Results 11  20
of
328
A Uniform Type Structure for Secure Information Flow
, 2002
"... The \picalculus is a formalism of computing in which we can compositionally represent dynamics of major programming constructs by decomposing them into a single communication primitive, the name passing. This work reports our experience in using a linear/affine typed \picalculus for the analysis a ..."
Abstract

Cited by 75 (11 self)
 Add to MetaCart
The \picalculus is a formalism of computing in which we can compositionally represent dynamics of major programming constructs by decomposing them into a single communication primitive, the name passing. This work reports our experience in using a linear/affine typed \picalculus for the analysis and development of type systems of programming languages, focussing on secure information flow analysis. After presenting a basic typed calculus for secrecy, we demonstrate its usage by a sound embedding of the dependency core calculus (DCC) and by the development of a novel type discipline for imperative programs which extends both a secure multithreaded imperative language by Smith and Volpano and (a callbyvalue version of) DCC. In each case, the embedding gives a simple proof of noninterference.
Types for Modules
, 1998
"... The programming language Standard ML is an amalgam of two, largely orthogonal, languages. The Core language expresses details of algorithms and data structures. The Modules language expresses the modular architecture of a software system. Both languages are statically typed, with their static and dy ..."
Abstract

Cited by 68 (9 self)
 Add to MetaCart
The programming language Standard ML is an amalgam of two, largely orthogonal, languages. The Core language expresses details of algorithms and data structures. The Modules language expresses the modular architecture of a software system. Both languages are statically typed, with their static and dynamic semantics specified by a formal definition.
Generic Haskell: practice and theory
 In Generic Programming, Advanced Lectures, volume 2793 of LNCS
, 2003
"... Abstract. Generic Haskell is an extension of Haskell that supports the construction of generic programs. These lecture notes describe the basic constructs of Generic Haskell and highlight the underlying theory. Generic programming aims at making programming more effective by making it more general. ..."
Abstract

Cited by 65 (23 self)
 Add to MetaCart
Abstract. Generic Haskell is an extension of Haskell that supports the construction of generic programs. These lecture notes describe the basic constructs of Generic Haskell and highlight the underlying theory. Generic programming aims at making programming more effective by making it more general. Generic programs often embody nontraditional kinds of polymorphism. Generic Haskell is an extension of Haskell [38] that supports the construction of generic programs. Generic Haskell adds to Haskell the notion of structural polymorphism, the ability to define a function (or a type) by induction on the structure of types. Such a function is generic in the sense that it works not only for a specific type but for a whole class of types. Typical examples include equality, parsing and pretty printing, serialising, ordering, hashing, and so on. The lecture notes on Generic Haskell are organized into two parts. This first part motivates the need for genericity, describes the basic constructs of Generic Haskell, puts Generic Haskell into perspective, and highlights the underlying theory. The second part entitled “Generic Haskell: applications ” delves deeper into the language discussing three nontrivial applications of Generic Haskell: generic dictionaries, compressing XML documents, and a generic version of the zipper data type. The first part is organized as follows. Section 1 provides some background discussing type systems in general and the type system of Haskell in particular. Furthermore, it motivates the basic constructs of Generic Haskell. Section 2 takes a closer look at generic definitions and shows how to define some popular generic functions. Section 3 highlights the theory underlying Generic Haskell and discusses its implementation. Section 4 concludes. 1
Ownership Confinement Ensures Representation Independence for ObjectOriented Programs
, 2002
"... This paper formulates representation independence for classes, in an imperative, objectoriented language with pointers, subclassing and dynamic dispatch, class oriented visibility control, recursive types and methods, and a simple form of module. An instance of a class is considered to implement an ..."
Abstract

Cited by 64 (32 self)
 Add to MetaCart
This paper formulates representation independence for classes, in an imperative, objectoriented language with pointers, subclassing and dynamic dispatch, class oriented visibility control, recursive types and methods, and a simple form of module. An instance of a class is considered to implement an abstraction using private fields and socalled representation objects. Encapsulation of representation objects is expressed by a restriction, called confinement, on aliasing. Representation independence is proved for programs satisfying the confinement condition. A static analysis is given for confinement that accepts common designs such as the observer and factory patterns. The formalization takes into account not only the usual interface between a client and a class that provides an abstraction but also the interface (often called "protected") between the class and its subclasses
TypeIndexed Data Types
 SCIENCE OF COMPUTER PROGRAMMING
, 2004
"... A polytypic function is a function that can be instantiated on many data types to obtain data type specific functionality. Examples of polytypic functions are the functions that can be derived in Haskell, such as show , read , and ` '. More advanced examples are functions for digital searching, ..."
Abstract

Cited by 58 (21 self)
 Add to MetaCart
A polytypic function is a function that can be instantiated on many data types to obtain data type specific functionality. Examples of polytypic functions are the functions that can be derived in Haskell, such as show , read , and ` '. More advanced examples are functions for digital searching, pattern matching, unification, rewriting, and structure editing. For each of these problems, we not only have to define polytypic functionality, but also a typeindexed data type: a data type that is constructed in a generic way from an argument data type. For example, in the case of digital searching we have to define a search tree type by induction on the structure of the type of search keys. This paper shows how to define typeindexed data types, discusses several examples of typeindexed data types, and shows how to specialize typeindexed data types. The approach has been implemented in Generic Haskell, a generic programming extension of the functional language Haskell.
Multiset Rewriting and the Complexity of Bounded Security Protocols
 Journal of Computer Security
, 2002
"... We formalize the DolevYao model of security protocols, using a notation based on multiset rewriting with existentials. The goals are to provide a simple formal notation for describing security protocols, to formalize the assumptions of the DolevYao model using this notation, and to analyze the ..."
Abstract

Cited by 56 (5 self)
 Add to MetaCart
We formalize the DolevYao model of security protocols, using a notation based on multiset rewriting with existentials. The goals are to provide a simple formal notation for describing security protocols, to formalize the assumptions of the DolevYao model using this notation, and to analyze the complexity of the secrecy problem under various restrictions. We prove that, even for the case where we restrict the size of messages and the depth of message encryption, the secrecy problem is undecidable for the case of an unrestricted number of protocol roles and an unbounded number of new nonces. We also identify several decidable classes, including a dexpcomplete class when the number of nonces is restricted, and an npcomplete class when both the number of nonces and the number of roles is restricted. We point out a remaining open complexity problem, and discuss the implications these results have on the general topic of protocol analysis.
Semantics of Types for Mutable State
, 2004
"... Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For in ..."
Abstract

Cited by 55 (5 self)
 Add to MetaCart
Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For instance, in traditional PCC systems the trusted computing base includes a large set of lowlevel typing rules. Foundational PCC systems seek to minimize the size of the trusted computing base. In particular, they eliminate the need to trust complex, lowlevel type systems by providing machinecheckable proofs of type soundness for real machine languages. In this thesis, I demonstrate the use of logical relations for proving the soundness of type systems for mutable state. Specifically, I focus on type systems that ensure the safe allocation, update, and reuse of memory. For each type in the language, I define logical relations that explain the meaning of the type in terms of the operational semantics of the language. Using this model of types, I prove each typing rule as a lemma. The major contribution is a model of System F with general references — that is, mutable cells that can hold values of any closed type including other references, functions, recursive types, and impredicative quantified types. The model is based on ideas from both possible worlds and the indexed model of Appel and McAllester. I show how the model of mutable references is encoded in higherorder logic. I also show how to construct an indexed possibleworlds model for a von Neumann machine. The latter is used in the Princeton Foundational PCC system to prove type safety for a fullfledged lowlevel typed assembly language. Finally, I present a semantic model for a region calculus that supports typeinvariant references as well as memory reuse. iii
TypeBased Flow Analysis: From Polymorphic Subtyping to CFLReachability.
 In Proceedings of the 28th Annual ACM SIGPLANSIGACT Symposium on Principles of Programming Languages
, 2001
"... We present a novel approach to scalable implementation of typebased flow analysis with polymorphic subtyping. Using a new presentation of polymorphic subtyping with instantiation constraints, we are able to apply contextfree language (CFL) reachability techniques to typebased flow analysis. We de ..."
Abstract

Cited by 52 (1 self)
 Add to MetaCart
We present a novel approach to scalable implementation of typebased flow analysis with polymorphic subtyping. Using a new presentation of polymorphic subtyping with instantiation constraints, we are able to apply contextfree language (CFL) reachability techniques to typebased flow analysis. We develop a CFLbased algorithm for computing flow information in time O(n 3 ), where n is the size of the typed program. The algorithm substantially improves upon the best previously known algorithm for flow analysis based on polymorphic subtyping with complexity O(n 8 ). Our technique also yields the first demanddriven algorithm for polymorphic subtypebased flowcomputation. It works directly on higherorder programs with structured data of finite type (unbounded data structures are incorporated via finite approximations), supports contextsensitive, global flow summarization and includes polymorphic recursion.
Fable: A language for enforcing userdefined security policies
, 2007
"... This paper presents FABLE, a core formalism for a programming language in which programmers may specify security policies and reason that these policies are properly enforced. In FABLE, security policies can be expressed by associating security labels with the data or actions they protect. Programme ..."
Abstract

Cited by 51 (14 self)
 Add to MetaCart
This paper presents FABLE, a core formalism for a programming language in which programmers may specify security policies and reason that these policies are properly enforced. In FABLE, security policies can be expressed by associating security labels with the data or actions they protect. Programmers define the semantics of labels in a separate part of the program called the enforcement policy. FABLE prevents a policy from being circumvented by allowing labeled terms to be manipulated only within the enforcement policy; application code must treat labeled values abstractly. Together, these features facilitate straightforward proofs that programs implementing a particular policy achieve their highlevel security goals. FABLE is flexible enough to implement a wide variety of security policies, including access control, information flow, provenance, and security automata. We have implemented FABLE as part of the LINKS web programming language; we call the resulting language SELINKS. We report on our experience using SELINKS to build two substantial applications, a wiki and an online store, equipped with a combination of access control and provenance policies. To our knowledge, no existing framework enables the enforcement of such a wide variety of security policies with an equally high level of assurance. 1
Concrete Type Inference: Delivering ObjectOriented Applications
, 1995
"... Unlimited copying without fee is permitted provided that the copies are not made nor distributed for direct commercial advantage, and credit to the source is given. Otherwise, no part of this work covered by copyright hereon may be reproduced in any form or by any means graphic, electronic, or mecha ..."
Abstract

Cited by 50 (0 self)
 Add to MetaCart
Unlimited copying without fee is permitted provided that the copies are not made nor distributed for direct commercial advantage, and credit to the source is given. Otherwise, no part of this work covered by copyright hereon may be reproduced in any form or by any means graphic, electronic, or mechanical, including photocopying, recording, taping, or storage in an information retrieval system, without the prior written permission of the copyright owner. TRADEMARKS Sun, Sun Microsystems, and the Sun logo are trademarks or registered trademarks of Sun Microsystems, Inc. UNIX is a registered trademark in the United States and other countries, exclusively licensed through X/Open Company, Ltd. All SPARC trademarks, including the SCD Compliant Logo, are trademarks or registered trademarks of SPARC International, Inc. SPARCstation, SPARCserver, SPARCengine, SPARCworks, and SPARCompiler are licensed exclusively to Sun Microsystems, Inc. All other product names mentioned herein are the trademarks of their respective owners.