How to Brew-up a Refinement Ordering

Fifty years ago there were few mathematical models of program semantics, perhaps none. Now there is probably a new one created every day. How do we do it? How should we do it? In our community we understand the utility of the refinement order, and we believe that each fresh semantics should come equipped with one. Although refinement's general principles are well understood, it is still not so easy to see just what the order should be in any particular case. Thus one of the things we should do is be clear about what the criteria really are for refinement orders. Recently invented is the Shadow Semantics for non-interference -style security of sequential programs including a refinement order. Using that as an example, I give here a rational reconstruction of how a refinement order can be ''brewed-up'' for a specific purpose; the aim of the exercise is to extract general lessons about how that can be done.

[1]  Annabelle McIver,et al.  Probabilistic Models for the Guarded Command Language , 1997, Sci. Comput. Program..

[2]  Annabelle McIver,et al.  Abstraction, Refinement and Proof for Probabilistic Systems , 2004, Monographs in Computer Science.

[3]  Carroll Morgan,et al.  Programming from specifications , 1990, Prentice Hall International Series in computer science.

[4]  Cliff B. Jones,et al.  Systematic software development using VDM , 1986, Prentice Hall International Series in Computer Science.

[5]  Carroll Morgan The Shadow Knows: Refinement of Ignorance in Sequential Programs , 2006, MPC.

[6]  J. Schwartz Mathematical Aspects of Computer Science , 1967 .

[7]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[8]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[9]  Carroll Morgan,et al.  Of Probabilistic Wp and SP-and Compositionality , 2004, 25 Years Communicating Sequential Processes.

[10]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[11]  Ali E. Abdallah,et al.  Communicating Sequential Processes: The First 25 Years, Symposium on the Occasion of 25 Years of CSP, London, UK, July 7-8, 2004, Revised Invited Papers , 2005, 25 Years CSP.

[12]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[13]  Ian J. Hayes,et al.  Specification case studies , 1987 .

[14]  Annabelle McIver,et al.  Probabilistic predicate transformers , 1996, TOPL.

[15]  InitializerRonald L. RivestLaboratory Unconditionally Secure Commitment and Oblivious Transfer Schemes Using Private Channels and a Trusted Initializer , 1999 .

[16]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[17]  Carroll Morgan The Shadow Knows: Refinement and security in sequential programs , 2009, Sci. Comput. Program..

[18]  Annabelle McIver The Secret Art of Computer Programming , 2009, ICTAC.

[19]  Joseph Y. Halpern,et al.  Secrecy in Multiagent Systems , 2008, TSEC.

[20]  Jeremy L. Jacob,et al.  Security specifications , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.