Joint team with LIX (Laboratoire d'Informatique de l'École Polytechnique) and CNRS.

Our times are characterized by the massive presence of highly distributed and mobile systems consisting of diverse and specialized devices, forming heterogeneous networks, and providing
different services and applications. The resulting computational systems are usually referred to as
*Ubiquitous Computing*, (see, e.g., the UK Grand Challenge initiative under the name
*Sciences for Global Ubiquitous Computing*
).
*Security*is one of the fundamental concerns that arises in this setting. The problem of
*privacy*, in particular, is exacerbated by orders of magnitude: The frequent interaction between users and electronic devices, and the continuous connection between these devices and the
internet, offer to malicious agents the opportunity to gather and store huge amount of information, often without the individual being even aware of it. Mobility is also an additional source of
vulnerability, since tracing may reveal significant information. To avoid these hazards, honest agents should use special protocols, called
*security protocols*.

These systems are usually very complex and based on impressive engineering technologies, but they do not always exhibit a satisfactory level of robustness and reliability. The same holds for protocols: they usually look simple, but the properties that they are supposed to ensure are extremely subtle, and it is also difficult to capture the capabilities of the attacker. As a consequence, even protocols that seem at first “obviously correct” are later (often years later) found to be prone to attacks.

In order to overcome these drawbacks, computer scientists need to develop formalisms, reasoning techniques, and tools, to specify systems and protocols, their intended properties, and to guarantee that these intended properties are indeed satisfied. The challenges that we envisage are (a) to find suitably expressive formalisms which capture essential new features such as mobility, probabilistic behavior, presence of uncertain information, and potentially hostile environment, (b) to build suitably representative models in which to interpret these formalisms, and (c) to design efficient tools to perform the verification in presence of these new features.

Catuscia Palamidessi and Frank Valencia have served as PC chairs of the 2009 edition of the conference SOFSEM (Current Trends in Theory and Practice of Computer Science,
http://

Catuscia Palamidessi has served as PC chairs of the 2009 edition of the conference MFPS (Mathematical Foundations of Programming Semantics XXV,
http://

Catuscia Palamidessi has been invited to serve as PC chairs of the 2011 edition of the conference QEST (The International Conference on Quantitative Evaluation of
SysTems,
http://

Catuscia Palamidessi has been invited to be a speaker at the 2010 edition of the conference LICS (Twenty-Fifth Annual IEEE Symposium on Logic in Computer Science,
http://

Acceptance of the ANR project proposal PANDA: “Analyse du Parallélisme et de la Distribution”. This project is financed by the ANR, for the years 2009-2011. The partners involved are: the EPIs Comète and Parsifal at INRIA Saclay, the CEA Saclay, Airbus, and various universities in France.

Acceptance of the ANR project proposal CPP: Mobile and Secure Complex Systems This project is financed by the ANR, for the years 2009-2011. The partners involved are: LSV, the EPIs Comète and Parsifal at INRIA Saclay, the CEA LIST, Supelec SSE and Supelec L2S.

The need to deal with probabilities can arise for various reasons:

First, algorithms for distributed systems and security protocols often use randomization.

Second, the modeling of the physical world frequently requires coping with uncertain and approximate information (for example, the number of the requests that are received by a web server during various times of the day), which one can refine by statistical measurements, and which can then be naturally represented using a probabilistic formalism.

Third, reality can sometimes be too complicated to be represented and analyzed in detail; probabilistic models offer then a convenient abstraction mechanism.

We intend to study models and languages for concurrent, probabilistic and mobile systems, with a particular attention to expressiveness issues. We aim at developing criteria to assess the expressive power of a model or formalism in a distributed setting, to compare existing models and formalisms, and to define new ones according to an intended level of expressiveness, taking also into account the issue of (efficient) implementability.

We will focus our efforts on a probabilistic variant of the asynchronous -calculus, that is a formalism designed for mobile and distributed computation. A characteristic of our calculus is the presence of both probabilistic and nondeterministic aspects. This combination is essential to represent probabilistic algorithms and protocols and express their properties in presence of unpredictable (nondeterministic) users and adversaries.

The aim of our research is the specification and verification of protocols used in mobile distributed systems, in particular security protocols. We are especially interested in protocols for
*privacy*, because they exhibit features that require the kind of concepts and approach in which we feel most competent. It is likely, however, that the instruments and tools developed
having privacy in mind can later be useful and adaptable also to other domains of security, like
*Secure Information flow*. Privacy is a generic term which denotes the issue of preventing certain information to become known to an agent, except in case that agent is explicitly allowed
to be informed. It may refer to the protection of
*private data*(credit card number, personal info etc.), of the agent's identity (
*anonymity*), of the link between information and user (
*unlinkability*), of its activities (
*unobservability*), and of its
*mobility*(
*untraceability)*.

The common denominator of this class of problems is that an adversary can try to infer the private information (
*secrets*) from the information that he can access (
*observables*). The purpose of privacy protocols is then to obfuscate the link between secrets and observables as much as possible, and they often use randomization to achieve this
purpose, i.e. to introduce
*noise*. The protocol can therefore be seen as a
*noisy channel*, in the Information-Theoretic sense, between the secrets and the observables.

We intend to explore the rich set of concepts and techniques in the fields of Information Theory and Hypothesis Testing to establish the foundations of privacy, and to develop heuristics and methods to improve protocols for privacy. Our approach will be based on the specification of protocols in the probabilistic asynchronous -calculus, and the application of model-checking to compute the matrices associated to the corresponding channels.

We plan to develop model-checking techniques and tools for verifying properties of systems and protocols specified in the above formalisms. Model checking addresses the problem of establishing whether the model (for instance, a finite-state machine) of a certain specification satisfies a certain logical formula. We intend to concentrate our efforts on aspects that are fundamental for the verification of security protocols, and that are not properly considered in existing tools. These are (a) the combination of probability and mobility, which is not provided by any of the current model checkers, (b) the interplay between nondeterminism and probability, which in security present subtleties that cannot be handled with the traditional notion of scheduler, (c) the development of a logic for expressing security (in particular privacy) properties. We should capture both probabilistic and epistemological aspects, the latter being necessary for treating the knowledge of the adversary. Logics of this kind have been already developed, but the investigation of the relation with the models coming from process calculi, and their utilization in model checking, is still in its infancy.

In collaborations with Dave Parker and Marta Kwiatkowska, we are developing a model checker for the probabilistic asynchronous -calculus. Case studies with Fair Exchange and MUTE, an anonymous peer-to-peer file sharing system, are in progress.

Technically we use MMC as a compiler to encode the probabilistic -calculus into certain PRISM representation, which will then be verified against PCTL using PRISM. The transitional semantics defined in MMC can be reused to derive the symbolic transition graphs of a probabilistic process. The code for derivation will work as an add-on to MMC under XSB and invoke a graph traversal to enumerate all reachable nodes and transitions of the probabilistic process.

In the meanwhile we are also attempting a direct and more flexible approach to the development of a model checker for the probabilistic
-calculus, using OCaml. This should allow to extend the language more easily, to include cryptographic primitives and other features useful for the specification of security protocols.
As the result of our preliminary steps in this direction we have developed a rudimentary model checker, available at the following URL:
http://

This software generates PRISM models for the Dining Cryptographers and Crowds protocols. It can also use PRISM to calculate the capacity of the corresponding channels. More information can
be found in
and in the file README file width instructions at the URL
http://

The software can be download at
http://

The corner points can be used to compute the maximum probability of error and to improve the Hellman-Raviv and Santhi-Vardy bounds. More information can be found in
and in the file README file width instructions at the URL
http://

The software can be download at
http://

Busi et al.
showed that CCS
_{!}(CCS with replication instead of recursion) is Turing powerful by providing an encoding of Random Access Machines (RAMs) which preserves and reflects
*convergence*(i.e., the existence of terminating computations). The encoding uses an unbounded number of restrictions arising from having restriction operators under the scope of
replication. On the other hand, in
they had shown that there is no encoding of RAMs into CCS
_{!}which preserves and reflects divergence.

In we have defined fair computations in the -calculus. We have followed Costa and Stirling's approach for CCS-like languages , but exploited a more natural labeling method of process actions to filter out unfair process executions. The new labeling has allowed us to prove all the significant properties of the original one, such as unicity, persistence and disappearance of labels. It has also turned out that the labeled -calculus is a conservative extension of the standard one. We have contrasted the existing fair testing notions , with those that naturally arise by imposing weak and strong fairness. This comparison provides the expressiveness of the various fair testing-based semantics and emphasizes the discriminating power of the one already proposed in the literature.

In
and
we have addressed the question of what kind of asynchronous
communication is exactly modeled by the asynchronous
-calculus (
_{a}). To this purpose we have defined a calculus
where channels are represented explicitly as special buffer processes. The base language for
is the (synchronous)
-calculus, except that ordinary processes communicate only via buffers. We have compared this calculus with
_{a}, and we have shown that there is a strong correspondence between
_{a}and
in the case that buffers are bags: there are indeed encodings which map each
_{a}process into a strongly asynchronous bisimilar
process, and each
process into a weakly asynchronous bisimilar
_{a}process. In case the buffers are queues or stacks, on the contrary, the correspondence does not hold. We have shown indeed that it is not possible to translate a stack or a queue into
a weakly asynchronous bisimilar
_{a}process. Actually, for stacks we have shown an even stronger result, namely that they cannot be encoded into weakly (asynchronous) bisimilar processes in a
-calculus without mixed choice.

Information hiding refers to the problem of protecting private information while performing certain tasks or interactions, and trying to avoid that an adversary can infer such information. Particular cases of this property are anonymity and privacy.

The systems for information hiding often use random mechanisms to obfuscate the link between the observables and the information to be protected. The random mechanisms can be described probabilistically, while the value of the secret may be totally unpredictable, irregular, and hence expressible only nondeterministically. Nondeterminism can also be present due to the interaction of the various component of the system.

Formal definitions of the concept of anonymity and information flow have been investigated in the past either in a totally nondeterministic framework, or in a purely probabilistic one. In , we have investigated a notion of anonymity which combines both probability and nondeterminism, and which is suitable for describing the most general situation in which the protocol and the users can have both probabilistic and nondeterministic behavior. We have also investigated the properties of the definition for the particular cases of purely nondeterministic users and purely probabilistic users. We have formulated the notions of anonymity in terms of probabilistic automata, and we have described protocols and users as processes in the probabilistic -calculus, whose semantics is again based on probabilistic automata.

It has been observed recently that in security the combination of nondeterminism and probability can be harmful, in the sense that the resolution of the nondeterminism can reveal the
outcome of the probabilistic choices even though they are supposed to be secret
. This is known as the problem of the
*information-leaking scheduler*. In
we have developed a linguistic (process-calculus) approach to this
problem, and we have shown how to apply it to control the behavior of the scheduler in various anonymity examples.

Recent research in quantitative theories for information-hiding tend to converge towards the idea of modeling the system as a noisy channel in the information-theoretic sense. The notion of information leakage, or vulnerability of the system, has been related in some approaches to the concept of mutual information of the channel. A recent work of Smith has shown, however, that if the attack consists in one single try, then the mutual information and other concepts based on Shannon entropy are not suitable, and he has proposed to use Rényi's min-entropy instead. In we have considered and compared two different possibilities of defining the leakage, based on the Bayes risk, a concept related to Rényi min-entropy.

In information hiding, an adversary that tries to infer the secret information has a higher probability of success if it knows the distribution on the secrets. In we have shown that if the system leaks probabilistically some information about the secrets, (that is, if there is a probabilistic correlation between the secrets and some observables) then the adversary can approximate such distribution by repeating the observations. More precisely, it can approximate the distribution on the observables by computing their frequencies, and then derive the distribution on the secrets by using the correlation in the inverse direction. We have illustrate this method, and then we have studied the bounds on the approximation error associated with it, for various natural notions of error. As a case study, we have applied our results to Crowds, a protocol for anonymous communication.

As an application, we have shown how to formalize
*probabilistic anonymity*and
*oblivious transfer*in the logic, and how to validate these formalizations on implementations specified in probabilistic CCS.

Concurrent constraint programming (
`ccp`,
) is a model of computation based on the notion of store as the
information available for the process. Each process has access to a global store, with respect to which it tests and adds constraints. During the execution, the store can only increase. A
domain-theoretic denotational semantics has been defined in
, that maps a process to the supremum store that it can reach. It
is then possible to compute this supremum store by a fixed point construction, based on the grammar of the process.

In we have described a unified concurrent-constraint framework for the declarative analysis of structured communications. By relying on the utcc constraint calculus, we have showed that in addition to the usual operational techniques from process calculi, the analysis of structured communications can elegantly exploit logic-based reasoning techniques. We have presented a concurrent constraint interpretation of the language for structured communications proposed by Honda, Vasconcelos, and Kubo . Distinguishing features of our approach are: the possibility of including partial information (constraints) in the session model, the use of explicit time for reasoning about session duration and expiration, and a tight correspondence with logic, which formally relates session execution and linear-time temporal logic formulas.

Model checking is the main tool that we aim at developing for the verification of security protocols.

In , in collaboration with the PRISM team at Oxford, we have established the basis for an implementation of model checking for the probabilistic -calculus. Building upon the (non-probabilistic) -calculus model checker MMC , we have developed an automated procedure for constructing a Markov decision process representing a probabilistic -calculus process. This representation can then be verified using existing probabilistic model checkers such as PRISM. Secondly, we have demonstrated how for a large class of systems an efficient, compositional approach can be applied, which uses our extension of MMC on each parallel component of the system and then translates the results into a higher-level model description for the PRISM tool.

Nano-devices are molecular machines synthesized from molecular subcomponents whose functions are combined in order to perform the function of the machine. An important and characteristic feature of these devices is their intrinsic compositional nature. Therefore process-algebra formalisms are natural candidate for their modeling. In his PhD thesis , Pradalier has introduced a dialect of the -calculus, the nano -calculus and has illustrated its relevance for the modeling and simulation of nano-devices with an example stemming from the collaboration with the chemistry department of bologna: the [2]RaH rotaxane. Pradalier has modeled it in nano and has simulated its behaviour under various conditions of concentration. He was then able to show that some classical assumption about kinetic rates were not correct any longer in this setting. The -calculus has many advantages for the modelling of biochemical systems. In particular it is compact, easily reusable and modifiable and biological-like and thus easier to learn for biochemists. On the other hand the -calculus, also often used to model biochemical systems, has a much more developed theory and more available tools. Pradalier has then investigated the possibility of encoding the nano -calculus into the stochastic -calculus, and has found a translation that satisfies strong correctness properties. Furthermore, Pradalier has considered the chemical master equation, which describes probabilistically the possible behaviours of the system over time in terms of a differential equation on the probability to be in a given state at a given instant. Pradalier has introduced a notion of equivalence based on the chemical master equation and has proved that it corresponds exactly to the notion backward stochastic bisimulation. This results establishes a bridge between a chemical semantics and a computer semantics, and it also constitutes a first step towards a metrics for biochemistry. Finally Pradalier has investigated the relative expressive power of the synchronous and asynchronous stochastic -calculus, for which he has used the encodability of the nano -calculus.

This project is financed by the ANR, for the years 2009-2011. The partners involved are:

EPIs Comète and Parsifal at INRIA Saclay. Responsible: Catuscia Palamidessi

CEA Saclay. Responsible: Emmanuel Haucourt

Pôle Parisien. Responsible: Damiano Mazza

Pôle Méditerranéen. Responsible: Emmanuel Godard

Airbus. Responsible: Jean Souyris.

This project is financed by the ANR, for the years 2009-2011. The partners involved are:

LSV. Responsible: Jean Goubault-Larrecq

EPIs Comète and Parsifal at INRIA Saclay. Responsible: Catuscia Palamidessi

CEA LIST. Responsible: Olivier Bouissou

Supelec SSE. Responsible: Gilles Fleury

Supelec L2S. Responsible: Michel Kieffer

This project is financed by the DGA, for the years 2007-2009. The teams involved are:

Hipercom. Responsible: Philippe Jacquet

Comète. Responsible: C. Palamidessi

Algorithmes et Optimisation. Responsible: Philippe Baptiste

MAX. Responsible: Michel Fliess.

This project has started in January 2006 and includes the following sites:

INRIA Futurs. Responsible: C. Palamidessi

McGill University, Canada. Responsible: P. Panangaden

PRINTEMPS focuses on the applications of Information Theory to security. We are particularly interested in studying the interactions between Concurrency and Information Theory.

Home page:
http://

This project has started in January 2007 and includes the following sites:

Pontificia Universidad Javeriana, Colombia. Responsible: C. Rueda

INRIA Futurs. Responsible: F. Valencia

IRCAM, France.

REACT stands for “Robust theories for Emerging Applications in Concurrency Theory”, which reflects the goals of the project.

Home page:
http://

Note: In this section we include only the activities of the permanent internal members of Comète.

Catuscia Palamidessi is member of the Editorial Board of the journal on Mathematical Structures in Computer Science, published by the Cambridge University Press.

Catuscia Palamidessi is member of the Editorial Board of the journal on Theory and Practice of Logic Programming, published by the Cambridge University Press.

Catuscia Palamidessi is member of the Editorial Board of the Electronic Notes of Theoretical Computer Science, Elsevier Science.

Frank D. Valencia is area editor (for the area of Concurrency) of the ALP Newsletter.

Catuscia Palamidessi is member of:

The Council of EATCS, the European Association for Theoretical Computer Science. Since 2005

The Steering Committee of ETAPS, the European Joint Conferences on Theory and Practice of Software. Since 2006

The IFIP Technical Committee 1 – Foundations of Computer Science. Since 2007

The IFIP Working Group 2.2 – Formal Description of Programming Concepts. Since 2001

Catuscia Palamidessi has given invited talks at the following conferences and workshops:

Workshop on “Ubiquitous Computing at a Crossroads”. London, UK. January 2009.
http://

BASICS 2009 International Workshop on Computation and Interaction. Shanghai, China. October 2009.
http://

IFIP 1.8 Workshop on Formal Methods for Embedded Systems. Eindhoven, NL. November 2009.
http://

Catuscia Palamidessi has served as PC chairs of the 2009 edition of the conference on Mathematical Foundations of Programming Semantics (MFCS XXV),
http://

Catuscia Palamidessi and Frank Valencia have served as PC chairs of the 2009 edition of the International conference on Current Trends in Theory and Practice of
Computer Science (SOFSEM),
http://

Catuscia Palamidessi has been/is a member of the program committees of the following conferences:

CONCUR 2010. The 21st International Conference on Concurrency Theory. Paris, France, September 2010.
http://

MFPS XXVI. The 26th Conference on the Mathematical Foundations of Programming Semantics, Ottawa, Canada, May 2010.
http://

CONCUR 2009. The 20th International Conference on Concurrency Theory. Bologna, Italy, September 2009.
http://

PPDP 2009. The 11th International ACM SIGPLAN Symposium on Principles and Practice of Declarative Programming. Coimbra, Portugal. September 2009.
http://

FOSSACS 2009. The 12th International Conference on Foundations of Software Science and Computation Structures. (Part of ETAPS 2009.) York, UK. March 2009.
http://

Catuscia Palamidessi has been/is a member of the program committees of the following workshops:

FCS-PrivMod 2010. Workshop on Foundations of Security and Privacy. Edinburgh, UK, July 2010.
http://

LIS 2010. Workshop on Logics in Security. Copenhagen, Denmark, August 2010.
http://

PLID 2009. The 5th International Workshop on Programming Language Interference and Dependence. London, UK. March 2009
http://

SecCo 09. The 7th International Workshop on Security Issues in Concurrency. Bologna, Italy, September 2009.

Frank D. Valencia has been/is a member of the program committees of the following conferences and workshops:

ICLP 2009. 25th International Conference on Logic Programming. Pasadena, USA, July 2009.

Carlos A. Olarte has been/is a member of the program committees of the following conferences:

SAC 2009. 24th Annual ACM Symposium on Applied Computing. Track on Constraint Satisfaction and Programming. Honolulu, USA, March 2009.

Frank D. Valencia and Carlos Olarte are the organizer of the Comète-Parsifal Seminar. This seminar takes place weekly at LIX, and it is meant as a forum where the
members of Comète and Parsifal present their current works and exchange ideas. See
http://

Catuscia Palamidessi has served as:

Member of the Commission Scientifique du Centre de Recherche INRIA Saclay, since February 2008.

Reviewer for the projects proposal for the program PRIN, sponsored by the Italian MIUR (“Ministero dell'Istruzione, dell'Università e della Ricerca”). Since 2004.

Member of the INRIA GTRI (Group de Travail Relations Internationales) from November 2007 till October 2009.

Member of the Comité de These for Mathematics and Computer Science at the École Polytechnique. Since October 2007.

Frank Valencia is teaching (together with Francesco Zappa Nardelli and Roberto Amadio) the course “Concurrence” at the “Master Parisien de Recherche en Informatique” (MPRI) in Paris. Winter semesters 2008-09 and 2009-10.

Catuscia Palamidessi has given the following lectures or intensive courses to PhD and master students:

Lecture on an Information-Theoretic approach to Confidentiality. PhD program at the University of Pisa, Italy. October 2009.

Lecture on Anonymity Protocols as Noisy Channels. Master students of ENS Lyon, France. October 2009.

Lectures on Information-Hiding. Mini-course of 4 hours for the PhD program at the University of Venice, Italy. April 2009.

Frank D. Valencia has been a lecturer on "Concurrency Theory" at Universidad Javeriana de Cali. Fall 2009.

Catuscia Palamidessi has supervised the following PhD students:

Romain Beauxis. Allocataire Region Ile de France. 1/10/2005 – 31/5/2009.

Christelle Braun. Allocataire École Polytechnique - Ministère. Since 1/10/2007.

Mario Sergio Ferreira Alvim Junior. Allocataire CNRS/DGA. Since 1/10/200.

Ivan Gazeau. Allocataire ANR. Co-supervised by Dale Miller, Ecole Polytechnique, Paris. Since 1/10/2009

Sylvain Pradalier. Allocataire ENS Cachan. Co-supervised by Cosimo Laneve, University of Bologna, Italy. 1/9/2006 – 30/9/2009.

Marie-Aude Steineur. Allocataire ANR. Co-supervised by Sami Abbes, University of Paris VII, France. Since 1/10/2009

Catuscia Palamidessi and Frank Valencia have co-supervised the following PhD students

Jesus Aranda. Co-supervised by Juan Francisco Diaz, Universidad del Valle, Colombia. 1/10/2006 – 31/11/2009

Andrés Aristizábal. Allocataire DGA/CNRS. Since 1/10/2009

Carlos Olarte. Allocataire INRIA/CORDIS. 1/10/2006 – 30/10/2009

The team Comète has supervised the following internship students during 2008:

Michael Matinez. Master student at the University of Cali, Colombia. 1/5/2009 – 31/7/2009

Yamil Salim Percy. Master student at the University of Cali, Colombia. 5/11/2009 – 5/12/2009

Catuscia Palamidessi has been “rapporteur” for the thesis, and member of the jury at the thesis defense, of the following PhD students:

Luca Fossati (University of Turin, Italy). PhD Thesis on
*Modeling the Handshaking Protocol for Asynchrony*. Defended on 9 February 2009. Advised by Simona Ronchi Della Rocca and Pierre-Louis Curien.

Cinzia Di Giusto (University of Bologna, Italy). PhD thesis on
*Expressiveness of Concurrent Languages*. Defended on 20 April 2009. Advised by Maurizio Gabbrielli.

Catuscia Palamidessi has also been president of the committee at the “defense day” of all thesis in Computer Science for the year 2009 at the University of Bologna. 20 April 2009.