A distributed computation is one that takes place at many sites, each of which controls some resources at that site. For example, the sites might be nodes on a network, and a resource might be a device or sensor at that site, or a database controlled by that site. Only programs that execute at a particular site may access the resources situated at that site. Consequently, command execution always takes place at a particular site, called the locus of execution. Access to resources at a remote site from a local site is achieved by moving the locus of execution to the remote site, running code to access the local resource, and returning a value to the local site.
In this chapter, we consider the language DA, which extends Concurrent Algol with a spatial type system that mediates access to resources on a network. The type safety theorem ensures that all accesses to a resource controlled by a site are through a program executing at that site, even though references to local resources can be freely passed around to other sites on the network. The main idea is that channels and events are located at a particular site, and that synchronization on an event can only occur at the proper site for that event. Issues of concurrency, which are temporal, are thereby separated from those of distribution, which are spatial.
The concept of location in DA is sufficiently abstract that it admits another useful interpretation that can be useful in computer security settings. The “location” of a computation can be considered to be the principal on whose behalf the computation is executing. From this point of view, a local resource is one that is accessible to a particular principal, and a mobile computation is one that can be executed by any principal. Movement from one location to another may then be interpreted as executing a piece of code on behalf of another principal, returning its result to the principal that initiated the transfer.
Statics
The statics ofDAis inspired by the possible worlds interpretation ofmodal logic. Under that interpretation the truth of a proposition is considered relative to a world, which determines the state of affairs described by that proposition. A proposition may be true in one world, and false in another.
