Psi-calculi Workbench

Similar documents
The Psi-Calculi Workbench: a Generic Tool for Applied Process Calculi

LANGUAGES, LOGICS, TYPES AND TOOLS FOR CONCURRENT SYSTEM MODELLING

Rule Formats for Nominal Modal Transition Systems

Substitution in Structural Operational Semantics and value-passing process calculi

Psi-calculi in Isabelle

Verifying Concurrent ML programs

Functional Programming with Isabelle/HOL

Extensions of BAN. Overview. BAN Logic by Heather Goldsby Michelle Pirtle

Course on Probabilistic Methods in Concurrency. (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1

The Mobility Workbench User's Guide. Polyadic version Bjorn Victor. October 9, Introduction 2. 2 Input syntax 2

A well-behaved LTS for the Pi-calculus (Abstract)

New directions in implementing the pi calculus

Foundational Aspects of Syntax 1

Verification of Security Protocols

A Remote Biometric Authentication Protocol for Online Banking

Integration of SMT Solvers with ITPs There and Back Again

3.4 Deduction and Evaluation: Tools Conditional-Equational Logic

CS 395T. JFK Protocol in Applied Pi Calculus

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

Moscova 07. Jean-Jacques Lévy. April 24, INRIA Rocquencourt

Lecture 5: The Halting Problem. Michael Beeson

From Types to Sets in Isabelle/HOL

Types for Security Protocols 1

Web Services Choreography and Process Algebra

Contents. Chapter 1 SPECIFYING SYNTAX 1

From natural numbers to the lambda calculus

2 after reception of a message from the sender, do one of two things: either the message is delivered to the receiver, or it is lost. The loss of a me

Less naive type theory

Computing Fundamentals 2 Introduction to CafeOBJ

Functional Languages. Hwansoo Han

Dining Philosophers with π-calculus

Embedding Cryptol in Higher Order Logic

EXTENSIONS OF FIRST ORDER LOGIC

Formally Linking Security Protocol Models and Implementations

Cryptographic Primitives and Protocols for MANETs. Jonathan Katz University of Maryland

On the Expressiveness of Polyadicity in Higher-Order Process Calculi

Com S 541. Programming Languages I

Refinements to techniques for verifying shape analysis invariants in Coq

OO-Motivated Process Algebra: A Calculus for CORBA-like Systems

Lecture 14 Alvaro A. Cardenas Kavitha Swaminatha Nicholas Sze. 1 A Note on Adaptively-Secure NIZK. 2 The Random Oracle Model

Key Escrow free Identity-based Cryptosystem

Resource-bound process algebras for Schedulability and Performance Analysis of Real-Time and Embedded Systems

1. M,M sequential composition: try tactic M; if it succeeds try tactic M. sequential composition (, )

The Formal Semantics of Programming Languages An Introduction. Glynn Winskel. The MIT Press Cambridge, Massachusetts London, England

( It will be applied from Fall)

The design of a programming language for provably correct programs: success and failure

An Algebraic Framework for Optimizing Parallel Programs

On the Expressiveness of Infinite Behavior and Name Scoping in Process Calculi

(Refer Slide Time: 4:00)

Reasoning about modules: data refinement and simulation

A CRASH COURSE IN SEMANTICS

Lecture slides & distribution files:

CSC 501 Semantics of Programming Languages

Component-Based Semantics

Group Oriented Identity-Based Deniable Authentication Protocol from the Bilinear Pairings

when a process of the form if be then p else q is executed and also when an output action is performed. 1. Unnecessary substitution: Let p = c!25 c?x:

CSCI-GA Scripting Languages

Security Protocol Verification: Symbolic and Computational Models

COMP 3141 Software System Design and Implementation

Cryptographically Sound Security Proofs for Basic and Public-key Kerberos

Automated Theorem Proving in a First-Order Logic with First Class Boolean Sort

Typed Lambda Calculus. Chapter 9 Benjamin Pierce Types and Programming Languages

OASIS: Architecture, Model and Management of Policy

Complex Systems Design &DistributedCalculusandCoordination

Using the π-calculus for Modeling and Verifying Processes on Web Services

Logic of Authentication

Semantics for core Concurrent ML using computation types

Authenticity by Typing for Security Protocols

Dynamic Logic David Harel, The Weizmann Institute Dexter Kozen, Cornell University Jerzy Tiuryn, University of Warsaw The MIT Press, Cambridge, Massac

40 Behaviour Compatibility

Formal Systems and their Applications

Formally Specifying Blockchain Protocols

SPi Calculus: Outline. What is it? Basic SPi Calculus Notation Basic Example Example with Channel Establishment Example using Cryptography

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL

Formal Methods and Cryptography

Introduction to Term Rewrite Systems and their Applications

Analysis Techniques. Protocol Verification by the Inductive Method. Analysis using theorem proving. Recall: protocol state space.

Automatic Verification of Security Protocols in the Symbolic Model: the Verifier ProVerif

Toward explicit rewrite rules in the λπ-calculus modulo

Observable Behaviour Observable behaviour can be defined in terms of experimentation.

Theories of Information Hiding in Lambda-Calculus

Lecture Notes on Real-world SMT

MATHEMATICAL STRUCTURES FOR COMPUTER SCIENCE

Lecture 11 Lecture 11 Nov 5, 2014

15 212: Principles of Programming. Some Notes on Continuations

CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Dan Grossman Spring 2011

Functional Programming. Pure Functional Languages

Secure Compilation of a Multi-tier Web Language

Plaintext Awareness via Key Registration

Inductive Definitions, continued

Lambda Calculus and Type Inference

The automatic security protocol verifier ProVerif

The Inverse of a Schema Mapping

NEW FUNCTIONS FOR SECRECY ON REAL PROTOCOLS

Two Formal Views of Authenticated Group Diffie-Hellman Key Exchange

Software verification using proof assistants

Prototype Environment for Refactoring Clean Programs

Data-Oriented System Development

Secure Reactive Systems, Day 3: Reactive Simulatability Property Preservation and Crypto. Examples

Verfying the SSH TLP with ProVerif

Transcription:

Andrius Paulavičius SWEDEN Psi-calculi Workbench Ramūnas Gutkovas YR-CONCUR `12, Newcastle, 2012-09-03

Application areas applied pi calculus Authentication protocols multicore programming spi-calculus wireless sensor networks concurrent constraint pi others... GAP Fundamental models of computation Turing machines pi-calculus lambda-calculus pi-calculus modal logics

Application areas Authentication protocols multicore programming applied pi calculus wireless sensor networks spi-calculus concurrent constraint pi others... GAP Fundamental models of computation pi-calculus Turing machines lambda-calculus pi-calculus modal logics

The Solution: Psi-calculi! Applications + Cryptography + Eq Logics + Data structures + many other exts... Reusable Ψ Nominal Correct framework for mobile process calculi

Part 1 Psi-Calculi Logical Methods in Computer Science Vol. 7 (1:11) 2011, pp. 1 44 www.lmcs-online.org Introduction PSI-CALCULI: A FRAMEWORK FOR MOBILE PROCESSES WITH NOMINAL DATA AND LOGIC Submitted Dec. 30, 2009 Published Mar. 29, 2011 JESPER BENGTSON, MAGNUS JOHANSSON, JOACHIM PARROW, AND BJÖRN VICTOR Department of Information Technology, Uppsala University, Sweden e-mail address: {jesper.bengtson,magnus.johansson,joachim.parrow,bjorn.victor}@it.uu.se Publications: Abstract. The framework of psi-calculi extends the pi-calculus with nominal datatypes for data structures and for logical assertions and conditions. These can be transmitted between processes and their names can be statically scoped as inthestandardpi-calculus. Psi-calculi can capture the same phenomena as other proposed extensionsofthepi-calculus such as the applied pi-calculus, the spi-calculus, the fusion calculus, the concurrent constraint pi-calculus, and calculi with polyadic communication channels or pattern matching. Psi-calculi can be even more general, for example by allowing structuredchannels, higherorder formalisms such as the lambda calculus for data structures, and predicate logic for assertions. We provide ample comparisons to related calculi and discuss afewsignificant applications. Our labelled operational semantics and definition of bisimulation is straightforward, without a structural congruence. We establish minimal requirements on the nominal data and logic in order to prove general algebraic properties of psi-calculi, all of which have been checked in the interactive theorem prover Isabelle. Expressiveness of psi-calculi significantly exceeds that of other formalisms, while the purity ofthesemanticsisonpar with the original pi-calculus. LICS 09, TPHOLs 09, LMCS 11, SOS 09, LICS 10, SEFM 11, JLAP 12, two PhD theses 1. Introduction Authors: The pi-calculus [MPW92] has a multitude of extensions where higher-level data structures and operations on them are given as primitive. To mention only two there are the spi-calculus by Abadi and Gordon [AG99] focusing on cryptographic primitives, and the applied pi-calculus of Abadi and Fournet [AF01] where agents can introduce statically scoped aliases of names for data, used e.g. to express how knowledge of an encryption is restricted. It is also parametrised by an arbitrary signature for expressing data and an equation system for expressing data equalities. The impact of these enriched calculi is considerable with hundreds of papers applying or developing the formalisms. As Abadi and Fournet rightly observe there is a trade-off between purity, meaning the simplicity and elegance Jesper Bengtson, Johannes Borgström, Shuqin Huang, Magnus Johansson, Joachim Received by the editors April 1, 2011. 1998 ACM Subject Classification: F.1.2, F.3.1, F.3.2. Key words and phrases: pi-calculus, nominal sets, bisimulation, operational semantics, theorem prover. c J. Bengtson, M. Johansson, J. Parrow, and B. Victor CC Creative Commons Parrow, Palle Raabjerg, LOGICAL METHODS IN COMPUTER SCIENCE DOI:10.2168/LMCS-7 (1:11) 2011 Björn Victor, Johannes Åman Pohjola,...

Part 1 Part 2 Psi-Calculi Logical Methods in Computer Science Vol. 7 (1:11) 2011, pp. 1 44 www.lmcs-online.org Introduction PSI-CALCULI: A FRAMEWORK FOR MOBILE PROCESSES WITH NOMINAL DATA AND LOGIC Submitted Dec. 30, 2009 Published Mar. 29, 2011 JESPER BENGTSON, MAGNUS JOHANSSON, JOACHIM PARROW, AND BJÖRN VICTOR Department of Information Technology, Uppsala University, Sweden e-mail address: {jesper.bengtson,magnus.johansson,joachim.parrow,bjorn.victor}@it.uu.se Publications: Abstract. The framework of psi-calculi extends the pi-calculus with nominal datatypes for data structures and for logical assertions and conditions. These can be transmitted between processes and their names can be statically scoped as inthestandardpi-calculus. Psi-calculi can capture the same phenomena as other proposed extensionsofthepi-calculus such as the applied pi-calculus, the spi-calculus, the fusion calculus, the concurrent constraint pi-calculus, and calculi with polyadic communication channels or pattern matching. Psi-calculi can be even more general, for example by allowing structuredchannels, higherorder formalisms such as the lambda calculus for data structures, and predicate logic for assertions. We provide ample comparisons to related calculi and discuss afewsignificant applications. Our labelled operational semantics and definition of bisimulation is straightforward, without a structural congruence. We establish minimal requirements on the nominal data and logic in order to prove general algebraic properties of psi-calculi, all of which have been checked in the interactive theorem prover Isabelle. Expressiveness of psi-calculi significantly exceeds that of other formalisms, while the purity ofthesemanticsisonpar with the original pi-calculus. LICS 09, TPHOLs 09, LMCS 11, SOS 09, LICS 10, SEFM 11, JLAP 12, two PhD theses 1. Introduction Authors: The pi-calculus [MPW92] has a multitude of extensions where higher-level data structures and operations on them are given as primitive. To mention only two there are the spi-calculus by Abadi and Gordon [AG99] focusing on cryptographic primitives, and the applied pi-calculus of Abadi and Fournet [AF01] where agents can introduce statically scoped aliases of names for data, used e.g. to express how knowledge of an encryption is restricted. It is also parametrised by an arbitrary signature for expressing data and an equation system for expressing data equalities. The impact of these enriched calculi is considerable with hundreds of papers applying or developing the formalisms. As Abadi and Fournet rightly observe there is a trade-off between purity, meaning the simplicity and elegance Jesper Bengtson, Johannes Borgström, Shuqin Huang, Magnus Johansson, Joachim Received by the editors April 1, 2011. 1998 ACM Subject Classification: F.1.2, F.3.1, F.3.2. Key words and phrases: pi-calculus, nominal sets, bisimulation, operational semantics, theorem prover. c J. Bengtson, M. Johansson, J. Parrow, and B. Victor CC Creative Commons Parrow, Palle Raabjerg, LOGICAL METHODS IN COMPUTER SCIENCE DOI:10.2168/LMCS-7 (1:11) 2011 Björn Victor, Johannes Åman Pohjola,... Psi-Calculi Workbench Pwb Tool for Psi

Part 1 Psi-Calculi Introduction

Psi by Example pi-calculus (Informal) nil output input parallel replication restriction match summation 0 a<b>.p a(x).p P Q!P (new a)p [a = b]p P + Q

Psi by Example pi-calculus (Informal) nil output input parallel replication restriction match summation 0 a<b>.p a(x).p P Q!P (new a)p case [a a = = b]p b : P case P true + Q : P [] true : Q

Psi by Example Explicit Fusion (Informal) Input prefix not binding a b. P a<c>.q τ b=c P Q Wischik & Gardner Equators in Psi (a la Merro): a(e).(( b=e ) P) a<c>.q ( b=c ) P Q 1-1 transition correspondence τ communication yields explicit fusion

Psi by Example Crypto (A Closer Look) Structured data: tuples with projection equations fst(t(x,y)) = x snd(t(x,y)) = y a<t(m,x)> (new s) Facts about data: the secret s and message M hashes to x ( ) ( hash(t(s,m)) = x ) a(y).if hash(t(s,fst(y))) = snd(y) then Ch(b)<fst(y)> Structured channels Equation as condition: checks if message and hash received via a is hashed with s

Psi-calculi Parameterized Calculi P, Q ::= T terms (processes in ASCII notation) Output: M<N>.P C conditions Input: M(x).P Case: case cnd 1 :P 1 []... [] cnd n :P n Assertion: ( Psi ) A assertions

Psi-calculi Parameterized Calculi P, Q ::= (processes in ASCII notation) Output: M<N>.P Input: M(x).P Case: case cnd 1 :P 1 []... [] cnd n :P n Assertion: ( Psi ) Nil: Parallel: Replication: Restriction: 0 P Q!P (new a)p

Psi-calculi Defining a calculus T subst : C List(name T) A chaneq : T T C Satisfy simple axioms, practically anything entails : A C bool Provide: T C A terms are not necesseraly defined by a signature compose : A A A unit : A T terms C conditions A assertions

Example Psi-calculus the pi-calculus (1) T = names terms are just names C = {a == b : a, b in names} conditions are equalities between names A = {unit} = {1} no facts in the environment

Example Psi-calculus the pi-calculus (2) T A C chaneq = λ(a,b).a == b channel equivalence is formation of equality conditions entails = λ(ѱ,a == b).a = b name equality is entailed whenever the names are the same

Example Psi-calculus the pi-calculus (2) T chaneq = names = λ(a,b).a == A = b {unit} = {1} channel equivalence is formation of C = {a == b : a, b in names} equality conditions entails = λ(ѱ,a == b).a = b name equality is entailed whenever the names are the same unit = 1 compose = λ(ѱ 1,ѱ 2 ).1 assertions are trivial

Example Psi-calculus the pi-calculus ~ coincides 1-1 correspondnce of A = {unit} = {1} T = names C = {a == b : a, b in names} chaneq = λ(a,b).a == b entails = λ(ѱ,a == b).a = b compose = λ(ѱ 1,ѱ 2 ).1 unit = 1 machine-checked proofs That s it! Psi instance defined

Example Psi-calculus Fusion Calculus T = names C = {a = b : a,b names} A = pow fin ({a = b : a,b names}) Done! chaneq = λ(a,b).a = b entails = λ(ѱ,a=b). (a,b) EQ(ѱ) compose = λ(ѱ 1,ѱ 2 ). ѱ 1 ѱ 2 unit = equivalence closure

Example Psi-calculus crypto Σ = {hash( ), enc(, ), dec(, ), pk( ), sk( ), } E = {dec(enc(x,y),y) = x, } T = {f(m 1,,M n ): M i T & f Σ} names C = {M=N : M,N T} Done! A = pow({m=n : M,N T}) chaneq = λ(m,n). M=N entails = λ(ѱ,m=n). E ѱ eq M=N compose = λ(ѱ 1,ѱ 2 ). ѱ 1 ѱ 2 unit =

Psi-Calculi Expressiveness Psi-calculi can capture + Higher Order Cryptography, like applied pi-calculus (Abadi, Fournet 2001) Fusion, like the explicit fusion calculus (Wischik, Gardner 2005) Concurrent constraints, like Concurrent constraint pi (Buscemi, Montanari 2007) Polyadic synchronisation (Carbone, Maffeis 2003) pattern matching, higher-order values (various) Extensions + Broadcast + Sorts, match + Types (Hüttel, CONCUR 11)

Part 1 Part 2 Psi-Calculi Logical Methods in Computer Science Vol. 7 (1:11) 2011, pp. 1 44 www.lmcs-online.org Introduction PSI-CALCULI: A FRAMEWORK FOR MOBILE PROCESSES WITH NOMINAL DATA AND LOGIC Submitted Dec. 30, 2009 Published Mar. 29, 2011 JESPER BENGTSON, MAGNUS JOHANSSON, JOACHIM PARROW, AND BJÖRN VICTOR Department of Information Technology, Uppsala University, Sweden e-mail address: {jesper.bengtson,magnus.johansson,joachim.parrow,bjorn.victor}@it.uu.se Publications: Abstract. The framework of psi-calculi extends the pi-calculus with nominal datatypes for data structures and for logical assertions and conditions. These can be transmitted between processes and their names can be statically scoped as inthestandardpi-calculus. Psi-calculi can capture the same phenomena as other proposed extensionsofthepi-calculus such as the applied pi-calculus, the spi-calculus, the fusion calculus, the concurrent constraint pi-calculus, and calculi with polyadic communication channels or pattern matching. Psi-calculi can be even more general, for example by allowing structuredchannels, higherorder formalisms such as the lambda calculus for data structures, and predicate logic for assertions. We provide ample comparisons to related calculi and discuss afewsignificant applications. Our labelled operational semantics and definition of bisimulation is straightforward, without a structural congruence. We establish minimal requirements on the nominal data and logic in order to prove general algebraic properties of psi-calculi, all of which have been checked in the interactive theorem prover Isabelle. Expressiveness of psi-calculi significantly exceeds that of other formalisms, while the purity ofthesemanticsisonpar with the original pi-calculus. LICS 09, TPHOLs 09, LMCS 11, SOS 09, LICS 10, SEFM 11, JLAP 12, two PhD theses 1. Introduction Authors: The pi-calculus [MPW92] has a multitude of extensions where higher-level data structures and operations on them are given as primitive. To mention only two there are the spi-calculus by Abadi and Gordon [AG99] focusing on cryptographic primitives, and the applied pi-calculus of Abadi and Fournet [AF01] where agents can introduce statically scoped aliases of names for data, used e.g. to express how knowledge of an encryption is restricted. It is also parametrised by an arbitrary signature for expressing data and an equation system for expressing data equalities. The impact of these enriched calculi is considerable with hundreds of papers applying or developing the formalisms. As Abadi and Fournet rightly observe there is a trade-off between purity, meaning the simplicity and elegance Jesper Bengtson, Johannes Borgström, Shuqin Huang, Magnus Johansson, Joachim Received by the editors April 1, 2011. 1998 ACM Subject Classification: F.1.2, F.3.1, F.3.2. Key words and phrases: pi-calculus, nominal sets, bisimulation, operational semantics, theorem prover. c J. Bengtson, M. Johansson, J. Parrow, and B. Victor CC Creative Commons Parrow, Palle Raabjerg, LOGICAL METHODS IN COMPUTER SCIENCE DOI:10.2168/LMCS-7 (1:11) 2011 Björn Victor, Johannes Åman Pohjola,... Psi-Calculi Workbench Pwb Tool for Psi

Part 2 Psi-Calculi Workbench Tool for Psi

Psi-Calculi Workbench Framework for implementing Psi-Calculi instances Experimental Platform for experimentation with semantics and Free pi-calculus extensions Implemented in SML (PolyML) For every psi implementation includes Transition simulator Weak bisim generator

Psi-Calculi Workbench Pwb Implementer Architecture Modular Pluggable Supp Lib Nominal PP Parser Comb... T C A chaneq entails compose unit subst Psi Core Transition Constraint Solver Symbolic Evaluator

Psi-Calculi Workbench Constraint Solver Pwb Implementer Process Transition Derivative Constraint Transition Derivative Constraint Solution P Symbolic Evaluator Transition Constraint Solver

Psi-Calculi Workbench Pwb Architecture Modular Pluggable Implementer Parser Supp Lib Nominal PP Parser Comb... T C A chaneq entails compose unit subst Psi Core Transition Constraint Solver Symbolic Evaluator Pretty Printer Bisimulation Constraint Solver Bisim Cnstr Generator Command Interp

Demo

Psi-Calculi Extensions (in progress) + Nominal Free Algebras + Broadcast communication Johannes Borgström + Hüttel s Types Amin Khorsandi, MSc Thesis

References Get Pwb at $ wget www.it.uu.se/research/group/ mobility/applied/psiworkbench Take a look $ wget www.it.uu.se/research/group/mobility Read LICS 09, TPHOLs 09, LMCS 11, SOS 09, LICS 10, SEFM 11, JLAP 12 Exercising Psi-calculi: A Psi-calculi workbench (my MSc Thesis)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback