ACUERDO DE REMISIÓN AL ÁREA DE RESPONSABILIDADES

In this section we formally define sequential protocol composition in Maude-NPA. We first define the sequential composition of two strands, since this will help us to define sequential protocol composition in general. Intuitively, sequential composition of two strands describes a situation in which one strand (the child ), can only execute after another strand (the parent ) has completed its execution. Each composition of two strands is obtained by matching the output parameters of the parent strand with the input parameters of the child strand in a user-specified way. Note that it may be possible for a single parent strand to have more than one child strand.

Definition 6.4 (Sequential Strand Composition) Given two strands paq :: ÝÑra :: rtÝÑIau, ÝÑMa,tÝÑOaus and pbq :: ÝÑrb :: rtÝÑIbu, ÝÑMb,tÝÑObus that

are properly renamed to avoid variable sharing, a sequential strand com- position is a triple of the form pa, b, Modeq where a and b denote the parent and child roles, respectively, and Mode is either 1-1 or 1-*, indi- cating a one-to-one or one-to-many composition. This triple satisfies the following conditions for consistency:

1. both Ý_ÑÝ OÑa and ÝÑIb have the same length, i.e. ÝOÑa  m1, . . . , mn and

Ib  m11, . . . , m1n, and

2. there exists at least one substitution σ such that ÝOÑa EP

Ý Ñ_I

bσ.

Example 6.5 Let us consider again our two examples of sequential pro- tocol composition. The composition of the NSL initiator strand and the DB responder strand is specified by the triple pNSL.init, DB.resp,1-1q, where both strands are as shown below:

pNSL.initq :: r :: rtA, Bu, ppkpB, npA, rq; Aqq,

ppkpA, npA, rq; N; Bqq, ppkpB, Nqq, tA, B, npA, rqus.

pDB.respq :: nil :: rtA, B, NAu,
pNBq, pNB NAq,

6.3. Abstract Sequential Composition in Maude-NPA 147

The composition of the NSL initiator strand with the KD responder strand is specified by the triple pNSL.init, KD.resp,1-*q, where both strands are as shown below:

pNSL.initq :: r :: rtA, Bu, ppkpB, npA, rq; Aqq,

ppkpA, npA, rq; N; Bqq, ppkpB, Nqq, tA, B, hpnpA, rq, Nqus.

pKD.respq :: r :: rtA, B, Ku,
pepK, SKqq,

pepK, SK; npB, rqqq,
pepK, npB, rqqq, tA, B, K, SK, npB, rqus.

such that the term hpnpA, rq, Nq has the same sort as that of the input

parameter K. _

Intuitively, we can now define the sequential composition of two pro- tocols as a set of sequential strand compositions.

Definition 6.6 (Sequential Composition of Two Protocols) Gi- ven two protocols P1 and P2 that are properly renamed to avoid vari-

able sharing, a sequential composition of both protocols, written P1 ;SP2,

is defined as a triple of the form pP1, S, P2q where S denotes a set of

strand compositions between a parent strand of P1 and a child strand of

P2 of the form described in Definition 6.4. Note that the signature of

such protocol composition is the union2 _{of the signature of both proto-}

cols, i.e., ΣP1;SP2  ΣP1 Y ΣP2. Similarly, the set of equations specifying

the algebraic properties of such protocol composition is the union of the equations of both protocols, i.e., EP1;SP2  EP1 Y EP2.

Example 6.7 Let us consider again both the NSL and DB protocols and their composition. The composition of both protocols, which is an example of a one-to-one composition, is specified as follows, indicating that the initiator of NSL can be composed with the responder of DB and the responder of NSL with the initiator of DB:

2_{Note that we allow shared items but require the user to solve any possible con-}

flict. Operator and sort renaming is an option, as in the Maude module importation language, but we do not consider those details in this chapter.

N SL ;S DB  pNSL, tpNSL.init, DB.resp, 1
1q,

pNSL.resp, DB.init, 1
1qu, DBq

where the strands are as shown below:

pNSL.initq :: r :: r ppkpB, npA, rq; Aqq,

ppkpA, npA, rq; N; Bqq, ppkpB, Nqq, tA, B, npA, rqus pNSL.respq :: r :: r
ppkpB, N; Aqq,

ppkpA, N; npB, rq; Bqq,
ppkpB, npB, rqqq, tA, B, Nus pDB.initq :: r :: rtA, B, NAu, pnpB, rqq,
pnpB, rq  NAqs

pDB.respq :: nil :: rtA, B, NAu,
pNBq, pNB NAqs

Note that we have removed irrelevant input and output parameters for

clarity and simplicity. _

Example 6.8 Let us now consider the NSL and KD protocols and their composition. The composition of both protocols, which is an example of a one-to-many composition, is specified as follows, indicating that there are four possible compositions: the initiator of NSL composed with either the initiator or the responder of KD, and the responder of NSL composed with either the initiator or the responder of KD:

N SL ;S KD p NSL,pNSL.init, KD.init, 1
q,

pNSL.init, KD.resp, 1
q, pNSL.resp, KD.init, 1
q, pNSL.resp, KD.resp, 1
qu, KDq

6.3. Abstract Sequential Composition in Maude-NPA 149

pNSL.initq :: r :: r ppkpB, npA, rq; Aqq,
ppkpA, npA, rq; N; Bqq, ppkpB, Nqq, tA, B, hpnpA, rq, Nqus

pNSL.respq :: r :: r
ppkpB, N; Aqq, ppkpA, N; npB, rq; Bqq,
ppkpB, npB, rqqq, tA, B, hpN, npB, rqqus pKD.initq :: r :: rtA, B, Ku, pepK, skeypA, rqq,

pepK, skeypA, rq; Nqq, pepK, Nqqs

pKD.respq :: r :: rtA, B, Ku,
pepK, SKqq, pepK, SK; npB, rqqq,
pepK, npB, rqqs

such that terms h(n(A,r),N) and h(N,n(B,r)) are of the same sort as variable K. Note that, again, we have removed irrelevant input and

output parameters for clarity. _

Remark 1 As we shall see in Sections 6.4.2 and 6.5.4, composition via protocol transformation and composition via synchronization messages implement most of our abstract composition semantics. There is one important exception though in the case of one-to-many composition. In the abstract semantics there is nothing preventing a single instantiation of a parent role from having two or more children belonging to different roles, assuming both child roles are allowed by the specification. In com- position via protocol transformation and composition via synchronization messages, a particular instantiation of a role can have children belonging to only one role, although that role may be one of any of the roles allowed by the specification. Thus, in the NSL-KD case, the case in which an instantiation of an NSL strand has both a KD-initiator child and a KD- responder child is never reachable via the protocol transformation or the synchronization message syntaxes and semantics. However, the case in which one instantiation of a parent NSL strand has a KD-initiator child, and another instantiation has a KD-responder child, may be reachable. This can be implemented by requiring that parents only compose with children of the sort that they have composed with before.

In our proof of the soundness and completeness result in Sections 6.4.2 and 6.5.4, we thus make the further restriction on the abstract semantics that any instantiation of a strand only has children of a single role. We

do not make this restriction a permanent part of the definition of the abstract semantics however, since allowing greater freedom in the abstract semantics allows us to explore further options in the future.

Finally, we need to define the sequential composition of more than two protocols. Intuitively, the sequential composition of n protocols P1, . . . , Pn is a set of two-protocol compositions, such that each pro-

tocol is composed with the previous protocol (except P1) and with the

next protocol (except Pn).

Definition 6.9 (Sequential Composition of n Protocols) Given n protocols P1, . . . , Pn that are properly renamed to avoid variable sharing,

the sequential composition of all of them is denoted by: P1 ;S1P2 ;S2P3 ;S3. . . ;Sn
2Pn
1 ;Sn
1Pn

iff P1 ;S1P2, P2 ;S2P3, . . . , Pn
1 ;Sn
1Pn are sequential protocol compo-

sitions as explained in Definition 6.6.