AS3: Adaptive, Situation-Aware and Secure Service-Based Systems

1
AS3 Adaptive, Situation-Aware and Secure
Service-Based Systems

• Hasan Davulcu
• Department of Computer Science and Engineering
• Arizona State University
• Joint work with
• Dr. Stephen S. Yau
• Dr. Supratik Mukhopadhyay

2
Outline

• Introduction and Examples
• Our research goals on AS3 systems
• AS3 Calculus and Logic
• Secure and Adaptive Workflow Synthesis
• Conclusion and future work

3
Introduction

• Service-based systems (SBS)
• Systems offering services which are well-defined
  functions used in different contexts and have
  interrelations and dependencies
• Services are not restricted to Web services
• Individual services are usually independently
  designed and implemented, and run on loosely
  coupled systems
• Examples
• Emergency response information systems
• e-Business

4
An Example of SBS - Road Emergency Response
Setup Perimeter
5
Coordination Constraints

• All the responders should arrive at the accident
  site within fifteen minutes.
• Any CAR, FE, AMB, or H that are serving at one
  accident site should not be dispatched to another
  accident site before completing their jobs at the
  accident site.
• Injured passengers in critical conditions should
  be brought to a nearby hospital within fifteen
  minutes after they are rescued from their damaged
  vehicles.
• Any coordination agent should only follow the
  commands from a trusted MP, being authenticated
  and delegated by a trusted party (the proper
  authority). Only after CARs leaves from L, ERC
  can end the road closure.

6
Dynamic reconfiguration Constraints

• Since, it is almost impossible to identify all
  control and correction steps before execution
  time, the system must provide the capability to
  adapt the workflows at run-time with dynamic
  reconfiguration constraints
• Resource failure An ambulance can transport at
  most two injured passengers at the same time, and
  hence the MP should send another ambulance within
  five minutes to carry additional injured
  passengers.
• Service failure If the police fail to set up a
  perimeter within fifteen minutes after the 911
  call center gets an accident report, FE and AMB
  can enter the accident site regardless a police
  perimeter has been set up or not.
• Exception Condition If the paramedics determine
  that one of the injured passengers is in critical
  condition then, another helicopter (H1) is
  discovered and used to transport the passenger in
  critical condition to the hospital.

7
Requirements

• Adaptability
• System adaptation to provide acceptable
  performance in spite of system failures,
  overload, or damages
• Rapid reconfiguration to achieve users new
  missions
• Security
• Authentication for both users and service
  providers
• Protection of critical information and critical
  operations of distributed services
• Enforcement of flexible security policies of
  distributed services from joint/coalition
  operations

8
Objective of Our Project

• Conduct basic research on generating techniques
  for rapid development, deployment and operations
  of AS3 Systems with high confidence and
  cost-effectiveness.
• Hierarchical situation-awareness capability.
• Distributed trust management to ensure
  policy-based security.
• Rapidly discovering, contracting with and
  composing reliable and unreliable services into
  processes with situational and QoS constraints
• Adapting these processes when situations, mission
  goals and/or security policies change

9
Our Approach

• Provide a declarative unifying logic-based
  approach for extending service-oriented
  architecture with
• Hierarchical situation-awareness for reactive
  behavior
• Distributed trust management for managing and
  enforcing security policies
• Adaptive workflow management for deliberative
  actions, which are composed and coordinated
  automatically to achieve users goals
• while preserving overall correctness and
  consistency.

10
AS3 System Architecture
11
Major Components of Our Approach

1. AS3 Calculus and Logic
2. Distributed trust management
3. Adaptive workflow synthesis
4. Distributed workflow scheduling

12
Our Approach to Rapid Development of AS3 Systems
13
Existing Standards for Service-based Systems

• BPEL/BPEL4WS 21 Industry standard
• For modeling and executing workflows
• Lacks formal semantics
• Does not provide automatic service composition
  and adaptation
• OWL-S, Web Components 36
• Provides constructs for unambiguously describing
  the properties and capabilities of Web services
• Provides limited formal guarantees
• Does not provide automatic service composition

14
Existing Formal Approaches

• Rule-based Modeling (SWORD) 28
• Does not allow services having side effects
• Currently, no work is known that uses SWORD for
  modeling situation-awareness or security policies
• Classical Process Calculi and Synchronous
  Programming Languages
• Pi calculus 33,34, Ambient Calculus 32,
  Chemical Abstract Machine 35 Does not provide
  facilities for processing situation information
  and reacting to it
• SOL 37 Does not provide facilities for
  automatic service composition
• Provides ways for formal reasoning
• Linear Logic 29
• Undecidable provides only semi-automated service
  composition

15
A Simple Example
ShipB
Plan Ask ShipA to destroy enemy
16
Our AS3 Calculus

• Provides a formal programming model for AS3
  systems
• Is based on classical process calculi, and has
  operational semantics involving interactions
  between
• external actions communication, leaving and
  joining groups
• internal computations method calls of named
  services
• Can model timeouts and failures
• Implements access control using hierarchical
  domains

17
A Calculus for AS3 Systems

• (System)
• S
• fix IP (recursion)
  
• NS (named domain)
• SS (Sys. Comp.)
• N
• x (variable)
• n (name)

• (Process)
• P
• (new n) P (name restriction)
• 0 (inactive process)
• PP (par. composition)
• I (identifier)
• E.P (external action)
• C.P (int. computation)
• P1P2 (nondet. choice)
• fail (failure)
• catch(n).P (failure handler)
• time t.P (timeout)
• Pl1(x1),ln(xn) (method export)

• External action involves communication, leaving
  or joining groups, removing firewalls
• Internal computation takes place by calling
  methods of identified services

18
External Actions

• E
• M (Domain)
• K (Comm.)
• K (comm.)
• (x) (input)
• ltZgt (output)

• M
• in N (enter a dom.)
• out N (exit a dom.)
• open N (open firewall)
• M.M (concat)
• e (no action)

19
Internal Computation

• C
• Let xC instantiate P (beta reduction)
• if C(x) then P else P (conditional)
• Ili(y) (method
  invocation for identified service)
• Ili ? Ilj (method
  replacement)
• ? (constraint evaluation)
• C.C
  (concatenation)
• e
  (no-computation)
• true (constant
  true)
• false (constant
  false)
• ? (failed
  computation)
• Ili
• prepost(xi)

20
Security Model

• An AS3 system is secure iff only two entities
  (processes) in the same domain can communicate.
• When two entities are not in the same domain,
  they must move into the same domain for
  communication
• Security (access control) model synthesized
  through formula rewriting using sound
  transformation rules in AS3 logic

21
Security Model (cont.)
n
B
m
A

• Is A allowed to communicate with B?
• --Is A currently authenticated to n ?
• --Can A currently move out from m to n to
• communicate with B ?

22
AS3 Processes for the Example

• System

ShipB
Fleet
Fleet fleetshipA shipB shipA
(x,y).(d). if ddestroy then
(shipAlock_radar(x,y).shipAload_missile().(let
zshipAfire() instantiate if z enemy_destroyed
then ltzgt ) then shipA) else shipA shipB ?
shipA
if MAdetect_intrusion() then let ltx,ygtMA
get_enemy_coordinates() instantiate ltx,ygt.MA
else MA
(x,y). In fleet.ltx,ygt.ltdestroygt.out fleet.CMD
23
AS3 Processes for the Example (cont.)
if MAdetect_intrusion() then let ltx,ygt MA
get_enemy_coordinates() instantiate ltx,ygt MA
else MA
ltx,ygt
24
AS3 Processes for the Example (cont.)
(x,y). In fleet. ltx,ygt.ltdestroygt. out fleet.CMD.
ltx,ygt.ltdestroygt
ShipB
Fleet
25
AS3 Processes for the Example (cont.)
enemy destroyed
ShipB
Fleet
Fleet fleetshipA shipB shipA
(x,y).(d). if ddestroy then shipAlock_radar(
x,y) shipAload_missile() let zshipAfire()
instantiate if z enemy_destroyed then ltzgt then
shipA else shipA
26
Synthesis of AS3 Processes

• Can we synthesize AS3 processes automatically
  from declarative specifications?
• Yes, use our approach

27
Our Approach Logic-based Synthesis of AS3
Processes

1. Services described in AS3 logic along with proof
   rules of the logic form a theory of AS3 systems
2. Functional requirements of the mission along with
   QoS (real-time, security, situation-awareness)
   described as formulae in AS3 logic
3. Synthesis amounts to a proof of the requirements
   using the AS3 theory
4. Executable calculus terms directly synthesized
   from the proof

28
Our AS3 Logic

• Modal Logic talking about both time and space
• Sometime modality for temporal evolution,
  somewhere modality for spatial location
• Modalities for communication, leaving joining
  domains, knowledge
• Atomic formulas for describing relations among
  variables

29
AS3 Logic Syntax

• f
• 0 (inactivity)
• pred(x1,,xn) (user defined atoms)
• tc (atomic
  constraint)
• f1?f2 (disjunction)
• f (negation)
• ? f (sometime)
• T f (somewhere)
• I
  (identifier/nominal match)
• gt lt
• c Natural Number

30
AS3 Logic Syntax (Contd.)

• f1 f2 (parallel
  composition)
• ?f (named domain)
• f_at_? (behavior within
  domain)
• K(u f) (knowledge of an object)
• serv(u f) (recording of an object)
• ?n f (quantification
  over names)
• ?t f (quantification
  over real variables)
• in(n) f (behavior after entering
  domain)
• out(n) f (behavior after leaving
  domain)
• ltugt f (behavior after
  sending message)
• T (constant
  true)

31
AS3 Logic Properties

• Decidable when interpreted over systems with
  image-finite processes
• Model checking problem is also decidable for
  systems with image-finite processes

32
Proof Theory of AS3 Logic

• All axioms of propositional modal logic and the
  following axioms
• T1 T(s nf) ? next_hierarchy(s,f)
• T2 next_hierarchy(f,s)?Ts
• T3 T?f??Tf
• T4 f?Tf
• T5 TTf?f

33
Transformation Rules for Synthesis of Access
Control

• Security (access control) model synthesized
  through formula rewriting using sound
  transformation rules in AS3 logic
• A1 restrict(I,f) ? T(I f)
• A2 restrict(I,J) ? T(J K) ?T(I K)
• and 7 other transformation rules for synthesis of
  access control

34
The Simple Example in AS3 Logic

• Entities (Nominals/Identifiers)
• shipA, shipB, MA, CMD
• Goal
• R1 detect_intrusion(MA)
• ??Tserv(enemy_destroyed T)
• If the MA detects an intrusion then eventually
  somewhere there will be a process that will
  record enemy_destroyed

35
Service Coordination Descriptions in AS3 Logic

• S1
• detect_intrusion(MA)
  
• ? ?serv(enemy_ship MA)
• S2
• serv(enemy_shipMA)
• ??get_coordinates(u,vMA)
• S3 get_coordinates(u,vMA)
• ?? serv(u,vMA)
• and two other axioms

36
Access Control Requirement The Simple Example

• Only CMD is allowed to communicate to shipA or
  shipB
• MA cannot directly communicate with shipA or
  shipB
• AC1
• UshipA ? UshipB ??restrict(MA,U)
• AC2
• SystemMA T
• AC3
• ?restrict(shipA,shipB)
• AC4
• restrict(CMD, MA)

37
Deductive Proof and Process Synthesis

• (1) restrict(CMD, MA) (AC4)
• (2) restrict(I,s)?T(Is) (A3)
• (3) T(CMD MA) (MP 1,2)

(1) restrict(CMD, MA) (AC4) (2)
restrict(I,s)?T(Is)
(A3) (3) T(MA MA) (MP 1,2) (4) SystemMA
T (AC2) (5) f?Tf
(T4) (6) T SystemMA T (Sub.
4, 5)
(1) restrict(CMD, MA) (AC4) (2)
restrict(I,s)?T(Is)
(A3) (3) T(MA MA) (MP 1,2) (4) SystemMA
T (AC2) (5) f?Tf
(T4) (6) T SystemMA T (Sub.
4, 5) (7) Tns ? /\ T(f s)? T nf s
? (A4) (8) T SystemMA CMD T
(MP 4,6,7)

• (1) restrict(CMD, MA) (AC4)
• (2) restrict(I,s)?T(Is)
  (A3)
• (3) T(MA MA) (MP 1,2)
• (4) SystemMA T (AC2)
• (5) f?Tf (T4)
• (6) T SystemMA T (Sub. 4, 5)
• (7) Tns ? /\ T(f s)? T nf s ?
  (A4)
• (8) T SystemMA CMD T (MP
  4,6,7)
• (9) restrict(shipA, MA)
  (AC1)
• (10) ?restrict(shipA,shipB) (AC3)
• (11) restrict(f,s) /\ restrict(f,?)
• ?restrict(f ?,s)
  (A5)
• (12) restrict(shipAshipB,MA) (MP
  9,10,11)

• (1) restrict(CMD, MA) (AC4)
• (2) restrict(I,s)?T(Is) (A3)
• (3) T(MA MA) (MP 1,2)
• (4) SystemMA T (AC2)
• (5) f?Tf (T4)
• (6) T SystemMA T (Sub. 4, 5)
• (7) Tns ? /\ T(f s)? T nf s ?
  (A4)
• (8) T SystemMA CMD T (MP
  4,6,7)
• (9) restrict(shipA, MA) (AC1)
• (10) ?restrict(shipA,shipB) (AC3)
• (11) restrict(f,s) /\ restrict(f,?)?restrict(f
  ?,s) (A5)
• (12) restrict(shipAshipB,MA) (MP
  9,10,11)
• (13) TnfJ ? restrict(K,J)?TnfmKJ ?
  T(nfJ mK) (A9)
• (14) T SystemCMD MA mshipAshipB T
  (MP 8,12,13)

A4
A9
38
Deductive Proof and Process Synthesis
Goal R1 detect_intrusion(MA)
??Tserv(enemy_destroyed T)

• S1
• detect_intrusion(MA)?
• ?serv(enemy_ship MA)
• S2
• serv(enemy_shipMA)
• ??get_coordinates(u,vMA)

• fix MA
• let xMAdetect_intrusion()
• Instantiate
• if xenemy_ship then let (u,v)MAget_coordinate
  s()
• instantiate

39
Demo of Static Proof Theory
40
Image Finiteness of Processes

• We impose the following restrictions on processes
• Recursive processes are guarded
• Parallel composition through recursion is not
  allowed (similar to Pi-calculus Dam 93)
• A type system can check for well-formedness of
  processes
• Image Finiteness A closed process term can only
  evolve (in zero or more steps) into finitely
  many non-congruent process terms using the
  reduction rules
• Restrictions ensure that every process is image
  finite
• Back

41
Semantics of AS3 Logic

• Interpreted over systems decorated with atomic
  formulas
• P I if fix IP
• P ltugt f if there exists Q, R,S,T P?ltugtQ,
• R ? (x).S,T PR and Q f
• P pred(u1,,un) if P is decorated with
  pred(u1,,un)
• P in(n) f if there exists Q, n, R, S, P ? in
  n.Q, Q f _at_n, S ? P nR
• Back

42
Transformation Rules for Access Control (Cont.)

• A3 restrict(I,s)?T(I s)
• A4 Tn? s ? T(f s)?Tnf s ?
• A5 restrict(f,s)?restrict(f,?)?restrict(f
  ?,s)
• A6 next_hierarchy(I,s)?restrict(I,s)
• A7 restrict(I,s) /\ T(I J)?restrict(J,s)
• A8 restrict(s,f)?restrict(f,s)
• A9 Tnf J /\ restrict(K,J)?Tnf mK
  J V T(nf J mK)
• Back

43
Service Descriptions in AS3 Logic

• S4
• serv(u,vMA)??K(u,vCMD)
• S5 K(u,vCMD)??K(u,vshipA)\/?K(u,vshipB)
• Back

44
Policy Enforcement Model-based Diagnosis and
Recovery

• System was synthesized based on the assumption
  that services do not behave maliciously
  Unrealistic assumption
• Runtime enforcement ensures diagnosis of
  malicious behavior on the part of services and
  subsequent recovery
• Service specifications used to generate symptoms
• Abduction based diagnosis uses the models
  (process terms) to diagnose breach of trust by
  services and ensure recovery

45
Requirements of AS3 Systems

• Adaptability
• Provide acceptable performance in the presence of
  system failures, overload, or damages
• Rapid reconfiguration to achieve users new
  missions
• Security
• Authentication for both users and service
  providers
• Protection of critical information infrastructure
  of distributed services based on flexible
  security policies
• For example, access control requirements
• Situation-Awareness (SAW) capability of being
  aware of complex situations for
• Service coordination
• Adapting workflows when situations change
• Enforcing situation-aware security policies

46
A Simple Example

• A simplified version of the ship scenario in the
  overview slides
• Intrusion of enemy detected by Monitoring Agent
  that reports to the CMD
• The CMD directly asks shipA (or shipB) to destroy
  the enemy ship rather than sending a warning
• We assume no failures take place
• The Combat System Agent has been eliminated

47
AS3 Processes for the Example

• System MA CMD fleet shipA shipB
• fix MA
• if MA detect_intrusion() then
• let ltx,ygt MA get_enemy_coordinates()
  instantiate ltx,ygt.MA
• else
• MA
• fix CMD
• (x,y). in fleet.ltx,ygt.ltdestroygt.out fleet.CMD
• fix shipA (x,y).(d).
• if ddestroy then
• (shipAlock_radar(x,y).shipAload_missile().(let
  zshipAfire() instantiate if z
  enemy_destroyed then ltzgt ) then shipA)
• else
• shipA
• shipB ?shipA

48
Synthesis of AS3 Processes

• Security (access control) model synthesized
  through formula rewriting using sound
  transformation rules in AS3 logic
• Service specifications including QoS properties
  axiomatized in AS3 logic
• Functional as well as QoS goals of a mission
  expressed in AS3 logic

49
Papers, Theses and Reports

• Publications resulted from AS3 project
• 1 S. S. Yau, H. Davulcu, S. Mukhopadhyay, D.
  Huang and Y. Yao, "Adaptable Situation-Aware
  Secure Service Based Systems", Proc. 8th IEEE
  Int'l Symp. on Object-oriented Real-time
  distributed Computing (ISORC2005), May 2005,
  pp.308-315.
• 2 S. S. Yau, Y. Yao, Z. Chen and L. Zhu, An
  Adaptable Security Framework for Service-based
  Systems, Proc. 10th IEEE Intl Workshop on
  Object-oriented Real-time Dependable Systems
  (WORDS2005), February 2005, pp. 28-35.
• 3 S. S. Yau, D. Huang, H. Gong and H. Davulcu,
  Situation-Awareness for Adaptable Service
  Coordination in Service-based Systems, Proc.
  29th Annual Int'l Computer Software and
  Application Conference (COMPSAC 2005), September
  2005, to appear.
• 4 S. S. Yau and D. Huang, Mobile Middleware
  for Situation-Aware Service Discovery and
  Coordination, Mobile Middleware, edited by Paolo
  Bellavista and Antonio Corradi, 2005, Chapter
  5.g, to appear.

50
References(check against references in MURI book
chapter)

• Abe04 D. Aberdeen, S. Thiébaux, L. Zhang.
  Decision-Theoretic Military Operations Planning.
  In ICAPS-04, 2004.
• Bac01 F. Bacchus and M. Ady, Planning with
  Resources and Concurrency A Forward Chaining
  Approach, International Joint Conference on
  Artificial Intelligence (IJCAI-2001), pages
  417-424, 2001.
• Bly93 Jim Blythe and W. Scott Reilly,
  Integrating Reactive and Deliberative Planning
  in a Household Robot, Technical Report
  CMU-CS-93-155, Carnegie Mellon University, School
  of Computer Science, May 1993.
• Bon01 A. Bonifati, S. Ceri, and S. Paraboschi.
  Pushing reactive services to XML repositories
  using active rules. In Proc. 10th World-Wide-Web
  Conference, 2001.
• Bon03 B. Bonet and H. Geffner. Labeled RTDP
  Improving the Convergence of Real Time Dynamic
  Programming. 13th International Conference on
  Automated Planning and Scheduling (ICAPS-2003),
  Trento, Italy, June 2003.
• Bro91a Rodney Brooks, "Integrated systems based
  on behaviors", In Proceedings of AAAI Spring
  Symposium on Integrated Intelligent
  Architectures, Stanford University, March 1991.
  Available in SIGART Bulletin, Volume 2, Number 4,
  August 1991.
• Bro91b Rodney Brooks, Intelligence without
  reason, In Proc. of IJCAI-91. Morgan Kaufmann,
  San Mateo, 1991.
• Cha87 David Chapman. "Planning for conjunctive
  goals", Artificial Intelligence, 32333378,
  1987.
• Dav94 Davidsson, P., "Concepts and autonomous
  agents", LU--CS--TR 94--124, Department of
  computer science, Lund University, 1994
• Den03G. Denker, L. Kagal, T. W. Finin, M.
  Paolucci, and K. P. Sycara. Security for DAML web
  services Annotation and matchmaking. In
  International Semantic Web Conference,2003, pp.
  335-350.
• Dor97 J. E. Doran, et al, "On Cooperation in
  Multi-Agent Systems", The Knowledge Engineering
  Review, 12(3), 1997.
• Feo95 T.A. Feo and M.G.C. Resende, Greedy
  randomized adaptive search procedures, Journal
  of Global Optimization, vol. 6, 1995, pp.
  109--133.

51
References (cont.)

• Fur02 D. Furcy S. Koenig and C. Bauer.
  Heuristic search-based replanning. In Proceedings
  of the International Conference on Artificial
  Intelligence Planning and Scheduling, 2002.
• Gar02 A.Garland and N. Lesh, Continuous Plan
  Evaluation with Incomplete Action Descriptions,
  Proc. 3rd Int'l NASA WS on Planning and
  Scheduling for Space, Houston, TX, 2002.
• Gil04 Yolanda Gil, Ewa Deelman, Jim Blythe,
  Carl Kesselman and Hongsuda Tangmunarunkit,
  Artificial Intelligence and Grids Workflow
  Planning and Beyond, IEEE Intelligent Systems,
  special issue on e-science, Jan/Feb 2004.
• Liu04 Y. Liu S. Koenig, M. Likhachev and D.
  Furcy. Incremental heuristic search in artificial
  intelligence. Artificial Intelligence Magazine,
  2004 (in press).
• Lu02 Chenyang Lu, John A. Stankovic, Gang Tao
  and Sang H. Son, "Feedback Control Real-Time
  Scheduling Framework, Modeling, and Algorithms,"
  Real-Time Systems Journal, vol. 23(1/2), 2002,
  pp. 85-126.
• Kro03 R. van der Krogt, M. de Weerdt, and C.
  Witteveen. A resource based framework for
  planning and replanning. Web Intelligence and
  Agent Systems, 1(3/4)173-186, 2003.
• Kro04 R. van der Krogt and M. de Weerdt. The
  two faces of plan repair. In Proceedings of the
  Sixteenth Belgium-Netherlands Conference on
  Artificial Intelligence (BNAIC-04), pages
  147-154, 2004.
• Nam01 Brian Mac Namee, Pádraig Cunningham, "A
  Proposal for an Agent Architecture for Proactive
  Persistent Non Player Characters", Proceedings of
  the Twelfth Irish Conference on Artificial
  Intelligence and Cognitive Science pp. 221-232,
  2001.
• Nie03 Niederberger C., Gross M. , "Hierarchical
  and Heterogeneous Reactive Agents for Real-Time
  Applications", Computer Graphics Forum, September
  2003, vol. 22, no. 3, pp. 323-331
• Nou97 Nourredine Bensaid and Philippe Mathieu,
  "A hybrid architecture for hierarchical agents",
  pages 91-95. Griffith University, Gold-Coast,
  Australia, February 1997.
• Nwa96 Hyacinth S. Nwana, "Software Agents An
  Overview", Knowledge Engineering Review, Vol. 11,
  No 3, pp. 205-244, October/November 1996.
• Res02 M. G. C. Resende and C. C. Ribeiro.
  Greedy randomized adaptive search procedures. In
  F. Glover and G. Kochenberger, editors, Handbook
  of Metaheuristics, pp. 219-249. Kluwer, 2002.

52
References (cont.)

• Sen02 P. Senkul, M. Kifer, and I. H. Toroslu,
  A Logical Framework for Scheduling Workflows
  under Resource Allocation Constraints, Proc.
  28th Intl Conf. on Very Large Data Bases
  (VLDB02), 2002, pp. 694-705.
• Urd03 C. Urdiales, et al, "Hierarchical
  planning in a mobile robot for map learning and
  navigation", in Autonomous Robotic Systems - Soft
  Computing and Hard Computing Methodologies and
  Applications, D. Maravall, D. Ruan and C. Zhou
  (eds), Springer Verlag Pub pp. 165-188, 2003
• Vas04 Vasco Pires, Miguel Arroz, Luis Custódio,
  Logic Based Hybrid Decision System for a
  Multi-robot Team, 8th Conference on Intelligent
  Autonomous Systems, Amsterdam, The Netherlands,
  2004
• Woo02 Mike Wooldridge, "An Introduction to
  Multiagent Systems by Michael Wooldridge", ISBN 0
  47149691X, John Wiley Sons (Chichester,
  England), February 2002
• Wu03 D. Wu, B. Parsia, E. Sirin, J. Hendler,
  and D. Nau. Automating DAML-S web services
  composition using SHOP2. Proceedings of the
  Second International Semantic Web Conference
  (ISWC2003), November 2003.

53
SINS and SOL

• SINS (Secure Infrastructure for Networked
  Systems)
• An agent-based middleware
• Comprise SINS Virtual Machines for instantiating
  agents
• SVMs communicate using Agent Control Protocol
• Agents are specified using SOL and can be
  automatically generated and verified
• SOL (Secure Operation Language)
• A synchronous programming language
• SOL is secure
• SOL programs are amenable to fully automated
  static analysis techniques, such as automatic
  theorem proving using decision procedures or
  model checking
• SOL has the ability to express a wide class of
  enforceable safety and security policies
• A set of design and analysis tools, including
  visual representation tool, verification tools
  and interpreters to other languages, are
  available for SOL
• Back

54
Equational Theory

• An equational theory for AS3 calculus is
  provided by the structural congruence relation
  defined below. It allows syntactic identification
  of two processes having identical behavior
• A process is structurally congruent to its
  alpha-renamed variant
• If P?Q then
• C.P ? C.Q
• A.P ? A.Q
• PR ? QR
• RP ? RQ
• NP ? NQ
• (new n) P ? (new n) Q
• fix IP ? fix IQ
• PR ? QR
• Back

55
Normal Hybrid Modal Logic

• A normal modal logic ?? is a set of formulas
  that contains all tautologies, ?(???), (?????),
  and ????????, and is closed under uniform
  substitution, modus ponens, and generalization
  Blackburn
• Hybrid logics use one sort of atoms called
  nominals to refer to states which are regarded as
  first class citizens Blackburn
• 
  Back