Formal Aspects of Computing

, Volume 28, Issue 4, pp 669–696 | Cite as

Self-adaptation and secure information flow in multiparty communications

  • Ilaria Castellani
  • Mariangiola Dezani-Ciancaglini
  • Jorge A. Pérez
Open Access
Original Article


We present a comprehensive model of structured communications in which self-adaptation and security concerns are jointly addressed. More specifically, we propose a model of multiparty, self-adaptive communications with access control and secure information flow guarantees. In our model, multiparty protocols (choreographies) are described as global types; security violations occur when process implementations of protocol participants attempt to read or write messages of inappropriate security levels within directed exchanges. Such violations trigger adaptation mechanisms that prevent the violations to occur and/or to propagate their effect in the choreography. Our model is equipped with local and global adaptation mechanisms for reacting to security violations of different gravity; type soundness results ensure that the overall multiparty protocol is still correctly executed while the system adapts itself to preserve the participants’ security.


Concurrency Behavioural types Multiparty communication Self-adaptation Secure information flow 


  1. AF12.
    Austin TH, Flanagan C (2012) Multiple facets for dynamic information flow. In: POPL 2012. ACM Press, New York, pp 165–178.Google Scholar
  2. AS09.
    Askarov A, Sabelfeld A (2009) Tight enforcement of information-release policies for dynamic languages. In: CSF 2009. IEEE Computer Society, New York, pp 43–59Google Scholar
  3. BCC04.
    Bugliesi M, Castagna G, Crafa S (2004) Access control for mobile agents: the calculus of boxed ambients. In: ACM Trans Programm Lang Syst 26(1):57–124Google Scholar
  4. BCCD12.
    Bono V, Capecchi S, Castellani I, Dezani-Ciancaglini M (2012) A reputation system for multirole sessions. In: TGC 2011. LNCS, vol 7173. Springer, Berlin, pp 1–24.Google Scholar
  5. BCD+09.
    Bhargavan K, Corin R, Deniélou P, Fournet C, Leifer JJ (2009) Cryptographic protocol synthesis and verification for multiparty sessions. In: CSF 2009. IEEE Computer Society, New York, pp 124–140Google Scholar
  6. BCD+13.
    Bocchi L, Chen T, Demangeon R, Honda K, Yoshida N (2013) Monitoring networks through multiparty session types. In: FMOODS/FORTE 2013. LNCS, vol 7892. Springer, Berlin, pp 50–65Google Scholar
  7. BCD+15.
    Bartoletti M, Castellani I, Deniélou P, Dezani-Ciancaglini M, Ghilezan S, Pantovic J, Pérez JA, Thiemann P, Toninho B, Torres Vieira H (2015) Combining behavioural types with security analysis. J Log Algebr Methods Programm 84(6):763–780 (Special Issue on Open Problems in Concurrency Theory) Google Scholar
  8. BCG+12.
    Bruni R, Corradini A, Gadducci F, Lluch-Lafuente A, Vandin A (2012) A conceptual framework for adaptation. In: FASE 2012. LNCS, vol 7212. Springer, Berlin, pp 240–254Google Scholar
  9. BCH+14.
    Bravetti M, Carbone M, Hildebrandt TT, Lanese I, Mauro J, Pérez JA, Zavattaro G (2014) Towards global and local types for adaptation. In: SEFM 2013. LNCS, vol 8368. Springer, Berlin, pp 3–14Google Scholar
  10. BDPZ12.
    Bravetti M, Di Giusto C, Pérez JA, Zavattaro G (2012) Adaptable processes. In: Logical methods in computer science 8(4)Google Scholar
  11. BM11.
    Bielova N, Massacci F (2011) Computer-aided generation of enforcement mechanisms for error-tolerant policies. In: POLICY 2011. IEEE Computer Society Press, New York, pp 89–96Google Scholar
  12. Bou09.
    Boudol G (2009) Secure information flow as a safety property. In: FAST 2008. LNCS, vol 5491. Springer, Berlin, pp 20–34Google Scholar
  13. BYY14.
    Bocchi L, Yang W, Yoshida N (2014) Timed multiparty session types. In: CONCUR 2014. LNCS, vol 8704. Springer, Berlin, pp 419–434Google Scholar
  14. CCDC14.
    Capecchi S, Castellani I, Dezani-Ciancaglini M (2014) Typing access control and secure information flow in sessions. Inf. Comput. 238:68–105Google Scholar
  15. CCDC15.
    Capecchi S, Castellani I, Dezani-Ciancaglini M (2015) Information flow safety in multiparty sessions. In: Mathematical structures in computer science. FirstView:1–43. doi: 10.1017/S0960129514000619. (Available on CJO2015)
  16. CDCV15.
    Coppo M, Dezani-Ciancaglini M, Venneri B (2015) Self-adaptive multiparty sessions. Serv Orient Comput Appl 9(3–4): 249–268CrossRefGoogle Scholar
  17. CDCYP16.
    Coppo M, Dezani-Ciancaglini M, Yoshida N, Padovani L (2016) Global progress for dynamically interleaved multiparty sessions. Math Struct Comput Sci 26(2): 238–302MathSciNetCrossRefGoogle Scholar
  18. CDP14.
    Castellani I, Dezani-Ciancaglini M, Pérez JA (2014) Self-adaptation and secure information flow in multiparty structured communications: a unified perspective. In: BEAT 2014. EPTCS, vol 162. Open Publishing Association, USA, pp 9–18Google Scholar
  19. CHY12.
    Carbone M, Honda K, Yoshida N (2012) Structured communication-centered programming for web services. ACM Trans Programm Lang Syst 34(2): 8–1878CrossRefzbMATHGoogle Scholar
  20. Den76.
    Denning DE (1976) A lattice model of secure information flow. Commun ACM 19(5):236–243Google Scholar
  21. DGL+14.
    Dalla PredaM, Giallorenzo S, Lanese I, Mauro J, GabbrielliM (2014) AIOCJ: a choreographic framework for safe adaptive distributed applications. In: SLE 2014. LNCS, vol 8706. Springer, Berlin, pp 161–170Google Scholar
  22. DP10.
    Devriese D, Piessens F (2010) Noninterference through secure multi-execution. In: Security and privacy 2010. IEEE Computer Society, USA, pp 109–124Google Scholar
  23. DP13.
    Di Giusto C, Pérez JA (2013) Disciplined structured communications with consistent runtime adaptation. In: SAC 2013. ACM Press, New York, pp 1913–1918Google Scholar
  24. DP15.
    Di Giusto C, Pérez JA (2015) Disciplined structured communications with disciplined runtime adaptation. In: Sci Comput Programm 97:235–265Google Scholar
  25. DP16.
    Di Giusto C, Perez JA (2016) An event-based approach to runtime adaptation in communication-centric systems. In: Web services, formal methods, and behavioral types. LNCS, vol 9421. Springer, Berlin, pp 67–85 (Extended version to appear in Formal Aspects of Computing) Google Scholar
  26. GCDC06.
    Garralda P, Compagnoni AB, Dezani-Ciancaglini M (2006) BASS: boxed ambients with safe sessions. In: PPDP 2006. ACM Press, New York, pp 61–72Google Scholar
  27. GH05.
    Gay S, Hole M (2005) Subtyping for session types in the pi calculus. Acta Informatica 42(2/3): 191–225MathSciNetCrossRefzbMATHGoogle Scholar
  28. HLV+16.
    Hüttel H, Lanese I, Vasconcelos VT, Caires L, Carbone M, Deniélou P, Mostrous D, Padovani L, Ravara A, Tuosto E, Torres Vieira H, Zavattaro G (2016) Foundations of session types and behavioural contracts. ACM Comput Surv 49(1):3:1–3:36Google Scholar
  29. HVK98.
    Honda K, Vasconcelos VT, Kubo M (1998) Language primitives and type disciplines for structured communication-based programming. In: ESOP 1998. LNCS, vol 1381. Springer, Berlin, pp 22–138Google Scholar
  30. HYC08.
    Honda K, Yoshida N, Carbone M (2008) Multiparty asynchronous session types. In: POPL 2008. ACM Press, New York, pp 273–284Google Scholar
  31. HYC16.
    Honda K, Yoshida N, Carbone M (2016) Multiparty asynchronous session types. J ACM 63(1): 9CrossRefzbMATHGoogle Scholar
  32. LBW05.
    Ligatti J, Bauer L, Walker D (2005) Edit automata: enforcement mechanisms for run-time security policies. Int J Inf Secur 4(1-2): 2–16CrossRefGoogle Scholar
  33. LBJS06.
    Le Guernic G, Banerjee A, Jensen TP, Schmidt DA (2006) Automata-based confidentiality monitoring. In: Springer (ed) ASIAN 2006. LNCS, vol 4435, pp 75–89Google Scholar
  34. LON+13.
    Leite LAF, Ansaldi Oliva G, Nogueira MG, Gerosa MA, Kon F, Milojicic DS (2013) A systematic literature review of service choreography adaptation. Serv Orient Comput Appl 7(3): 199–216CrossRefGoogle Scholar
  35. ML00.
    Myers AC, Liskov B (2000) Protecting privacy using the decentralized label model. In: ACM Trans Softw Eng Methodol 9:410–442Google Scholar
  36. Pad11.
    Padovani L (2011) Session Types = Intersection Types + Union Types. In: ITRS 2010. EPTCS, vol 45. Open Publishing Association, USA, pp 71–89Google Scholar
  37. PCF09.
    Planul J, Corin R, Fournet C (2009) Secure enforcement for global process specifications. In: CONCUR 2009. LNCS, vol 5710. Springer, Berlin, pp 511–526Google Scholar
  38. Pie02.
    Pierce BC (2002) Types and programming languages. MIT Press, USAzbMATHGoogle Scholar
  39. PS03.
    Pottier F, Simonet V (2003) Information flow inference for ML. ACM Trans Programm Lang Syst 25(1): 117–158CrossRefzbMATHGoogle Scholar
  40. RSC09.
    Russo A, Sabelfeld A, Chudnov A (2009) Tracking information flow in dynamic tree structures. In: ESORICS 2009. LNCS, vol 5789. Springer, Berlin, pp 86–103Google Scholar
  41. Sch00.
    Schneider FB (2000) Enforceable security policies. ACM Trans Inf Syst Secur 3(1): 30–50CrossRefGoogle Scholar
  42. SM03.
    Sabelfeld A, Myers AC (2003) Language-based information-flow security. IEEE J Select Areas Commun 21(1): 5–19CrossRefGoogle Scholar
  43. SR10.
    Sabelfeld A, Russo A (2010) From dynamic to static and back: riding the roller coaster of information-flow control research. In: PSI 2009. LNCS, vol 5947. Springer, Berlin, pp 352–365Google Scholar
  44. ZM07.
    Zheng L, Myers AC (2007) Dynamic security labels and static information flow control. Int J Inf Secur 6: 67–84CrossRefGoogle Scholar

Copyright information

© The Author(s) 2016

Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (, which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Authors and Affiliations

  1. 1.INRIA Sophia AntipolisValbonneFrance
  2. 2.Università di TorinoTurinItaly
  3. 3.University of GroningenGroningenThe Netherlands

Personalised recommendations