Asynchronous Distributed Monitoring for Multiparty Session Enforcement

We propose a formal model of runtime safety enforcement for largescale, cross-language distributed applications with possibly untrusted endpoints. The underlying theory is based on multiparty session types with logical assertions (MPSA), an expressive protocol specification language that supports runtime validation through monitoring. Our method starts from global specifications based on MPSAs which the participants should obey. Distributed monitors use local specifications, projected from global specifications, to detect whether the interactions are well-behaved, and take appropriate actions, such as suppressing illegal messages. We illustrate the design of our model with examples from real-world distributed applications. We prove monitor transparency, communication conformance, and global session fidelity in the presence of possibly unsafe endpoints.

[1]  Cédric Fournet,et al.  Secure Implementations for Typed Session Abstractions , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[2]  Julian Rathke,et al.  safeDpi: a language for controlling mobile code , 2005, Acta Informatica.

[3]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[4]  Paul Gastin,et al.  CONCUR 2010 - Concurrency Theory, 21th International Conference, CONCUR 2010, Paris, France, August 31-September 3, 2010. Proceedings , 2010, CONCUR.

[5]  A. Fleischmann Distributed Systems , 1994, Springer Berlin Heidelberg.

[6]  Nobuko Yoshida,et al.  Global Principal Typing in Partially Commutative Asynchronous Sessions , 2009, ESOP.

[7]  Klaus Havelund,et al.  Verify Your Runs , 2005, VSTTE.

[8]  Grigore Rosu,et al.  Mop: an efficient and generic runtime verification framework , 2007, OOPSLA.

[9]  George Coulouris,et al.  Distributed systems - concepts and design , 1988 .

[10]  Frank Piessens,et al.  Security Monitor Inlining for Multithreaded Java , 2009, ECOOP.

[11]  Cédric Fournet,et al.  Cryptographic Protocol Synthesis and Verification for Multiparty Sessions , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[12]  F.L. Vernon,et al.  Cyberinfrastructure for the US Ocean Observatories Initiative: Enabling interactive observation in the ocean , 2009, OCEANS 2009-EUROPE.

[13]  Marsha Chechik,et al.  CONCUR 2008 - Concurrency Theory, 19th International Conference, CONCUR 2008, Toronto, Canada, August 19-22, 2008. Proceedings , 2008, CONCUR.

[14]  M. Arrott,et al.  Cyberinfrastructure for the US Ocean Observatories Initiative , 2011, 2011 IEEE Symposium on Underwater Technology and Workshop on Scientific Use of Submarine Cables and Related Technologies.

[15]  George Coulouris,et al.  Distributed systems (3rd ed.): concepts and design , 2000 .

[16]  Duminda Wijesekera,et al.  Status-Based Access Control , 2008, TSEC.

[17]  Nobuko Yoshida,et al.  Dynamic multirole session types , 2011, POPL '11.

[18]  Nobuko Yoshida,et al.  Structured Interactional Exceptions in Session Types , 2008, CONCUR.

[19]  J. Davenport Editor , 1960 .

[20]  Yliès Falcone,et al.  You Should Better Enforce Than Verify , 2010, RV.

[21]  Martin Leucker,et al.  A brief account of runtime verification , 2009, J. Log. Algebraic Methods Program..

[22]  Lujo Bauer,et al.  Run-Time Enforcement of Nonsafety Policies , 2009, TSEC.

[23]  Nobuko Yoshida,et al.  Buffered Communication Analysis in Distributed Multiparty Sessions , 2010, CONCUR.

[24]  James Riely,et al.  Trust and Partial Typing in Open Systems of Mobile Agents , 2004, Journal of Automated Reasoning.

[25]  Sophia Drossopoulou ECOOP 2009 - Object-Oriented Programming, 23rd European Conference, Genoa, Italy, July 6-10, 2009. Proceedings , 2009, ECOOP.

[26]  Hugo Torres Vieira,et al.  Conversation types , 2009, Theor. Comput. Sci..

[27]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[28]  Laura Bocchi,et al.  A Theory of Design-by-Contract for Distributed Multiparty Interactions , 2010, CONCUR.