MURI Review Meeting, June, 20051 AS 3 : Adaptive, Situation-Aware and Secure Service-Based Systems Hasan Davulcu Department of Computer Science and Engineering

MURI Review Meeting, June, 2005 1

AS3: Adaptive, Situation-Aware and Secure Service-Based

Systems

Hasan DavulcuDepartment of Computer Science and Engineering

Arizona State University

Joint work with:Dr. Stephen S. Yau

Dr. Supratik Mukhopadhyay


Outline Introduction and Examples Our research goals on AS3 systems AS3 Calculus and Logic Secure and Adaptive Workflow Synthesis Conclusion and future work


Introduction Service-based systems (SBS):

Systems offering services which are well-defined functions used in different contexts and have interrelations and dependencies

Services are not restricted to Web services Individual services are usually

independently designed and implemented, and run on loosely coupled systems

Examples: Emergency response information systems e-Business …


An Example of SBS- Road Emergency Response

L

call 911

Police Dept. (PD)

Fire Dept.(FD)

AMS

Accident Report

Accid

ent

ReportA

ccid

ent

Rep

ort

Workflow Planning

& Scheduling

CAR

Send Patrol Car

FESend

Fire Engine

AMB

Send

Ambulance

Setup Perimeter

Passenger in critical condition

H


Coordination Constraints All the responders should arrive at the

accident site within fifteen minutes. Any CAR, FE, AMB, or H that are serving at

one accident site should not be dispatched to another accident site before completing their jobs at the accident site.

Injured passengers in critical conditions should be brought to a nearby hospital within fifteen minutes after they are rescued from their damaged vehicles.

Any coordination agent should only follow the commands from a trusted MP, being authenticated and delegated by a trusted party (the proper authority). Only after CARs leaves from L, ERC can end the road closure.


Dynamic reconfiguration Constraints

Since, it is almost impossible to identify all control and correction steps before execution time, the system must provide the capability to adapt the workflows at run-time with dynamic reconfiguration constraints:

Resource failure: An ambulance can transport at most two injured passengers at the same time, and hence the MP should send another ambulance within five minutes to carry additional injured passengers.

Service failure: If the police fail to set up a perimeter within fifteen minutes after the 911 call center gets an accident report, FE and AMB can enter the accident site regardless a police perimeter has been set up or not.

Exception Condition: If the paramedics determine that one of the injured passengers is in critical condition then, another helicopter (H1) is discovered and used to transport the passenger in critical condition to the hospital.


Requirements

Adaptability System adaptation to provide acceptable

performance in spite of system failures, overload, or damages

Rapid reconfiguration to achieve users’ new missions

Security Authentication for both users and service providers Protection of critical information and critical

operations of distributed services Enforcement of flexible security policies of

distributed services from joint/coalition operations


Objective of Our Project

Conduct basic research on generating techniques for rapid development, deployment and operations of AS3 Systems with high confidence and cost-effectiveness.

1. Hierarchical situation-awareness capability.2. Distributed trust management to ensure

policy-based security.3. Rapidly discovering, contracting with and

composing reliable and unreliable services into processes with situational and QoS constraints

4. Adapting these processes when situations, mission goals and/or security policies change


Our Approach

Provide a declarative unifying logic-based approach for extending service-oriented architecture with: Hierarchical situation-awareness for reactive

behavior Distributed trust management for managing and

enforcing security policies Adaptive workflow management for deliberative

actions, which are composed and coordinated automatically to achieve users’ goals

while preserving overall correctness and consistency.


Mission Planning Services (MP)

Workflow Scheduling

Services (WS)

Directories

Various Capabilities

Discovery Services

(DS)

Comp/Comm Resources

AS3 System Architecture

Services

Situation-Awareness

Agents (SAA)

SecurityAgents (SeA)

Formal Specification of Mission Goals

Workflow


Major Components of Our Approach

I. AS3 Calculus and LogicII. Distributed trust

managementIII. Adaptive workflow synthesisIV. Distributed workflow

scheduling


Our Approach to Rapid Development of AS3 Systems

Workflow AS3 Calculus(I)

Adaptive workflow synthesis (IV)Dynamic

Proof SystemModel and Type

CheckerModel-based Diagnosis

and Recovery

Distributed workflow scheduler

(V)

Security Agents(III)

SINS Virtual Machine

H-SAW Agents(II)

Compiler

Service specs

(IV)

Application independent properties

AS3 Logic(I)

Mission goal spec

(IV)

AS3 System specificationsQoS specs

H-SAW(II)

Securitypolicies

(III)

Real-time(V)

Online Fault Management for Hierarchical SAW

Agents(II)


Existing Standards for Service-based Systems

1. BPEL/BPEL4WS [21]: Industry standard For modeling and executing workflows Lacks formal semantics Does not provide automatic service composition

and adaptation

2. OWL-S, Web Components [36]: Provides constructs for unambiguously

describing the properties and capabilities of Web services

Provides limited formal guarantees Does not provide automatic service composition


Existing Formal Approaches Rule-based Modeling (SWORD) [28]:

Does not allow services having side effects Currently, no work is known that uses SWORD for

modeling situation-awareness or security policies Classical Process Calculi and Synchronous

Programming Languages: Pi calculus [33,34], Ambient Calculus [32], Chemical

Abstract Machine [35]: Does not provide facilities for processing situation information and reacting to it

SOL [37]: Does not provide facilities for automatic service composition

Provides ways for formal reasoning Linear Logic [29]:

Undecidable: provides only semi-automated service composition


A Simple Example

ShipBPlan: Ask ShipA to destroy enemy

Enemy

Exec: ShipA.Radar lock enemy

Commander

Monitoring Agent

Enemy detected

ShipA

Exec: ShipA.Missile fire missile


Our AS3 Calculus Provides a formal programming model

for AS3 systems Is based on classical process calculi,

and has operational semantics involving interactions between: external actions: communication, leaving

and joining groups internal computations: method calls of

named services Can model timeouts and failures Implements access control using

hierarchical domains


A Calculus for AS3 Systems(System) S::= fix I=P (recursion)

N[S] (named domain) S||S (Sys. Comp.)

N ::= x (variable) n (name)

(Process)P::=

(new n) P (name restriction) 0 (inactive process) P||P (par. composition) I (identifier) E.P (external action) C.P (int. computation) P1+P2 (nondet. choice) fail (failure) catch(n).P (failure handler)

time t.P (timeout)P{l1(x1),…;…ln(xn)} (method

export)

External action involves communication, leaving or joining groups, removing firewalls Internal computation takes place by calling methods of identified services


External ActionsE ::= M (Domain) K (Comm.)

K::= (comm.) (x) (input) <Z> (output)

M ::= in N (enter a

dom.) out N (exit a

dom.) open N (open

firewall) M.M’ (concat) ε (no action)


Internal ComputationC::= Let x=C instantiate P (beta reduction)

if C(x) then P else P’ (conditional) I:li(y) (method invocation for identified

service) I:li ← I’:lj (method replacement)

ρ (constraint evaluation) C.C (concatenation) ε (no-computation) true (constant true) false (constant false) ⊥ (failed computation)

I:li= pre::post(xi)


Security Model An AS3 system is secure iff only

two entities (processes) in the same domain can communicate.

When two entities are not in the same domain, they must move into the same domain for communication

Security (access control) model synthesized through formula rewriting using sound transformation rules in AS3 logic


Security Model (cont.)n

m

Is A allowed to communicate with B?--Is A currently authenticated to n ?--Can A currently move out from m to n to communicate with B ?

BA


AS3 Processes for the Example

System

Monitoring Agent Commander

ShipA ShipB

if MA:detect_intrusion() then let <x,y>=MA: get_enemy_coordinates() instantiate <x,y>.MA else MA

(x,y). In fleet.<x,y>.<destroy>.out fleet.CMD

Fleet = fleet[shipA || shipB]

shipA= (x,y).(d).

if d=“destroy” then (shipA:lock_radar(x,y).shipA:load_missile().(let z=shipA:fire() instantiate if z= enemy_destroyed then <z> ) then shipA)

else shipA

shipB ≌ shipA

Fleet


if MA:detect_intrusion() then let <x,y>= MA: get_enemy_coordinates()instantiate <x,y>MA

else MA

AS3 Processes for the Example (cont.)

Monitoring Agent

Enemy

Commander

<x,y>



Commander

(x,y). In fleet.<x,y>.<destroy>.out fleet.CMD.

ShipA ShipB

Fleet

<x,y>.<destroy>


enemy destroyed


ShipA ShipB

Fleet

Enemy

Fleet = fleet[shipA || shipB]shipA= (x,y).(d).if d=“destroy” then

shipA:lock_radar(x,y)shipA:load_missile()let z=shipA:fire() instantiate if z= enemy_destroyed then

<z> then shipA

else shipA


Synthesis of AS3 Processes Can we synthesize AS3 processes

automatically from declarative specifications? Yes, use our approach


Our Approach: Logic-based Synthesis of AS3 Processes1. Services described in AS3 logic along

with proof rules of the logic form a theory of AS3 systems

2. Functional requirements of the mission along with QoS (real-time, security, situation-awareness) described as formulae in AS3 logic

3. Synthesis amounts to a proof of the requirements using the AS3 theory

4. Executable calculus terms directly synthesized from the proof


Our AS3 Logic Modal Logic talking about both time

and space Sometime modality for temporal

evolution, somewhere modality for spatial location

Modalities for communication, leaving joining domains, knowledge

Atomic formulas for describing relations among variables


AS3 Logic Syntaxφ ::= 0 (inactivity) pred(x1,…,xn) (user defined atoms) t~c (atomic constraint)

φ1∨φ2 (disjunction) ┐φ (negation) ◊ φ (sometime) Θ φ (somewhere) I (identifier/nominal match) ~::=> | <| ≤| ≥c: Natural Number


AS3 Logic Syntax (Contd.) φ1|| φ2 (parallel composition) η[φ] (named domain) φ@η (behavior within domain) K(u; φ) (knowledge of an object) serv(u; φ) (recording of an object) n φ (quantification over names) t φ (quantification over real variables)

in(n) φ (behavior after entering domain) out(n) φ (behavior after leaving domain) <u> φ (behavior after sending message) T (constant true)


AS3 Logic: Properties Decidable when interpreted over

systems with image-finite processes

Model checking problem is also decidable for systems with image-finite processes


Proof Theory of AS3 Logic All axioms of propositional

modal logic and the following axioms:

T1: Θ(σ || n[φ]) next_hierarchy(σ,φ)

T2: next_hierarchy(φ,σ)→Θσ

T3: Θ◊φ→◊Θφ

T4: φ→Θφ

T5: ΘΘφφ


Transformation Rules for Synthesis of Access ControlSecurity (access control) model

synthesized through formula rewriting using sound transformation rules in AS3 logic

A1: restrict(I,φ) ┐Θ(I ||φ)

A2: restrict(I,J) ∧ Θ(J || K) →┐Θ(I || K)

and 7 other transformation rules for synthesis of access control


The Simple Example in AS3

LogicEntities: (Nominals/Identifiers)shipA, shipB, MA, CMDGoal: R1: detect_intrusion(MA) →◊Θserv(“enemy_destroyed”; T)If the MA detects an intrusion then eventually

somewhere there will be a process that will record “enemy_destroyed”


Service Coordination Descriptions in AS3 LogicS1: detect_intrusion(MA) → ◊serv(“enemy_ship”; MA)

S2: serv(“enemy_ship”;MA) →◊get_coordinates(u,v;MA)

S3: get_coordinates(u,v;MA) →◊ serv(u,v;MA) and two other axioms


Access Control Requirement: The Simple Example Only CMD is allowed to communicate to shipA

or shipB MA cannot directly communicate with shipA or shipB

AC1: U=shipA U=shipB →□restrict(MA,U)

AC2: System[MA || T]

AC3: □┐restrict(shipA,shipB)

AC4: ┐restrict(CMD, MA)


Deductive Proof and Process Synthesis

(1) ┐restrict(CMD, MA) …(AC4)(2) ┐restrict(I,σ)→Θ(I||σ) … (A3)(3) Θ(CMD || MA) … (MP 1,2)

(1) ┐restrict(CMD, MA) …(AC4)(2) ┐restrict(I,σ)→Θ(I||σ) … (A3)(3) Θ(MA || MA) … (MP 1,2)

(4) System[MA|| T] … (AC2)(5) φ→Θφ … (T4)(6) Θ System[MA || T] … (Sub. 4, 5)

(1) ┐restrict(CMD, MA) …(AC4)(2) ┐restrict(I,σ)→Θ(I||σ) … (A3)(3) Θ(MA || MA) … (MP 1,2)(4) System[MA|| T] … (AC2)(5) φ→Θφ … (T4)(6) Θ System[MA || T] … (Sub. 4, 5)

(7) Θn[σ || ρ] /\ Θ(φ || σ)→ Θ n[φ || σ || ρ] … (A4) (8) Θ System[MA|| CMD || T] …(MP 4,6,7)

(1) ┐restrict(CMD, MA) …(AC4)(2) ┐restrict(I,σ)→Θ(I||σ) … (A3)(3) Θ(MA || MA) … (MP 1,2)(4) System[MA|| T] … (AC2)(5) φ→Θφ … (T4)(6) Θ System[MA || T] … (Sub. 4, 5)(7) Θn[σ || ρ] /\ Θ(φ || σ)→ Θ n[φ || σ || ρ] … (A4) (8) Θ System[MA|| CMD || T] …(MP 4,6,7)

(9) restrict(shipA, MA) …(AC1)(10) □┐restrict(shipA,shipB) …(AC3)(11) restrict(φ,σ) /\ ┐restrict(φ,ρ) →restrict(φ || ρ,σ) …(A5)(12) restrict(shipA||shipB,MA) … (MP 9,10,11)

(1) ┐restrict(CMD, MA) …(AC4)(2) ┐restrict(I,σ)→Θ(I||σ) … (A3)(3) Θ(MA || MA) … (MP 1,2)(4) System[MA|| T] … (AC2)(5) φ→Θφ … (T4)(6) Θ System[MA || T] … (Sub. 4, 5)(7) Θn[σ || ρ] /\ Θ(φ || σ)→ Θ n[φ || σ || ρ] … (A4)

(8) Θ System[MA|| CMD || T] …(MP 4,6,7)(9) restrict(shipA, MA) …(AC1)(10) □┐restrict(shipA,shipB) …(AC3)(11) restrict(φ,σ) /\ ┐restrict(φ,ρ)→restrict(φ || ρ,σ) …(A5)

(12) restrict(shipA||shipB,MA) … (MP 9,10,11)(13) Θn[φ||J] restrict(K,J)→Θn[φ||m[K]||J] Θ(n[φ||J] || m[K]) …(A9)

(14) Θ System[CMD|| MA || m[shipA||shipB] || T] (MP 8,12,13)

AC4 A3

(3)

AC2 T4

(6)A4

AC3AC1 A5

(12) A9

(8)

(14)


Deductive Proof and Process Synthesis

S1: detect_intrusion(MA)→◊serv(“enemy_ship”; MA)

S2: serv(“enemy_ship”;MA)→◊get_coordinates(u,v;M

A)

…

fix MA=let x=MA:detect_intrusion()Instantiate

if x=“enemy_ship” then let (u,v)=MA:get_coordinates()

instantiate

…

Goal: R1: detect_intrusion(MA) →◊Θserv(“enemy_destroyed”; T)


Demo of Static Proof Theory …


Image Finiteness of Processes We impose the following restrictions on

processes Recursive processes are guarded Parallel composition through recursion is not

allowed (similar to Pi-calculus [Dam 93]) A type system can check for well-

formedness of processes Image Finiteness: A closed process term

can only evolve (in zero or more steps) into finitely many non-congruent process terms using the reduction rules

Restrictions ensure that every process is image finite

Back


Semantics of AS3 Logic Interpreted over systems decorated with

atomic formulasP ╞ I if fix I=P

P ╞ <u> φ if there exists Q, R,S,T P≌<u>Q,R ≌ (x).S,T= P||R and Q╞ φ

P ╞ pred(u1,…,un) if P is decorated with pred(u1,…,un)

P ╞ in(n) φ if there exists Q, n, R, S, P ≌ in n.Q, Q╞ φ @n, S ≌ P || n[R]

Back


Transformation Rules for Access Control (Cont.)

A3: ┐restrict(I,σ)→Θ(I ||σ)

A4: Θn[ρ || σ] ∧ Θ(φ || σ)→Θn[φ || σ || ρ]

A5: restrict(φ,σ)∧┐restrict(φ,ρ)→restrict(φ || ρ,σ)

A6: next_hierarchy(I,σ)→restrict(I,σ)

A7: restrict(I,σ) /\ Θ(I || J)→restrict(J,σ) A8: restrict(σ,φ)→restrict(φ,σ)

A9: Θn[φ || J] /\ restrict(K,J)→Θn[φ ||m[K] || J] V Θ(n[φ || J] || m[K])

[Back]


Service Descriptions in AS3 LogicS4: serv(u,v;MA)→◊K(u,v;CMD)

S5: K(u,v;CMD)→◊K(u,v;shipA)\/◊K(u,v;shipB)

Back


Policy Enforcement: Model-based Diagnosis and Recovery System was synthesized based on the

assumption that services do not behave maliciously: Unrealistic assumption

Runtime enforcement ensures diagnosis of malicious behavior on the part of services and subsequent recovery

Service specifications used to generate symptoms

Abduction based diagnosis uses the models (process terms) to diagnose breach of trust by services and ensure recovery


Requirements of AS3 Systems

Adaptability Provide acceptable performance in the presence of

system failures, overload, or damages Rapid reconfiguration to achieve users’ new

missions Security

Authentication for both users and service providers Protection of critical information infrastructure of

distributed services based on flexible security policies

For example, access control requirements Situation-Awareness (SAW) – capability of

being aware of complex situations for Service coordination Adapting workflows when situations change Enforcing situation-aware security policies


A Simple Example A simplified version of the ship

scenario in the overview slides Intrusion of enemy detected by

Monitoring Agent that reports to the CMD The CMD directly asks shipA (or shipB) to

destroy the enemy ship rather than sending a warning

We assume no failures take place The Combat System Agent has been

eliminated


AS3 Processes for the ExampleSystem = MA || CMD || fleet [shipA || shipB] fix MA =

if MA: detect_intrusion() then let <x,y>= MA: get_enemy_coordinates()

instantiate <x,y>.MA else

MA

fix CMD = (x,y). in fleet.<x,y>.<destroy>.out fleet.CMD

fix shipA= (x,y).(d). if d=“destroy” then

(shipA:lock_radar(x,y).shipA:load_missile().(let z=shipA:fire() instantiate if z= enemy_destroyed then <z> ) then shipA) else

shipAshipB ≌shipA


Synthesis of AS3 Processes Security (access control) model

synthesized through formula rewriting using sound transformation rules in AS3 logic

Service specifications including QoS properties axiomatized in AS3 logic

Functional as well as QoS goals of a mission expressed in AS3 logic


Papers, Theses and Reports Publications resulted from AS3 project[1] S. S. Yau, H. Davulcu, S. Mukhopadhyay, D. Huang and Y.

Yao, "Adaptable Situation-Aware Secure Service Based Systems", Proc. 8th IEEE Int'l Symp. on Object-oriented Real-time distributed Computing (ISORC2005), May 2005, pp.308-315.

[2] S. S. Yau, Y. Yao, Z. Chen and L. Zhu, “An Adaptable Security Framework for Service-based Systems,” Proc. 10th IEEE Int’l Workshop on Object-oriented Real-time Dependable Systems (WORDS2005), February 2005, pp. 28-35.

[3] S. S. Yau, D. Huang, H. Gong and H. Davulcu, “Situation-Awareness for Adaptable Service Coordination in Service-based Systems”, Proc. 29th Annual Int'l Computer Software and Application Conference (COMPSAC 2005), September 2005, to appear.

[4] S. S. Yau and D. Huang, “Mobile Middleware for Situation-Aware Service Discovery and Coordination”, Mobile Middleware, edited by Paolo Bellavista and Antonio Corradi, 2005, Chapter 5.g, to appear.


References(check against references in MURI book chapter)

[Abe04] D. Aberdeen, S. Thiébaux, L. Zhang. Decision-Theoretic Military Operations Planning. In ICAPS-04, 2004.

[Bac01] F. Bacchus and M. Ady, Planning with Resources and Concurrency: A Forward Chaining Approach, International Joint Conference on Artificial Intelligence (IJCAI-2001), pages 417-424, 2001.

[Bly93] Jim Blythe and W. Scott Reilly, “Integrating Reactive and Deliberative Planning in a Household Robot”, Technical Report CMU-CS-93-155, Carnegie Mellon University, School of Computer Science, May 1993.

[Bon01] A. Bonifati, S. Ceri, and S. Paraboschi. Pushing reactive services to XML repositories using active rules. In Proc. 10th World-Wide-Web Conference, 2001.

[Bon03] B. Bonet and H. Geffner. Labeled RTDP: Improving the Convergence of Real Time Dynamic Programming. 13th International Conference on Automated Planning and Scheduling (ICAPS-2003), Trento, Italy, June 2003.

[Bro91a] Rodney Brooks, "Integrated systems based on behaviors", In Proceedings of AAAI Spring Symposium on Integrated Intelligent Architectures, Stanford University, March 1991. Available in SIGART Bulletin, Volume 2, Number 4, August 1991.

[Bro91b] Rodney Brooks, “Intelligence without reason”, In Proc. of IJCAI-91. Morgan Kaufmann, San Mateo, 1991.

[Cha87] David Chapman. "Planning for conjunctive goals", Artificial Intelligence, 32:333–378, 1987.

[Dav94] Davidsson, P., "Concepts and autonomous agents", LU--CS--TR: 94--124, Department of computer science, Lund University, 1994

[Den03]G. Denker, L. Kagal, T. W. Finin, M. Paolucci, and K. P. Sycara. Security for DAML web services: Annotation and matchmaking. In International Semantic Web Conference,2003, pp. 335-350.

[Dor97] J. E. Doran, et al, "On Cooperation in Multi-Agent Systems", The Knowledge Engineering Review, 12(3), 1997.

[Feo95] T.A. Feo and M.G.C. Resende, “Greedy randomized adaptive search procedures,” Journal of Global Optimization, vol. 6, 1995, pp. 109--133.


References (cont.)[Fur02] D. Furcy S. Koenig and C. Bauer. Heuristic search-based replanning. In Proceedings of the

International Conference on Artificial Intelligence Planning and Scheduling, 2002.[Gar02] A.Garland and N. Lesh, Continuous Plan Evaluation with Incomplete Action Descriptions, Proc.

3rd Int'l NASA WS on Planning and Scheduling for Space, Houston, TX, 2002.[Gil04] Yolanda Gil, Ewa Deelman, Jim Blythe, Carl Kesselman and Hongsuda Tangmunarunkit,

“Artificial Intelligence and Grids: Workflow Planning and Beyond”, IEEE Intelligent Systems, special issue on e-science, Jan/Feb 2004.

[Liu04] Y. Liu S. Koenig, M. Likhachev and D. Furcy. Incremental heuristic search in artificial intelligence. Artificial Intelligence Magazine, 2004 (in press).

[Lu02] Chenyang Lu, John A. Stankovic, Gang Tao and Sang H. Son, "Feedback Control Real-Time Scheduling: Framework, Modeling, and Algorithms," Real-Time Systems Journal, vol. 23(1/2), 2002, pp. 85-126.

[Kro03] R. van der Krogt, M. de Weerdt, and C. Witteveen. A resource based framework for planning and replanning. Web Intelligence and Agent Systems, 1(3/4):173-186, 2003.

[Kro04] R. van der Krogt and M. de Weerdt. The two faces of plan repair. In Proceedings of the Sixteenth Belgium-Netherlands Conference on Artificial Intelligence (BNAIC-04), pages 147-154, 2004.

[Nam01] Brian Mac Namee, Pádraig Cunningham, "A Proposal for an Agent Architecture for Proactive Persistent Non Player Characters", Proceedings of the Twelfth Irish Conference on Artificial Intelligence and Cognitive Science pp. 221-232, 2001.

[Nie03] Niederberger C., Gross M. , "Hierarchical and Heterogeneous Reactive Agents for Real-Time Applications", Computer Graphics Forum, September 2003, vol. 22, no. 3, pp. 323-331

[Nou97] Nourredine Bensaid and Philippe Mathieu, "A hybrid architecture for hierarchical agents", pages 91-95. Griffith University, Gold-Coast, Australia, February 1997.

[Nwa96] Hyacinth S. Nwana, "Software Agents: An Overview", Knowledge Engineering Review, Vol. 11, No 3, pp. 205-244, October/November 1996.

[Res02] M. G. C. Resende and C. C. Ribeiro. Greedy randomized adaptive search procedures. In F. Glover and G. Kochenberger, editors, Handbook of Metaheuristics, pp. 219-249. Kluwer, 2002.


References (cont.)

[Sen02] P. Senkul, M. Kifer, and I. H. Toroslu, “A Logical Framework for Scheduling Workflows under Resource Allocation Constraints,” Proc. 28th Int’l Conf. on Very Large Data Bases (VLDB’02), 2002, pp. 694-705.

[Urd03] C. Urdiales, et al, "Hierarchical planning in a mobile robot for map learning and navigation", in Autonomous Robotic Systems - Soft Computing and Hard Computing Methodologies and Applications, D. Maravall, D. Ruan and C. Zhou (eds), Springer Verlag Pub pp. 165-188, 2003

[Vas04] Vasco Pires, Miguel Arroz, Luis Custódio, Logic Based Hybrid Decision System for a Multi-robot Team, 8th Conference on Intelligent Autonomous Systems, Amsterdam, The Netherlands, 2004

[Woo02] Mike Wooldridge, "An Introduction to Multiagent Systems by Michael Wooldridge", ISBN 0 47149691X, John Wiley & Sons (Chichester, England), February 2002

[Wu03] D. Wu, B. Parsia, E. Sirin, J. Hendler, and D. Nau. Automating DAML-S web services composition using SHOP2. Proceedings of the Second International Semantic Web Conference (ISWC2003), November 2003.


SINS and SOL SINS (Secure Infrastructure for Networked Systems)

An agent-based middleware Comprise SINS Virtual Machines for instantiating agents SVMs communicate using Agent Control Protocol Agents are specified using SOL and can be automatically

generated and verified SOL (Secure Operation Language)

A synchronous programming language SOL is secure SOL programs are amenable to fully automated static

analysis techniques, such as automatic theorem proving using decision procedures or model checking

SOL has the ability to express a wide class of enforceable safety and security policies

A set of design and analysis tools, including visual representation tool, verification tools and interpreters to other languages, are available for SOL

[Back]


Equational Theory An equational theory for AS3 calculus is provided by the

structural congruence relation defined below. It allows syntactic identification of two processes having identical behavior

A process is structurally congruent to its alpha-renamed variant

If P≌Q then 1. C.P ≌ C.Q2. A.P ≌ A.Q3. P||R ≌ Q||R4. R||P ≌ R||Q5. N[P] ≌ N[Q]6. (new n) P ≌ (new n) Q7. fix I=P ≌ fix I=Q8. P+R ≌ Q+R

[Back]


Normal Hybrid Modal Logic

“A normal modal logic is a set of formulas that contains all tautologies, □(→), (□→□), and ◊□, and is closed under uniform substitution, modus ponens, and generalization” [Blackburn]

“Hybrid logics use one sort of atoms called nominals to refer to states which are regarded as first class citizens” [Blackburn]

[Back]

Documents

MURI Review Meeting, June, 20051 AS 3 : Adaptive, Situation-Aware and Secure Service-Based Systems Hasan Davulcu Department of Computer Science and Engineering