Information Technology Reference
In-Depth Information
〈̃〉
behaves like the process linked to
x
at location
, in which each actual parameter in
̃
is substituted for each occurrence of the corresponding formal parameter. A process call can
only take place if the corresponding process abstraction is available at the specified location.
In CCA, an ambient provides context by (re)defining process abstractions to account for its
specific functionality. Ambients can interact with each other by making process calls.
Because ambients are mobile, the same process call, e.g.
↑
〈
̃
〉
, may lead to different
behaviours depending on the location of the calling ambient. So process abstraction is used
as a mechanism for context provision while process call is a mechanism for context
acquisition.
Ambients exchange messages using the capability
〈̃〉
to send a list of names
̃
to a location
, and the capability
()
to receive a list of names from a location
. Similarly to a process
call, an ambient can send message to any parent, i.e.
↑〈̃〉
; a specific parent
, i.e.
↑〈̃〉
; any
child, i.e.
↓
〈
̃
〉
; a specific child
, i.e.
↓
〈
̃
〉
; any sibling, i.e.
∷
〈
̃
〉
; a specific sibling
, i.e.
∷〈̃〉
; or itself, i.e.
〈̃〉
.
An
input prefix
is a process of the form
().
, where
is a list of variable symbols and
is
a continuation process. It receives a list of names
̃
from the location
and continues like the
process
{←̃}
, where
{←̃}
is the process
in which each name in the list
̃
is
substituted for each occurrence of the corresponding variable symbol in the list
.
The mobility capabilities in and out are defined as in MA [Cardelli,2000] with the exception
that the capability out has no explicit parameter in CCA, the implicit parameter being the
current parent (if any) of the ambient performing the action. An ambient that performs the
capability in
moves into the sibling ambient
. The capability out moves the ambient that
performs it out of that ambient parent. Obviously, a root ambient, i.e. an ambient with no
parents, cannot perform the capability out. The capability del
deletes an ambient of the
form
[0]
situated at the same level as that capability, i.e. the process del
.|[0]
reduces to
. The capability del acts as a garbage collector that deletes ambients which have completed
their computations. It is a constrained version of the capability open used in MA to unleash
the content of an ambient. As mentioned in [Bugliesi,2004], the open capability brings about
serious security concerns in distributed applications, e.g. it might open an ambient that
contains a malicious code. Unlike the capability open, the capability del is secure because it
only opens ambients that are empty, so no risk of opening a virus or a malicious ambient.
5.2 Context model
In CCA the notion of ambient, inherited from MA, is the basic structure used to model
entities of a context-aware system such as: a user, a location, a computing device, a software
agent or a sensor. As described in Table 1, an ambient has a name, a boundary, a collection
of local processes and can contain other ambients. Meanwhile, an ambient can move from
one location to another by performing the mobility capabilities in and out. So the structure
of a CCA process, at any time, is a hierarchy of nested ambients. This hierarchical structure
changes as the process executes. In such a structure, the context of a sub-process is obtained
by replacing in the structure that sub-process by a placeholder
′⨀′
. For example, suppose a
system is modelled by the process
|[|[|]]
. So, the context of the process
in that
system is
|[|[⨀|]]
, and that of ambient
is
|[|⨀]
. Following are examples of
