Gian Luigi Ferrari

Gian Luigi Ferrari
Università di Pisa | UNIPI · Department of Computer Science

PhD

About

188
Publications
8,641
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
3,030
Citations
Citations since 2016
28 Research Items
556 Citations
2016201720182019202020212022020406080100120
2016201720182019202020212022020406080100120
2016201720182019202020212022020406080100120
2016201720182019202020212022020406080100120
Introduction
Professor Computer Science, Dipartimento di Informatica, Pisa University, Italy
Additional affiliations
April 1992 - present
Università di Pisa
Position
  • Professor (Full)

Publications

Publications (188)
Chapter
The security of Cloud applications is always a major concern for application developers and operators. Protecting their users’ data confidentiality requires methods to avoid leakage from vulnerable software and unreliable cloud providers. Recently, hardware-based technologies emerged in the Cloud setting to isolate applications from the privileged...
Article
The Internet of Things is deeply shaping our society and our lives. Smart devices automatically collect, aggregate and exchange data on our behalf and free us from the drudgery of doing it. These data are often crucial because critical decisions, such as controlling cyber-physical systems, are made depending on them or because they feed learning al...
Chapter
Service contracts characterise the desired behavioural compliance of a composition of services, typically defined by the fulfilment of all service requests through service offers. Contract automata are a formalism for specifying behavioural service contracts. Based on the notion of synthesis of the most permissive controller from Supervisory Contro...
Article
Full-text available
Function-as-a-Service (FaaS) allows developers to define, orchestrate and run modular event-based pieces of code on virtualised resources, without the burden of managing the underlying infrastructure nor the life-cycle of such pieces of code. Indeed, FaaS providers offer resource auto-provisioning, auto-scaling and pay-per-use billing at no costs f...
Chapter
Assessing security of application deployments in the Fog is a non-trivial task, having to deal with highly heterogeneous infrastructures containing many resource-constrained devices. In this paper, we introduce: (i) a declarative way of specifying security capabilities of Fog infrastructures and security requirements of Fog applications, and (ii) a...
Chapter
The Internet of Things (IoT) is deeply changing our society. Daily we use smart devices that automatically collect, aggregate and exchange data about our lives. These data are often pivotal when they are used e.g. to train learning algorithms, to control cyber-physical systems, and to guide administrators to take crucial decisions. As a consequence...
Preprint
We review some results regarding specification, programming and verification of different classes of distributed systems which stemmed from the research of the Concurrency and Mobility Group at University of Firenze. More specifically, we examine the distinguishing features of network-aware programming, service-oriented computing, autonomic computi...
Article
Full-text available
In the times of mobility and pervasiveness of computing, contextual information plays an increasingly crucial role in applications. This kind of information becomes a first class citizen in context-oriented programming (COP) paradigm. COP languages provide primitive constructs for easily writing applications that adapt their behaviour depending on...
Article
Full-text available
Service contracts characterise the desired behavioural compliance of a composition of services. Compliance is typically defined by the fulfilment of all service requests through service offers, as dictated by a given Service-Level Agreement (SLA). Contract automata are a recently introduced formalism for specifying and composing service contracts....
Article
We review some results regarding specification, programming and verification of different classes of distributed systems which stemmed from the research of the Concurrency and Mobility Group at University of Firenze. More specifically, we examine the distinguishing features of network-aware programming, service-oriented computing, autonomic computi...
Chapter
Full-text available
The rigorous design of Service-Oriented Computing (SOC) applications has been identified as one of the primary research challenges for the next 10 years. Many foundational theories for SOC have been defined, but they often rely on mechanisms different from real-world SOC technologies, hindering actual service modelling and verification. In this pap...
Article
Assessing the security level of IoT applications to be deployed to heterogeneous Cloud-Edge infrastructures operated by different providers is a non-trivial task. In this article, we present a methodology that permits to express security requirements for IoT applications, as well as infrastructure security capabilities, in a simple and declarative...
Chapter
Klaim (Kernel Language for Agents Interaction and Mobility) has been devised to design distributed applications composed by many components deployed over the nodes of a distributed infrastructure and to offer programmers primitive constructs for communicating, distributing and retrieving data. Data could be sensitive and some nodes could not be sec...
Preprint
Assessing the security level of IoT applications to be deployed to heterogeneous Cloud-Edge infrastructures operated by different providers is a non-trivial task. In this article, we propose a methodology that permits to express security requirements for IoT applications, as well as infrastructure security capabilities, in a simple and declarative...
Conference Paper
Contextual information plays an increasingly crucial role in concurrent applications in the times of mobility and pervasiveness of computing. Context-Oriented Programming languages explicitly treat this kind of information. They provide primitive constructs to adapt the behaviour of a program, depending on the evolution of its operational environme...
Article
Full-text available
Two kinds of automata are presented, for recognising new classes of regular and context-free nominal languages. We compare their expressive power with analogous proposals in the literature, showing that they express novel classes of languages. Although many properties of classical languages hold no longer in the nominal case, we design a slight res...
Conference Paper
Full-text available
In Service Oriented Computing (SOC) contracts characterise the behavioural conformance of a composition of services and guarantee that the composition does not lead to spurious results. Variability features can enable services to adapt to customer requirements and to changes in the context in which they execute. We extend a recently introduced form...
Chapter
We extend an existing two-phase static analysis for an adaptive programming language to also deal with dynamic resources. The focus of our analysis is on predicting how these are used, in spite of the different, ever changing operating environments to which applications automatically adapt their behaviour. Our approach is based on a type and effect...
Article
Full-text available
The Internet of Things (IoT) offers the infrastructure of the information society. It hosts smart objects that automatically collect and exchange data of various kinds, directly gathered from sensors or generated by aggregations. Suitable coordination primitives and analysis mechanisms are in order to design and reason about IoT systems, and to int...
Article
The Internet of Things (IoT) is smartifying our everyday life. Our starting point is IoT-LySa, a calculus for describing IoT systems, and its static analysis, which will be presented at Coordination 2016. We extend the mentioned proposal in order to begin an investigation about security issues, in particular for the static verification of secrecy a...
Article
Full-text available
An approach to the formal description of service contracts is presented in terms of automata. We focus on the basic property of guaranteeing that in the multi-party composition of principals each of them gets his requests satisfied, so that the overall composition reaches its goal. Depending on whether requests are satisfied synchronously or asynch...
Article
We present a methodology to reason about resource usage (acquisition, release, revision, …) and, in particular, to predict bad usage of resources. Keeping in mind the interplay between local and global information that occur in application-resource interactions, we model resources as entities with local policies and we study global properties that...
Article
Full-text available
Context-Oriented Programming languages provide us with primitive constructs to adapt program behaviour depending on the evolution of their operational environment, namely the context. In previous work we proposed ML_CoDa, a context-oriented language with two-components: a declarative constituent for programming the context and a functional one for...
Conference Paper
Full-text available
We describe CAT, a toolkit supporting the analysis of communication-centric applications, i.e., applications consisting of ensembles of interacting services. Services are modelled in CAT as contract automata and communication safety is defined in terms of agreement properties. With the help of a simple (albeit non trivial) example, we demonstrate h...
Conference Paper
The Internet of Things (IoT) is here: smart objects are pervading our everyday life. Smart devices automatically collect and exchange data of various kinds, directly gathered from sensors or generated by aggregations. Suitable coordination primitives and analysis mechanisms are in order to design and reason about IoT systems, and to intercept the i...
Article
Full-text available
We investigate the relations between two automata-based models for describing and studying distributed services, called contract automata and communicating machines. In the first model, distributed services are abstracted away as automata – oblivious of their partners – that coordinate with each other through an orchestrator. The second one is conc...
Article
Context-Oriented programming languages provide us with primitive constructs to adapt program behaviour depending on the evolution of their operational environment, namely the context. In previous work we proposed ML_CoDa, a context-oriented language with two-components: a declarative constituent for programming the context and a functional one for...
Chapter
This section contains the laudatio in honour of Pierpaolo Degano. It illustrates his distinguished career and his main scientific contributions.
Article
Adaptive systems are designed to modify their behaviour in response to changes of their operational environment. We propose a two-component language for adaptive programming, within the Context-Oriented Programming paradigm. It has a declarative constituent for programming the context and a functional one for computing. We equip our language with a...
Article
Full-text available
We study the relations between a contract automata and an interaction model. In the former model, distributed services are abstracted away as automata - oblivious of their partners - that coordinate with each other through an orchestrator. The interaction model relies on channel-based asynchronous communication and choreography to coordinate distri...
Conference Paper
Full-text available
A novel approach to the formal description of service contracts is presented in terms of automata. We focus on the basic property of guaranteeing that in the multi-party composition of principals each individual gets his requests satisfied, so that the overall composition reaches its goal. Depending on whether requests are satisfied synchronously o...
Conference Paper
Adaptive systems are designed to modify their behaviour in response to changes of their operational environment. We adopt a language-based approach to the development of such systems, with particular attention to preventing them from failures in adaptation. The kernel of our proposal is a simple core language, equipped with a type and effect system...
Article
Adaptive applications are designed and programmed to dynamically adjust their behaviour to respond to changes of their execution environment. This paper introduces MLCoDa, a new COP language, made of two components: a declarative one for the context and a functional constituent for computing. Here we concentrate on the rational behind the design of...
Article
Full-text available
Internet is offering a variety of services that are assembled to accomplish requests made by clients. While serving a request, security of the communications and of the data exchanged among services is crucial. Since communications occur along specific channels, it is equally important to guarantee that the interactions between a client and a serve...
Conference Paper
Internet is offering a variety of services, that are assembled to accomplish requests made by clients. While serving a request, security of the communications and of the data exchanged among services is crucial. Furthermore, communications occur along specific channels, and it is equally important to guarantee that the interactions between a client...
Conference Paper
Two kinds of automata are introduced, for recognising regular and context-free nominal languages. We compare their expressive power with that of analogous proposals in the literature. Some properties of our languages are proved, in particular that emptiness of a context-free nominal language L is decidable, and that the intersection of L with a reg...
Article
Full-text available
Context Oriented Programming (COP) concerns the ability of programs to adapt to changes in their running environment. A number of programming languages endowed with COP constructs and features have been developed. However, some foundational issues remain unclear. This paper proposes adopting static analysis techniques to reason on and predict how p...
Article
Full-text available
SCEL is a new language specifically designed to model au-tonomic components and their interaction. It brings together various programming abstractions that permit to directly represent knowledge, behaviors and aggregations according to specific policies. It also supports naturally programming self-awareness, context-awareness, and adapta-tion. In t...
Conference Paper
Full-text available
We survey some critical issues arising in the ubiquitous computing paradigm, in particular the interplay between context-awareness and security. We then overview a language-based approach that addresses these problems from the point of view of Formal Methods. More precisely, we briefly describe a core functional language extended with mechanisms to...
Conference Paper
Two classes of nominal automata, namely Usage Automata (UAs) and Variable Finite Automata (VFAs) are considered to express resource control policies over program execution traces expressed by a nominal calculus (Usages). We first analyse closure properties of UAs, and then show UAs less expressive than VFAs. We finally carry over to VFAs the symbol...
Conference Paper
Full-text available
Context-Oriented programming languages provide us with primitive constructs to adapt program behaviour depending on the evolution of their operational environment. We are interested here in software components, the behaviour of which depend on the following: their actual operating context; the security policies that control accesses to their resour...
Chapter
The management of Long Running Transactions is a crucial aspect in the field of Service Oriented Architectures. This chapter reports on the usage of the ESC middleware in the design and implementation of long running transactions. The middleware has been formally defined as a process calculus and supports a model-driven methodology which clearly se...
Chapter
We present a framework for designing and composing services in a “call-by-contract” fashion, i.e. according to their behavior. We discuss how to correctly plan service compositions in some relevant classes of services and behavioral properties. To this aim, we propose both a core functional calculus for services, and a graphical design language. Th...
Conference Paper
Full-text available
We report our experiences gained when integrating process analysis activities into a regional gateway of the Italian eGov platform to promote real-time process monitoring within a Service Oriented Architecture. We exploit ProM, a state-of-the-art suite providing several analysis algorithms for business processes. First, we outline our technological...
Article
Full-text available
The effective usages of computational resources are a primary concern of up-to-date distributed applications. In this paper, we present a methodology to reason about resource usages (acquisition, release, revision, ...), and therefore the proposed approach enables to predict bad usages of resources. Keeping in mind the interplay between local and g...
Conference Paper
Full-text available
We introduce a formal framework to specify and enforce quantitative security policies. The framework consists of: (i) a stochastic process calculus to express the measurable space of computations in terms of Continuous Time Markov Chains; (ii) a stochastic modal logic (a variant of CSL) to represent the bound constraints on execution speed; (iii) t...
Conference Paper
Full-text available
We outline the design of a framework for modelling cloud computing systems.The approach is based on a declarative programming model which takes the form of a lambda-calculus enriched with suitable mechanisms to express and enforce application-level security policies governing usages of resources available in the clouds. We will focus on the server...
Article
An important feature of the service-oriented approach is the ability to aggregate, through programmable coordination patterns, the activities involved in service interactions. Two different approaches can be adopted to tackle service coordination: orchestration and choreography. In this paper, we introduce a formal methodology to handle coordinatio...
Conference Paper
Full-text available
Managing transactions is a key issue in Service Oriented Computing where particular relevance is given to the so called Long Running Transactions (LRT). Here, we show how to apply a formal approach to the specification and refactoring of LRT. Specifically, we consider a methodology arising on process calculi and show how it can be applied to a case...
Article
Full-text available
Abstract An important issue of the service oriented approach is the possibility to aggregate, through programmable coordination patterns, the activities involved by service interactions. Two dierent approaches can be adopted to tackle service coordination: orchestration and choreography. In this paper, we introduce a formal methodology purposed to...
Conference Paper
Full-text available
We propose a methodology for statically predicting the pos- sible interaction patterns of services within a given choreography. We focus on choreographies exploiting the event notification paradigm to manage service interactions. Control Flow Analysis techniques statically approximate which events can be delivered to match the choreography constrai...
Conference Paper
Full-text available
We define a type and effect system for a lambda-calculus extended with side effects, in the form of primitives for creating and accessing resources. The analysis correctly over-approximates the sequences of resource accesses performed by a program at run-time. To accurately analyse the binding between the creation of a resource and its accesses, ou...
Article
Full-text available
An extension of the λ-calculus is proposed, to study resource usage analysis and verification. It features usage policies with a possibly nested, local scope, and dynamic creation of resources. We define a type and effect system that, given a program, extracts a history expression, that is, a sound overapproximation to the set of histories obtainab...
Article
Full-text available
We introduce weak binders, a lightweight construct to deal with fresh names in nominal calculi. Weak binders do not define the scope of names as precisely as the standard ν-binders, yet they enjoy strong semantic properties. We provide them with a denotational semantics, an equational theory, and a trace inclusion preorder. Furthermore, we present...
Conference Paper
Full-text available
We propose a model for specifying, analysing and enforcing safe usage of resources. Our usage policies allow for parametricity over resources, and they can be enforced through finite state automata. The patterns of resource access and creation are described through a basic calculus of usages. In spite of the augmented flexibility given by resource...
Conference Paper
Full-text available
Sagas calculi have been proposed to specify distributed Long Running Transactions (LRT) and, in previous work, a subset of naive sagas has been encoded in the Signal Calculus (SC) to enable their use in service-oriented systems. Here, we promote a formal approach to the refactoring of LRT represented in SC so that distributed LRT designed in the Bu...
Article
Full-text available
A static approach is proposed to study secure composition of services. We extend the �-calculus with primitives for selecting and invoking ser- vices that respect given security requirements. Security-critical code is en- closed in policy framings with a possibly nested, local scope. Policy fram- ings enforce safety and liveness properties. The act...
Article
Full-text available
Verification of software systems, and security protocol analysis as a particular case, requires frameworks that are expressive, so as to properly capture the relevant aspects of the system and its properties, formal, so as to be provably correct, and with a computational counterpart, so as to support the (semi-) automated certification of propertie...
Conference Paper
Full-text available
The Signal Calculus is an asynchronous process calculus fea- turing multicast communication. It relies on explicit modeling of the communication structure of the network (communication ows), and on handling sessions, even multi-party. The calculus is strongly motivated by the practical needs of Service-Oriented Computing, and there exists a Java im...
Article
Full-text available
Le architetture a servizi costituiscono il paradigma emergente per la pro - gettazione e implementazione di applicazioni di rete. I servizi sono stru - menti indipendenti dalla piattaforma, che possono essere descritti, pubbli- cati e composti ottenendo reti di applicazioni distribuite. Questo lavoro si propone di analizzare sia le sfide tecnologic...
Article
Full-text available
We outline a methodology for designing and composing services in a secure manner. In particular, we are concerned with safety properties of service behavior. Services can enforce security policies locally and can invoke other services that respect given security contracts. This call-by-contract mechanism offers a significant set of opportunities, e...
Article
Full-text available
Formal methods for deciding the properties of service oriented systems are of paramount importance. However, they may require to master sophisticated techniques that programmers may lack. This issue can be mitigated by providing programmers with tools and techniques that are close to the usual programming practice. Here, we propose to use causal ne...
Conference Paper
The great honour of introducing the Chapter on Software Verification for the Festschrift dedicated to Ugo Montanari brings to mind a very personal memory. I was a young Ph.D. student and I was discussing something with Ugo, or better I was learning something from Ugo about how one could apply the abstract notions of category theory in order to unde...
Conference Paper
Full-text available
In this paper we tackle the problem of designing and imple- menting a framework for programming service coordination policies. In particular, we illustrate the design and the prototype implementation of Java Signal Core Layer (JSCL), a coordination middleware for ser- vices based on the event notification paradigm. We formally motivate the design c...
Conference Paper
Full-text available
We use History Dependent Automata (HD-automata) as a syntax-indepentend formalism to check compatibility of services at bind- ing time in Service-Oriented Computing. Informally speaking, service requests are modelled as pairs of HD-au- tomata hCo;Cri; Cr describes the (abstract) behaviour of the searched service and Co the (abstract) behaviour guar...
Chapter
Mobility is a key concept for network programming; it has stimulated much research about new programming languages and paradigms. In the design of programming languages for mobile agents, i.e. processes which can migrate and execute on new hosts, the integration of security mechanisms is a major challenge. This paper presents the security mechanism...
Article
Full-text available
We introduce a class of coalgebraic models and a family of modal logics that support the specification of spatial properties of distributed applications. The evaluation of a formula yields a value in a suitable multi-valued algebraic structure, giving a measure of the satisfaction of a requirement, induced by the decomposition of a system into subs...
Conference Paper
Full-text available
We propose a novel approach to service choreography through a typed process calculus that features an event notification paradigm for coordinating distributed components (e.g., services). Basically, the type system expresses coordination policies for handling the events spawn in a network so that distributed components react to events when the type...