Equipe Com

1
Equipe ComèteConcurrency, Mobility, and
Transactions

• Catuscia Palamidessi
• INRIA-Futurs and LIX

2
People

• Permanent members
• Catuscia Palamidessi (coordinator)
• Fabrice Le Fessant
• Collaborations
• Frank Valencia, BRICS and Uppsala Univ.
• p-calculus Concurrent Constraint Programming,
  Security
• Vijay Saraswat, IBM Yorktown
• p-calculus, Concurrent Constraint Programming
• Diletta Cacciagrano, Univ. de LAquila
• p-calculus, fairness
• Yuxin Deng, Paris VII
• Type systems for probabilistic process calculi
• Bernadette Charron Bost, STIX
• Safety and liveness

3
Projects

• ACI Securité
• ROSSIGNOL Verification of Cryptographic
  Protocols
• LIF responsable D. Luigiez
• LSV Responsable F. Jacquemard
• INRIA-Futurs LIX responsable C. Palamidessi
• Verimag Responsible Y. Lackhnech

4
Main Goals

• Foundations of Languages for Concurrent and
  Distributed Systems
• Process Calculi (p-calculus)
• Mobility, Probabilities
• Development of a probabilistic version of the
  asynchronous ?-calculus
• Distributed implementation of the p-calculus
• A language for specification and verification of
  security protocols (ProPiS)
• Development of a platform for distributed
  programming

5
Probabilistic Asynchronous p (ppa)Catuscia
Palamidessi, INRIA Futurs, FranceMihaela
Herescu, IBM, Austin

• Aim add the power of randomization to obtain a
  language that
• is as expressive as p (it is possible to encode p
  into it)
• can be implemented in a fully distributed way
• Expressive power of ppa
• Solution to problems requiring distributed
  agreement
• Encoding of p into ppa completed and proved
  correct wrt a notion of testing semantics

6
ppa the Probabilistic Asynchonous p

• Syntax
• g x(y) t prefixes
• P Si pi gi . Pi pr. inp. guard. choice
  Si pi 1
• xy output action
• P P parallel
• (x) P new name
• recA P recursion
• A procedure name

7
The operational semantics of ppa

• Based on the Probabilistic Automata of Segala and
  Lynch
• Distinction between
• nondeterministic behavior (choice of the
  scheduler) and
• probabilistic behavior (choice of the process)

Scheduling Policy The scheduler chooses the
group of transitions
Execution The process chooses probabilistically
the transition within the group
8
The operational semantics of ppa

• Representation of a group of transition
• P --gi-gt pi Pi i
• Rules
• Choice Si pi gi . Pi --gi-gt pi Pi i
• P --gi-gt piPi i
• Par ____________________
• Q P --gi-gt piQ Pi i

9
The operational semantics of ppa

• Rules (continued)
• P --xi(yi)-gt piPi i Q --xz-gt 1 Q
  i
• Com ____________________________________
• P Q --t-gt piPiz/yi Q xix U
  --xi(yi)-gt pi Pi Q xi/x
• P --xi(yi)-gt piPi i
• Res _________________________ qi
  renormalized
• (x) P --xi(yi)-gt qi (x) Pi xi / x

10
Implementation of ppa

• Compilation in Java ltlt gtgt ppa ? Java
• Distributed
• ltlt P Q gtgt ltlt P gtgt.start() ltlt Q gtgt.start()
  
• Compositional
• ltlt P op Q gtgt ltlt P gtgt jop ltlt Q gtgt for all
  op
• Channels are one-position buffers with
  test-and-set (synchronized) methods for input and
  output

11
Encoding p into ppa

• p ? ppa
• Fully distributed
• P Q P Q
• Preserves the communication structure
• P s P s
• Correct wrt a notion of probabilistic testing
  semantics
• P must O iff P must O with
  prob 1

12
Conclusion

• We have developed a probabilistic version of the
  asynchronous p-calculus, ppa
• We have provided an encoding of p into ppa
• fully distributed
• compositional
• correct wrt a notion of testing semantics
• Advantages
• high-level solutions to distributed algorithms
• Easier to prove correct (no reasoning about
  randomization required)

13
Features of ProPiS

• Probabilistic Pi for Security
• ppa enriched with cryptographic primitives
  similar to those of the spi-calculus Abadi and
  Gordon
• The probability features will allow to analyse
  security protocols at a finer level
  (cryptographic level), i.e. beyond the Dolew-Yao
  assumptions of perfect cryptography In our
  approach an attacker can try to guess a key, for
  instance. The point is to prove that the
  probability that his attack can be effective is
  negligible.
• The probability features will also allow to
  express protocols that require randomization.

14
Example The dining cryptographers
A problem of anonymity
15
The dining cryptographers

• The Problem
• Three cryptographers share a meal
• The meal is paid either by the organization
  (master) or by one of them. The master decides
  who pays
• Each of the cryptographers is informed by the
  master whether or not he is paying
• Goal
• The cryptographers would like to know whether the
  meal is being paid by the master or by one of
  them, but without knowing who is paying (if it is
  one of them).

16
The dining cryptographers Solution

• Solution Each cryptographer tosses a coin
  (probabilistic choice). Each coin is in between
  two cryptographers.
• The result of each coin-tossing is visible to the
  adjacent cryptographers, and only to them.
• Each cryptographer examines the two adjacent
  coins
• If he is paying, he announces agree if the
  results are the same, and disagree otherwise.
• If he is not paying, he says the opposite
• Claim 1 if the number of disagree is even,
  then the master is paying. Otherwise, one of them
  is paying.
• Claim 2 In the latter case, if the coin is fair
  the non paying cryptographers will not be able to
  deduce whom exactly is paying

17
The dining cryptographers Solution