Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D....
-
date post
22-Dec-2015 -
Category
Documents
-
view
215 -
download
0
Transcript of Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D....
![Page 1: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/1.jpg)
Mobile Ambients
Luca CardelliDigital Equipment Corporation, Systems Research Center
Andrew D. GordonUniversity of Cambridge, Computer Laboratory
Presented by
Michael HicksCIS 640
Spring 1998
![Page 2: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/2.jpg)
Mobility
• Mobile Computing– Computing devices are mobile environments
• Mobile Computation– Computations which move among environments are
mobile agents
![Page 3: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/3.jpg)
Administrative Domains
• Network level– Firewall partitioning of Intranet from Internet– Address partitioning of subnet from LAN
• Host level– Access to remote resources (disk, CPU, etc.)
Mobility and access require authorization
![Page 4: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/4.jpg)
Outline
• Overview of approach and related work• Mobility Calculus
– Primitives, Semantics, and Examples• Complete Ambient Calculus
– Communication Primitives– Examples and Encoding of async -calculus
• Criticisms and Conclusions
![Page 5: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/5.jpg)
Ambients
Bounded location for computation– a web page, an address space, a filesystem, a data
object, a laptop, …– not a thread, collections of objects, …
Each ambient has a name, and may contain– a collection of local agents– a collection of sub-ambients
![Page 6: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/6.jpg)
Names
• May be – created, – passed around, and – used to name new ambients
• May be used to derive capabilities
![Page 7: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/7.jpg)
Related Work
• Obliq• Telescript• Java• Linda
-calculus• spi-calculus• Chemical Abstract
Machine• join-calculus• LLinda• distributed calculi
![Page 8: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/8.jpg)
Mobility Primitives
n namesP,Q ::= processes
(vn)P restriction0 inactivityP | Q composition!P replicationn[P] ambientM.P action
M ::= capabilitiesin n can
enter nout n can leave nopen n can open n
![Page 9: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/9.jpg)
Restriction
• creates a new (unique) name n within a scope of P• may be used to name ambients and operate on
ambients by name• is transparent to reduction:
P Q (vn)P (vn)Q
(vn)P
![Page 10: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/10.jpg)
Inaction
• does nothing
0
![Page 11: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/11.jpg)
Composition
• denotes process P executing in parallel with process Q• is commutative and associative• obeys the rule:
P Q P | R Q | R
P | Q
![Page 12: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/12.jpg)
Replication
• creates as many parallel replicas of P as needed• may be used to express iteration and recursion• to be reduced, it is first expanded to P | !P
!P
![Page 13: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/13.jpg)
Ambients
• an ambient with name n within which P is executing:P Q n[P] n[Q]
• may contain nested sub-ambients as well as processes running in parallel:n[P1 | … | Pp | m1[…] | … | mq[…]]
n[P]
![Page 14: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/14.jpg)
Entry capability
• instructs the surrounding ambient to enter a sibling ambient n
• If n doesn’t exist, it blocks. If more than one exists, any one may be chosen
• Reduction rule:n[in m. P | Q] | m[R] m[n[P | Q] | R]
in n. P
![Page 15: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/15.jpg)
Exit capability
• instructs the surrounding ambient to exit its parent ambient n
• If n doesn’t exist, it blocks.• Reduction rule:
m[n[out m. P | Q] | R] n[P | Q] | m[R]
out n. P
![Page 16: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/16.jpg)
Open capability
• dissolves the ambient n at the same level as the surrounding ambient
• If n doesn’t exist, it blocks. If more than one exists, any one may be chosen
• Reduction rule:open n. P | n[Q] P | Q
open n. P
![Page 17: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/17.jpg)
Example: Locks
acquire n. P open n. P
release n. P n[] | P
• handshake:
acquire n. release m. P | release n. acquire m. Q
![Page 18: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/18.jpg)
Objective Moves
• Allows a computation to move into an ambient. Only possible if the ambient allows it
mv in n. P | n[Q] * n[P | Q]n[mv out n. P | Q] * P | n[Q]
![Page 19: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/19.jpg)
Objective Moves
allow n !open n
mv in n. P (vk) k[in n. in[out k. P]]mv out n. P (vk) k[out n. out[out k.
P]]n[P] n[P | allow in]n[P] n[P] | allow out
n[P] n[P | allow in] | allow out
![Page 20: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/20.jpg)
Synchronization on Named Channels
• Channel n is defined as n[]
n?.P mv in n. acquire rd. release wr. mv out n. P
n!.P mv in n. release rd. acquire wr. mv out n. P
![Page 21: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/21.jpg)
Mobility and Communication Primitives
P,Q ::= processes(vn)P restriction0 inactivityP | Q composition!P replicationM[P] ambientM.P action(x).P input action<M> async output
action
M ::= capabilitiesx variable
n namein M can enter Mout M can leave Mopen M can open M nullM.M’ path
![Page 22: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/22.jpg)
Communicable Values
• Names, capabilities, and may be exchanged• Multiple capabilities may be combined into paths
(such as for transmitting a route)
![Page 23: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/23.jpg)
Ambient I/O
• <M> releases a capability into the local ambient• (x).P captures the result and binds it lexically• Reduction rule:
(x). P | <M> P {x M}
(x). P
<M>
![Page 24: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/24.jpg)
Examples: Cells• Allows for storage and retrieval of values at a
named location
cell c v c[<v> | !(x).<x>]get c (x). P mv in c. (x). (<x> | mv out c. P)set c (v). P mv in c. (x). (<v> | mv out c. P)
![Page 25: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/25.jpg)
Routable Packets
• A packet carries a computation• May be routed to an ambient via path M• An ambient may forward a packet via a path
packet pkt pkt[!(x).x | !open route]route pkt with P to M route[in pkt. <M> | P]forward pkt to M route pkt with 0 to M
![Page 26: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/26.jpg)
Ether I/O• Both parent and child ambients must be enabled
for I/O. Children may then input and output using parent’s Ether
n[P] a parent n[P] enabling Ether I/On[P] a child n[P] enabling Ether I/On(x).P receive a value from the Ethern <M> send a value into the Ether
![Page 27: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/27.jpg)
Ether I/O
n[P] n[e[] | P]n[P] n[P]n(x).P mv out n. mv in e. (x). mv out e. mv in n. P
n <M> mv out n. mv in e. <M>
![Page 28: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/28.jpg)
Encoding the -calculus: channels
ch n a channel(ch n)P a new channeln(x).P channel inputn<M> async channel output
Should satisfy the reductionn(x).P | n<M> * P {x M}
![Page 29: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/29.jpg)
Encoding the -calculus: channels
ch n n[!open io](ch n)P (vn) (ch n | P)n(x).P (vp) (io[in n. (x). p[out n. P]] | open p)
n<M> io[in n.<M>]
![Page 30: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/30.jpg)
Channel Reduction
ch n | n(x).P | n<M> (vp) (n[!open io] | io[in n. (x). p[out n. P]] | open p | io[in n.<M>])* (vp) (n[!open io | io[(x). p[out n. P]] | io[<M>]] | open p)* (vp) (n[!open io | (x). p[out n. P] | <M>] | open p) (vp) (n[!open io | p[out n. P{x M}]] | open p) (vp) (n[!open io] | p[P{x M}] | open p) (vp) (n[!open io] | P{x M}) ch n | P{x M}
![Page 31: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/31.jpg)
Encoding
(vn)P (vn) (n[!open io] | P)n(x).P (vp) (io[in n. (x). p[out n. P]] | open p)n<m> io[in n.<m>]P | Q P | Q!P !P
![Page 32: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/32.jpg)
Issues
• Interference– name clashes with “temporary” locations during
evaluation with concurrent processes• No type system (yet)
– some legal programs are meaningless because of ‘type errors’ resulting from communication
• Notions of security are too simple
![Page 33: Mobile Ambients Luca Cardelli Digital Equipment Corporation, Systems Research Center Andrew D. Gordon University of Cambridge, Computer Laboratory Presented.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d7a5503460f94a5e87f/html5/thumbnails/33.jpg)
Conclusions
• Introduced notion of mobile ambients • Presented a simple, yet powerful calculus
– mobility– security
• Other document (the “Annex”) formally defines notions of observational equivalence