S Akshay, L Hélouët and M Mukund
Proc. ACSD 2014, IEEE (2014) 166-175.
© IEEE
In web-based systems, agents engage in structured interactions called sessions. Sessions are logical units of computation, like transactions. However, unlike transactions, sessions cannot be isolated from each other. Thus, one has to verify that interference between sessions does not have unexpected side effects. A challenge in building a tractable model of sessions is that there is no a priori bound on the number of concurrently active agents and sessions in the system. Realistic specifications require agents to compare entities across sessions, but this must be modeled without assigning an unbounded set of unique identities to agents and sessions.
We propose a model called session systems that allows an arbitrary number of concurrently active agents and sessions. Agents have a limited ability to remember partners across sessions. Configurations are represented as graphs and the operational semantics is described through graph-rewriting. Under reasonable restrictions, session systems turn out to be well-structured systems. This provides an effective verification algorithm for coverability properties. We show how to use this result to verify more elaborate business rules such as avoidance of conflicts of interest and the Chinese Wall Property.