Strict Standards: Declaration of Doku_Renderer_metadata::table_open() should be compatible with Doku_Renderer::table_open($maxcols = NULL, $numrows = NULL, $pos = NULL) in /var/www/ on line 24

Strict Standards: Declaration of Doku_Renderer_metadata::table_close() should be compatible with Doku_Renderer::table_close($pos = NULL) in /var/www/ on line 24

Reliable and Trustworthy Communication-Based Systems: A Harmonious Integration of Causality, Reputation and Self-Adaptive Types for Analyzing Multiparty Protocols

  • Laura Bocchi
  • Ilaria Castellani
  • Romain Demangeon
  • Mariangiola Dezani
  • Cinzia Di Giusto
  • Luca Padovani
  • Jorge A. Pérez

Modern computing infrastructures involve massive numbers of heterogeneous computing entities, which intensively communicate over open networks and have varying levels of trust. Cloud computing and social networks are typical examples of these infrastructures. In such a communication-centred setting, interactive behavior can be usefully structured as a protocol among a set of parties. The correct construction of these infrastructures and of their communication patterns is a societal concern; it raises new issues, including adaptability and fault tolerance, reliability of data distribution and replication, trust, data-confidentiality, and integrity, among several others.

Among these issues, we recognize security and self-adaptation as two prominent and interconnected challenges. Communication-based infrastructures are inherently dynamic: some computing entities may get out of reach or disappear, while new ones enter the scene; the entities themselves may want to adapt their behaviour and/or reconfigure the interfaces on which communication relies. This calls for communication- based systems which are self-adaptive, i.e. able to autonomously adjust their interactive behaviour in response to changing conditions in the surrounding context and in accor- dance with evolving policies and objectives. Moreover, as the underlying protocols, which are critical to overall correctness, typically involve many participants, it is crucial to ensure that these interacting agents behave in secure ways. We would like to know whether or not they can trusted, and that their behavior does not leak, directly or indirectly, sensitive information to potentially malicious observers or parties.

Modern computing environments are therefore communication-intensive, vulnerable to security attacks, and highly dynamic. The issue is then to develop models, as well as programming abstractions and methodologies, to be able to exploit the rich potential of this new computing scenario, while making sure that communications go through as expected, and security problems and dynamic changes are properly handled. To this end, calculi and languages for communication-centred programming must provide mechanisms for self-adaptation and be security-minded from their very conception. Previous research has developed useful techniques for ensuring forms of security and self-adaptation. However, quite often such techniques are conceived from isolated perspectives. This prevents their seamless integration with other related techniques. As we have argued, the integration of security and self-adaptation issues is particularly relevant. A great challenge is then to achieve such an integration in a harmonious way, therefore more effectively tackling the challenges and concerns hinted at above.

At the core of our methodology is the notion of type, intended as an information associated with some computing entity, which provides a formal specification of its behaviour at a high level of abstraction. Types can be used to carry information, such as a trust value (as in, e.g., reputation systems) or a secrecy level (as in, e.g., information flow analyses). We plan to introduce self-adaptive types as a new form of specification. When entering a new computing context to take part in an interaction, a computing entity will carry its original specification, which will be updated along the interaction’s life according to the entity’s interplay with the context. In this way, it should be possible not only to trace faults or malicious actions (in order to expel a misbehaving computing entity), but also to accommodate behavioural changes and to collect statistics to measure an entity’s reputation and quality of service.

We envisage a rich behavioral type structure in which types may contain well-identified parts which can be filled in function of the behaviours and reputations of the participants involved in an interaction. Intuitively, these would be abstract behavioral interfaces with “holes”. The process model of adaptable processes [4, 5] could play a role in the foreseen type system: it has been already used to incorporate adaptation in models of structured communications [12, 3]. The participants must be cautious since everybody can lie, and their types will change when they observe unexpected behaviours. A challenge is to introduce types that express not only the ideal behaviour expected from the participants in an interaction, but also what should be their behaviour after a security violation (roughly, a security-based reconfiguration). We also aim to devise rigorous ways of discovering which participants are responsible for a violation. Notice that existing forms of (interactional) exceptions are not enough for this purpose, since they are part of the program, which means that they are foreseen from the very beginning; instead, we plan to handle unexpected events related to both adaptation and security concerns.

At a more technical level, we plan to study causality in protocols, using static analysis to extract from a specification the links between the different communications performed in the networks. This should facilitate the detection of potential information leaks (which typically occur when a publicly visible action depends on a secret one), building on previous work on security of information flow. The task is, of course, more difficult in dynamically changing environments, but some existing techniques for session-based multiparty communication [7] provide a first basis on which to build a more refined analysis. We also plan to introduce reputation as a visible value inside message-passing networks. By maintaining trust levels for participants at runtime, based on their previous interactions, one could induce the emergence of an experience-based reputation system [2] in a network.

Intended Call


Some relevant papers with authors in the BETTY community are listed below.

  • [1] Bocchi, L., Chen, T.C., Demangeon, R., Honda, K., Yoshida, N.: Monitoring Networks through Multiparty Session Types. In: FMOODS/FORTE’13, LNCS, vol. 7892, pp. 50–65. Springer (2013)
  • [2] Bono, V., Capecchi, S., Castellani, I., Dezani-Ciancaglini, M.: A Reputation Sys- tem for Multirole Sessions. In: TGC 2011, LNCS vol. 7173, pp. 1–24, Springer (2012).
  • [3] Bravetti, M., Carbone, M., Hildebrandt, T., Lanese, I., Mauro, J., Pérez, J.A., Zavattaro, G.: Towards Global and Local Types for Adaptation. In: SEFM 2013 Collocated Workshops: LNCS, vol. 8368, Springer (2014)
  • [4] Bravetti, M., Di Giusto, C., Pérez, J.A., Zavattaro, G.: Adaptable Processes. Log. Meth. Comp. Scie. 8(4) (2012)
  • [5] Bravetti, M., Di Giusto, C., Pérez, J.A., Zavattaro, G.: Towards the Verification of Adaptable Processes. In: ISoLA (1) 2012: LNCS, vol. 7609, pp. 269–283. Springer (2012)
  • [6] Bruni, R., Corradini, A., Gadducci, F., Lluch-Lafuente, A., Vandin, A.: A Con- ceptual Framework for Adaptation. In: FASE’12, LNCS, vol. 7212, pp. 240–254. Springer (2012)
  • [7] Capecchi, S., Castellani, I., Dezani-Ciancaglini, M., Rezk, T.: Session Types for Access and Information Flow Control. In Proc. CONCUR’10, volume 6269 of LNCS, pages 237–252. Springer, 2010.
  • [8] Carbone, M., Honda, K., Yoshida, N.: Structured Communication-Centered Pro- gramming for Web Services. ACM Trans. Program. Lang. Syst. 34(2), 8:1–8:78 (2012). DOI 10.1145/2220365.2220367
  • [9] Chen, T.C., Bocchi, L., Deniélou, P.M., Honda, K., Yoshida, N.: Asynchronous Distributed Monitoring for Multiparty Session Enforcement. In: TGC’11, LNCS, vol. 7173, pp. 25–45. Springer (2012)
  • [10] Coppo, M., Dezani-Ciancaglini, M., Venneri, V.: Self-adaptive Monitors for Multiparty Sessions, in PDP’14, 2014, to appear. [Online]. Available:
  • [11] Dalla Preda, M., Lanese, I., Mauro, J., Gabbrielli, M., Giallorenzo, S.: Safe Runtime Adaptation of Distributed Systems (2013). URL http://www.cs.unibo. it/~lanese/publications/fulltext/safeadapt.pdf.gz
  • [12] Di Giusto, C., Pérez, J.A.: Disciplined Structured Communications with Consistent Runtime Adaptation. In: SAC’13, pp. 1913–1918. ACM Press (2013)
  • [13] Lanese, I., Bucchiarone, A., Montesi, F.: A Framework for Rule-Based Dynamic Adaptation. In: TGC’10, LNCS, vol. 6084, pp. 284–300. Springer (2010)
horizonideatwo.txt · Last modified: 2014/02/07 19:24 by jorge
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki