Scedrov, Andre

Email Address
Research Projects
Organizational Units
Research Interests

Search Results

Now showing 1 - 9 of 9
  • Publication
    Proof Theoretic Concepts for the Semantics of Types and Concurrency
    (1995) Tannen, Val; Gunter, Carl A; Scedrov, Andre; Coquand, Thierry
    We present a method for providing semantic interpretations for languages with a type system featuring inheritance polymorphism. Our approach is illustrated on an extension of the language Fun of Cardelli and Wegner, which we interpret via a translation into an extended polymorphic lambda calculus. Our goal is to interpret inheritances in Fun via coercion functions which are definable in the target of the translation. Existing techniques in the theory of semantic domains can be then used to interpret the extended polymorphic lambda calculus, thus providing many models for the original language. This technique makes it possible to model a rich type discipline which includes parametric polymorphism and recursive types as well as inheritance. A central difficulty in providing interpretations for explicit type disciplines featuring inheritance in the sense discussed in this paper arises from the fact that programs can type-check in more than one way. Since interpretations follow the type-checking derivations, coherence theorems are required: that is, one must prove that the meaning of a program does not depend on the way it was type-checked. The proof of such theorems for our proposed interpretation are the basic technical results of this paper. Interestingly, proving coherence in the presence of recursive types, variants, and abstract types forced us to reexamine fundamental equational properties that arise in proof theory (in the form of commutative reductions) and domain theory (in the form of strict vs. non-strict functions).
  • Publication
    An Operational Semantics for Network Datalog
    (2010-01-01) Nigam, Vivek; Jia, Limin; Loo, Boon Thau; Wang, Anduo; Scedrov, Andre
    Network Datalog (NDlog) is a recursive query language that extends Datalog by allowing programs to be distributed in a network. In our initial efforts to formally specify NDlog’s operational semantics, we have found several problems with the current evaluation algorithm being used, including unsound results, unintended multiple derivations of the same table entry, and divergence. In this paper, we make a first step towards correcting these problems by formally specifying a new operational semantics for NDlog and proving its correctness for the fragment of non-recursive programs. We also argue that if termination is guaranteed, then the results also extend to recursive programs. Finally, we identify a number of potential implementation improvements to NDlog.
  • Publication
    FSR: Formal Analysis and Implementation Toolkit for Safe Inter-Domain Routing
    (2011-01-01) Wang, Anduo; Jia, Limin; Zhou, Wenchao; Loo, Boon Thau; Ren, Yiqing; Rexford, Jennifer; Scedrov, Andre; Nigam, Vivek; Talcott, Carolyn
    Inter-domain routing stitches the disparate parts of the Internet together, making protocol stability a critical issue to both researchers and practitioners. Yet, researchers create safety proofs and counter-examples by hand, and build simulators and prototypes to explore protocol dynamics. Similarly, network operators analyze their router configurations manually, or using home-grown tools. In this paper, we present a comprehensive toolkit for analyzing and implementing routing policies, ranging from high-level guidelines to specific router configurations. Our Formally Safe Routing (FSR) toolkit performs all of these functions from the same algebraic representation of routing policy. We show that routing algebra has a natural translation to both integer constraints (to perform safety analysis with SMT solvers) and declarative programs (to generate distributed implementations). Our extensive experiments with realistic topologies and policies show how FSR can detect problems in an AS's iBGP configuration, prove sufficient conditions for BGP safety, and empirically evaluate convergence time.
  • Publication
    Reduction-Based Formal Analysis of BGP Instances
    (2012-01-01) Wang, Anduo; Talcott, Carolyn; Gurney, Alexander JT; Loo, Boon Thau; Scedrov, Andre
    Today’s Internet interdomain routing protocol, the Border Gateway Protocol (BGP), is increasingly complicated and fragile due to policy misconfigurations by individual autonomous systems (ASes). These misconfigurations are often difficult to manually diagnose beyond a small number of nodes due to the state explosion problem. To aid the diagnosis of potential anomalies, researchers have developed various formal models and analysis tools. However, these techniques do not scale well or do not cover the full set of anomalies. Current techniques use oversimplified BGP models that capture either anomalies within or across ASes, but not the interactions between the two. To address these limitations, we propose a novel approach that reduces network size prior to analysis, while preserving crucial BGP correctness properties. Using Maude, we have developed a toolkit that takes as input a network instance consisting of ASes and their policy configurations, and then performs formal analysis on the reduced instance for safety (protocol convergence). Our results show that our reduction based analysis allows us to analyze significantly larger network instances at low reduction overhead.
  • Publication
    Analyzing BGP Instances in Maude
    (2011-01-01) Wang, Anduo; Talcott, Carolyn; Loo, Boon Thau; Jia, Limin; Scedrov, Andre
    Analyzing Border Gateway Protocol (BGP) instances is a crucial step in the design and implementation of safe BGP systems. Today, the analysis is a manual and tedious process. Researchers study the instances by manually constructing execution sequences, hoping to either identify an oscillation or show that the instance is safe by exhaustively examining all possible sequences. We propose to automate the analysis by using Maude, a tool based on rewriting logic. We have developed a library specifying a generalized path vector protocol, and methods to instantiate the library with customized routing policies. Protocols can be analyzed automatically by Maude, once users provide specifications of the network topology and routing policies. Using our Maude library, protocols or policies can be easily specified and checked for problems. To validate our approach, we performed safety analysis of well-known BGP instances and actual routing configurations.
  • Publication
    A Reduction-Based Approach Towards Scaling Up Formal Analysis of Internet Configurations
    (2013-01-01) Wang, Anduo; Gurney, Alexander JT; Han, Xianglong; Cao, Jinyan; Loo, Boon T; Talcott, Carolyn; Scedrov, Andre
    The Border Gateway Protocol (BGP) is the single inter-domain routing protocol that enables network operators within each autonomous system (AS) to influence routing decisions by independently setting local policies on route filtering and selection. This independence leads to fragile networking and makes analysis of policy configurations very complex. To aid the systematic and efficient study of the policy configuration space, this paper presents network reduction, a scalability technique for policy-based routing systems. In network reduction, we provide two types of reduction rules that transform policy configurations by merging duplicate and complementary router configurations to simplify analysis. We show that the reductions are sound, dual of each other and are locally complete. The reductions are also computationally attractive, requiring only local configuration information and modification. We have developed a prototype of network reduction and demonstrated that it is applicable on various BGP systems and enables significant savings in analysis time. In addition to making possible safety analysis on large networks that would otherwise not complete within reasonable time, network reduction is also a useful tool for discovering possible redundancies in BGP systems.
  • Publication
    Maintaining Distributed Recursive Views Incrementally
    (2011-01-01) Nigam, Vivek; Loo, Boon Thau; Jia, Limin; Scedrov, Andre
    Distributed logic programming languages, that allow both facts and programs to be distributed among different nodes in a network, have been recently proposed and used to declaratively program a wide-range of distributed systems, such as network protocols and multi-agent systems. However, the distributed nature of the underlying systems poses serious challenges to developing efficient and correct algorithms for evaluating these programs. This paper proposes an efficient asynchronous algorithm to compute incrementally the changes to the states in response to insertions and deletions of base facts. Our algorithm is formally proven to be correct in the presence of message reordering in the system. To our knowledge, this is the first formal proof of correctness for such an algorithm.
  • Publication
    Maintaining Distributed Recursive Views Incrementally
    (2010-08-22) Nigam, Vivek; Loo, Boon Thau; Jia, Limin; Scedrov, Andre
    This paper proposes an algorithm to compute incrementally the changes to distributed recursive database views in response to insertions and deletions of base facts. Our algorithm uses a pipelined semi-näıve (PSN) evaluation strategy introduced in declarative networking. Unlike prior work, our algorithm is formally proven to be correct for recursive query computation in the presence of message reordering in the system. Our proof proceeds in two stages. First, we show that all the operations performed by our PSN algorithm computes the same set of results as traditional centralized semi-näıve evaluation. Second, we prove that our algorithm terminates, even in the presence of cyclic derivations due to recursion.
  • Publication
    A Formal Analysis of Some Properties of Kerberos 5 Using MSR
    (2004-01-01) Butler, Frederick; Cervesato, Iliano; Jaggard, Aaron D.; Scedrov, Andre
    We give three formalizations of the Kerberos 5 authentication protocol in the Multi-Set Rewriting (MSR) formalism. One is a high-level formalization containing just enough detail to prove authentication and confidentiality properties of the protocol. A second formalization refines this by adding a variety of protocol options; we similarly refine proofs of properties in the first formalization to prove properties of the second formalization. Our third formalization adds timestamps to the first formalization but has not been analyzed extensively. The various proofs make use of rank and corank functions, inspired by work of Schneider in CSP, and provide examples of reasoning about real-world protocols in MSR.We also note some potentially curious protocol behavior; given our positive results, this does not compromise the security of the protocol.