Asynchronous Distributed Monitoring for Multiparty Session Enforcement

  • Tzu-Chun Chen
  • Laura Bocchi
  • Pierre-Malo Deniélou
  • Kohei Honda
  • Nobuko Yoshida
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7173)


We propose a formal model of runtime safety enforcement for largescale, cross-language distributed applications with possibly untrusted endpoints. The underlying theory is based on multiparty session types with logical assertions (MPSA), an expressive protocol specification language that supports runtime validation through monitoring. Our method starts from global specifications based on MPSAs which the participants should obey. Distributed monitors use local specifications, projected from global specifications, to detect whether the interactions are well-behaved, and take appropriate actions, such as suppressing illegal messages. We illustrate the design of our model with examples from real-world distributed applications. We prove monitor transparency, communication conformance, and global session fidelity in the presence of possibly unsafe endpoints.


Online Appendix Label Transition System Shared Channel Monitor Process Outgoing Message 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barringer, H., Falcone, Y., Finkbeiner, B., Havelund, K., Lee, I., Pace, G., Roşu, G., Sokolsky, O., Tillmann, N. (eds.): RV 2010. LNCS, vol. 6418. Springer, Heidelberg (2010)Google Scholar
  2. 2.
    Bhargavan, K., Corin, R., Deniélou, P.-M., Fournet, C., Leifer, J.: Cryptographic protocol synthesis and verification for multiparty sessions. In: CSF, pp. 124–140 (2009)Google Scholar
  3. 3.
    Bocchi, L., Honda, K., Tuosto, E., Yoshida, N.: A Theory of Design-by-Contract for Distributed Multiparty Interactions. In: Gastin, P., Laroussinie, F. (eds.) CONCUR 2010. LNCS, vol. 6269, pp. 162–176. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Caires, L., Vieira, H.T.: Conversation Types. In: Castagna, G. (ed.) ESOP 2009. LNCS, vol. 5502, pp. 285–300. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Carbone, M., Honda, K., Yoshida, N.: Structured Interactional Exceptions in Session Types. In: van Breugel, F., Chechik, M. (eds.) CONCUR 2008. LNCS, vol. 5201, pp. 402–417. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
  7. 7.
    Chave, M., Arrott, A., Farcas, C., Farcas, E., Krueger, I., Meisinger, M., Orcutt, J., Vernon, F., Peach, C., Schofield, O., Kleinert, J.: Cyberinfrastructure for the US Ocean Observatories Initiative. In: Proc. IEEE OCEANS 2009. IEEE (2009)Google Scholar
  8. 8.
    Chen, F., Rosu, G.: MOP:An Efficient and Generic Runtime Verification Framework. In: OOPSLA, pp. 569–588 (2007)Google Scholar
  9. 9.
    Corin, R., Denielou, P.-M., Fournet, C., Bhargavan, K., Leifer, J.: Secure Implementations for Typed Session Abstractions. In: CSF, pp. 170–186. IEEE Computer Society (2007)Google Scholar
  10. 10.
    Coulouris, G., Dollimore, J., Kindberg, T.: Distributed Systems, Concepts and Design. Addison-Wesley (2001)Google Scholar
  11. 11.
    Dam, M., Jacobs, B., Lundblad, A., Piessens, F.: Security Monitor Inlining for Multithreaded Java. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 546–569. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Deniélou, P.-M., Yoshida, N.: Buffered Communication Analysis in Distributed Multiparty Sessions. In: Gastin, P., Laroussinie, F. (eds.) CONCUR 2010. LNCS, vol. 6269, pp. 343–357. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Deniélou, P.-M., Yoshida, N.: Dynamic multirole session types. In: POPL, pp. 435–446 (2011)Google Scholar
  14. 14.
    Falcone, Y.: You Should Better Enforce Than Verify. In: Barringer, H., Falcone, Y., Finkbeiner, B., Havelund, K., Lee, I., Pace, G., Roşu, G., Sokolsky, O., Tillmann, N. (eds.) RV 2010. LNCS, vol. 6418, pp. 89–105. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    Havelund, K., Goldberg, A.: Verify Your Runs. In: Meyer, B., Woodcock, J. (eds.) VSTTE 2005. LNCS, vol. 4171, pp. 374–383. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. 16.
    Hennessy, M., Rathke, J., Yoshida, N.: SafeDpi: a language for controlling mobile code. Acta Inf. 42(4-5), 227–290 (2005)MathSciNetzbMATHCrossRefGoogle Scholar
  17. 17.
    Honda, K., Yoshida, N., Carbone, M.: Multiparty Asynchronous Session Types. In: POPL 2008, pp. 273–284. ACM (2008)Google Scholar
  18. 18.
    Leucker, M., Schallhart, C.: A brief account of runtime verification. J. Log. Algebr. Program. 78(5), 293–303 (2009)zbMATHCrossRefGoogle Scholar
  19. 19.
    Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Trans. Inf. Syst. Secur. 12, 19:1–19:41 (2009)CrossRefGoogle Scholar
  20. 20.
    Online Appendix of this paper,
  21. 21.
    Mostrous, D., Yoshida, N., Honda, K.: Global Principal Typing in Partially Commutative Asynchronous Sessions. In: Castagna, G. (ed.) ESOP 2009. LNCS, vol. 5502, pp. 316–332. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Mullender, S. (ed.): Distributed Systems. Addison-Wesley (1993)Google Scholar
  23. 23.
  24. 24.
    Riely, J., Hennessy, M.: Trust and partial typing in open systems of mobile agents. In: Proc. POPL 1999 (1999)Google Scholar
  25. 25.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3, 30–50 (2000)CrossRefGoogle Scholar
  26. 26.
    Scribble Project homepage,

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Tzu-Chun Chen
    • 1
  • Laura Bocchi
    • 2
  • Pierre-Malo Deniélou
    • 3
  • Kohei Honda
    • 1
  • Nobuko Yoshida
    • 3
  1. 1.Queen Mary, University of LondonUK
  2. 2.University of LeicesterUK
  3. 3.Imperial College LondonUK

Personalised recommendations