symbolic
More informationInductive Definitions, continued
1 / 27 Inductive Definitions, continued Assia Mahboubi Jan 7th, 2016 2 / 27 Last lecture Introduction to Coq s inductive types: Introduction, elimination and computation rules; Twofold implementation :
More informationLambda Calculus and Type Inference
Lambda Calculus and Type Inference Björn Lisper Dept. of Computer Science and Engineering Mälardalen University bjorn.lisper@mdh.se http://www.idt.mdh.se/ blr/ August 17, 2007 Lambda Calculus and Type
More informationThe automatic security protocol verifier ProVerif
The automatic security protocol verifier ProVerif Bruno Blanchet CNRS, École Normale Supérieure, INRIA, Paris June 2010 Bruno Blanchet (CNRS, ENS, INRIA) ProVerif June 2010 1 / 43 Introduction Many techniques
More informationThe Inverse of a Schema Mapping
The Inverse of a Schema Mapping Jorge Pérez Department of Computer Science, Universidad de Chile Blanco Encalada 2120, Santiago, Chile jperez@dcc.uchile.cl Abstract The inversion of schema mappings has
More informationNEW FUNCTIONS FOR SECRECY ON REAL PROTOCOLS
NEW FUNCTIONS FOR SECRECY ON REAL PROTOCOLS Jaouhar Fattahi 1 and Mohamed Mejri 1 and Hanane Houmani 2 1 LSI Group, Laval University, Quebec, Canada 2 University Hassan II, Morocco ABSTRACT In this paper,
More informationTwo Formal Views of Authenticated Group Diffie-Hellman Key Exchange
Two Formal Views of Authenticated Group Diffie-Hellman Key Exchange E. Bresson 1, O. Chevassut 2,3, O. Pereira 2, D. Pointcheval 1 and J.-J. Quisquater 2 1 Ecole Normale Supérieure, 75230 Paris Cedex 05,
More informationSoftware verification using proof assistants
Software verification using proof assistants IT University of Copenhagen My background Ph.D. from University of Uppsala Formalising Process Calculi, Supervisor: Joachim Parrow PostDoc IT University of
More informationPrototype Environment for Refactoring Clean Programs
Prototype Environment for Refactoring Clean Programs Extended abstract Rozália Szabó-Nacsa, Péter Diviánszky, Zoltán Horváth Department of Software Technology and Methodology, Eötvös Loránd University,
More informationData-Oriented System Development
Data-Oriented System Development Prof. Martin Wirsing 30.10.2002 Refinement Technics The Refinement-Concept: Refinement through Inclusion of Model Classes 2 Goals Refinement of functional requirements:
More informationSecure Reactive Systems, Day 3: Reactive Simulatability Property Preservation and Crypto. Examples
Michael Backes, Germany joint work with Birgit Pfitzmann and Michael Waidner Secure Reactive Systems, Day 3: Reactive Simulatability Property Preservation and Crypto. Examples Tartu, 03/01/06 Recall the
More informationVerfying the SSH TLP with ProVerif
A Demo Alfredo Pironti Riccardo Sisto Politecnico di Torino, Italy {alfredo.pironti,riccardo.sisto}@polito.it CryptoForma Bristol, 7-8 April, 2010 Outline Introduction 1 Introduction 2 3 4 Introduction
More information