Presentation is loading. Please wait.

Presentation is loading. Please wait.

16 January 2004LIX1 Equipe Comète Concurrency, Mobility, and Transactions Catuscia Palamidessi INRIA-Futurs and LIX.

Published byEmerald Short Modified over 7 years ago

Similar presentations

Presentation on theme: "16 January 2004LIX1 Equipe Comète Concurrency, Mobility, and Transactions Catuscia Palamidessi INRIA-Futurs and LIX."— Presentation transcript:

1 16 January 2004LIX1 Equipe Comète Concurrency, Mobility, and Transactions Catuscia Palamidessi INRIA-Futurs and LIX

2 16 January 2004 LIX 2 People Permanent members: Catuscia Palamidessi (coordinator) Fabrice Le Fessant Collaborations Frank Valencia, BRICS and Uppsala Univ.  -calculus Concurrent Constraint Programming, Security Vijay Saraswat, IBM Yorktown  -calculus, Concurrent Constraint Programming Diletta Cacciagrano, Univ. de L’Aquila  -calculus, fairness Yuxin Deng, Paris VII Type systems for probabilistic process calculi Bernadette Charron Bost, STIX Safety and liveness

3 16 January 2004 LIX 3 Projects ACI Securité ROSSIGNOL: Verification of Cryptographic Protocols LIF responsable: D. Luigiez LSV Responsable: F. Jacquemard INRIA-Futurs & LIX responsable: C. Palamidessi Verimag Responsible: Y. Lackhnech

4 16 January 2004 LIX 4 Main Goals Foundations of Languages for Concurrent and Distributed Systems Process Calculi (  -calculus) Mobility, Probabilities Development of a probabilistic version of the asynchronous  -calculus Distributed implementation of the  -calculus A language for specification and verification of security protocols (ProPiS) Development of a platform for distributed programming

5 16 January 2004 LIX 5 Probabilistic Asynchronous  pa  Catuscia Palamidessi, INRIA Futurs, France Mihaela Herescu, IBM, Austin Aim: add the power of randomization to obtain a language that is as expressive as  (it is possible to encode  into it) can be implemented in a fully distributed way Expressive power of  pa  Solution to problems requiring distributed agreement Encoding of  into  pa completed and proved correct wrt a notion of testing semantics

6 16 January 2004 LIX 6  pa : the Probabilistic Asynchonous  Syntax g ::= x(y) |  prefixes P ::=  i p i g i. P i pr. inp. guard. choice  i p i = 1 |x^youtput action | P | Pparallel | (x) Pnew name |rec A Precursion | Aprocedure name

7 16 January 2004 LIX 7 1/2 1/3 2/3 1/2 1/3 2/3 1/2 1/3 2/3 The operational semantics of  pa Based on the Probabilistic Automata of Segala and Lynch Distinction between nondeterministic behavior (choice of the scheduler) and probabilistic behavior (choice of the process) Scheduling Policy: The scheduler chooses the group of transitions Execution: The process chooses probabilistically the transition within the group

8 16 January 2004 LIX 8 The operational semantics of  pa Representation of a group of transition P { --g i -> p i P i } i Rules Choice  i p i g i. P i {--g i -> p i P i } i P {--g i -> p i P i } i Par ____________________ Q | P {--g i -> p i Q | P i } i

9 16 January 2004 LIX 9 The operational semantics of  pa Rules (continued) P {--x i (y i )-> p i P i } i Q {--x^z-> 1 Q’ } i Com____________________________________ P | Q {--t-> p i P i [z/y i ] | Q’ } x i =x U { --x i (y i )-> p i P i | Q } x i =/=x P {--x i (y i )-> p i P i } i Res _________________________ q i renormalized (x) P { --x i (y i )-> q i (x) P i } x i =/= x

10 16 January 2004 LIX 10 Implementation of  pa Compilation in Java > :  pa  Java Distributed > = >. start(); >.start(); Compositional > = > jop > for all op Channels are one-position buffers with test-and-set (synchronized) methods for input and output

11 16 January 2004 LIX 11 Encoding  into  pa [[ ]] :    pa Fully distributed [[ P | Q ]] = [[ P ]] | [[ Q ]] Preserves the communication structure [[ P  ]] = [[ P ]]  Correct wrt a notion of probabilistic testing semantics P must O iff [[ P ]] must [[ O ]] with prob 1

12 16 January 2004 LIX 12 Conclusion We have developed a probabilistic version of the asynchronous  -calculus,  pa We have provided an encoding of p into  pa fully distributed compositional correct wrt a notion of testing semantics Advantages: high-level solutions to distributed algorithms Easier to prove correct (no reasoning about randomization required)

13 16 January 2004 LIX 13 Features of ProPiS Probabilistic Pi for Security  pa enriched with cryptographic primitives similar to those of the spi-calculus [Abadi and Gordon] The probability features will allow to analyse security protocols at a finer level (cryptographic level), i.e. beyond the Dolew-Yao assumptions of perfect cryptography: In our approach an attacker can try to guess a key, for instance. The point is to prove that the probability that his attack can be effective is negligible. The probability features will also allow to express protocols that require randomization.

14 16 January 2004 LIX 14 Example: The dining cryptographers Crypt (0) Crypt(1) Crypt (2) Master pays 0 notpays 0 A problem of anonymity

15 16 January 2004 LIX 15 The dining cryptographers The Problem: Three cryptographers share a meal The meal is paid either by the organization (master) or by one of them. The master decides who pays Each of the cryptographers is informed by the master whether or not he is paying Goal: The cryptographers would like to know whether the meal is being paid by the master or by one of them, but without knowing who is paying (if it is one of them).

16 16 January 2004 LIX 16 The dining cryptographers: Solution Solution: Each cryptographer tosses a coin (probabilistic choice). Each coin is in between two cryptographers. The result of each coin-tossing is visible to the adjacent cryptographers, and only to them. Each cryptographer examines the two adjacent coins If he is paying, he announces “agree” if the results are the same, and “disagree” otherwise. If he is not paying, he says the opposite Claim 1: if the number of “disagree” is even, then the master is paying. Otherwise, one of them is paying. Claim 2: In the latter case, if the coin is fair the non paying cryptographers will not be able to deduce whom exactly is paying

17 16 January 2004 LIX 17 The dining cryptographers: Solution Crypt(0) Crypt(1)Crypt(2) Master Coin(2) Coin(1) Coin(0) pays 0 notpays 0 look 20 out 1

Download ppt "16 January 2004LIX1 Equipe Comète Concurrency, Mobility, and Transactions Catuscia Palamidessi INRIA-Futurs and LIX."

Similar presentations

Foundations of Cryptography Lecture 2: One-way functions are essential for identification. Amplification: from weak to strong one-way function Lecturer:

Foundations of Cryptography Lecture 2: One-way functions are essential for identification. Amplification: from weak to strong one-way function Lecturer:
Impossibility of Distributed Consensus with One Faulty Process

Impossibility of Distributed Consensus with One Faulty Process
08 April 2004 1 PPS - Groupe de Travail en Concurrence The probabilistic asynchronous -calculus Catuscia Palamidessi, INRIA Futurs, France.

08 April PPS - Groupe de Travail en Concurrence The probabilistic asynchronous -calculus Catuscia Palamidessi, INRIA Futurs, France.
Paris, 3 Dec 2007MPRI Course on Concurrency MPRI – Course on Concurrency Lecture 12 Probabilistic process calculi Catuscia Palamidessi LIX, Ecole Polytechnique.

Paris, 3 Dec 2007MPRI Course on Concurrency MPRI – Course on Concurrency Lecture 12 Probabilistic process calculi Catuscia Palamidessi LIX, Ecole Polytechnique.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.

Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.
SECURITY AND VERIFICATION Lecture 4: Cryptography proofs in context Tamara Rezk INDES TEAM, INRIA January 24 th, 2012.

SECURITY AND VERIFICATION Lecture 4: Cryptography proofs in context Tamara Rezk INDES TEAM, INRIA January 24 th, 2012.
SECURITY AND VERIFICATION Lecture 1: Why to prove cryptography? The origins of provable cryptography Tamara Rezk INDES TEAM, INRIA January 3 rd, 2012.

SECURITY AND VERIFICATION Lecture 1: Why to prove cryptography? The origins of provable cryptography Tamara Rezk INDES TEAM, INRIA January 3 rd, 2012.
1 Reversibility for Recoverability Ivan Lanese Computer Science Department FOCUS research group University of Bologna/INRIA Bologna, Italy.

1 Reversibility for Recoverability Ivan Lanese Computer Science Department FOCUS research group University of Bologna/INRIA Bologna, Italy.
Lecture 4 1 Expressing Security Properties in CSP Security properties: the goals that a protocol is meant to satisfy, relatively to specific kinds and.

Lecture 4 1 Expressing Security Properties in CSP Security properties: the goals that a protocol is meant to satisfy, relatively to specific kinds and.
Process Algebra (2IF45) Probabilistic Process Algebra Suzana Andova.

Process Algebra (2IF45) Probabilistic Process Algebra Suzana Andova.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Probabilistic Methods in Concurrency Lecture 9 Other uses of randomization: a randomized protocol for anonymity Catuscia Palamidessi

Probabilistic Methods in Concurrency Lecture 9 Other uses of randomization: a randomized protocol for anonymity Catuscia Palamidessi
Luca de Alfaro Thomas A. Henzinger Ranjit Jhala UC Berkeley Compositional Methods for Probabilistic Systems.

Luca de Alfaro Thomas A. Henzinger Ranjit Jhala UC Berkeley Compositional Methods for Probabilistic Systems.
Bangalore, 2 Feb 2005Probabilistic security protocols 1 CIMPA School on Security Specification and verification of randomized security protocols Lecture.

Bangalore, 2 Feb 2005Probabilistic security protocols 1 CIMPA School on Security Specification and verification of randomized security protocols Lecture.
Anna Philippou Department of Computer Science University of Cyprus Joint work with Mauricio Toro Department of Comp. Sc. EAFIT University Christina Kassara.

Anna Philippou Department of Computer Science University of Cyprus Joint work with Mauricio Toro Department of Comp. Sc. EAFIT University Christina Kassara.
CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)

CLF: A Concurrent Logical Framework David Walker Princeton (with I. Cervesato, F. Pfenning, K. Watkins)
Course on Probabilistic Methods in Concurrency (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1 The pi-calculus and the asynchronous.

Course on Probabilistic Methods in Concurrency (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1 The pi-calculus and the asynchronous.
09.04.2005Foundations of Interaction ETAPS `05 0 Ex nihilo: a reflective higher- order process calculus The  -calculus L.G. Meredith 1 & Matthias Radestock.

Foundations of Interaction ETAPS `05 0 Ex nihilo: a reflective higher- order process calculus The  -calculus L.G. Meredith 1 & Matthias Radestock.
1 Flexible Subtyping Relations for Component- Oriented Formalisms and their Verification David Hurzeler PhD Examination, 9/11/2004.

1 Flexible Subtyping Relations for Component- Oriented Formalisms and their Verification David Hurzeler PhD Examination, 9/11/2004.

Similar presentations

Ads by Google