Results 1  10
of
16
Distributed programming with distributed authorization ∗
"... We propose a programming language, called PCML5, for building distributed applications with distributed access control. Target applications include webbased systems in which programs must compute with stipulated resources at different sites. In such a setting, access control policies are decentrali ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
We propose a programming language, called PCML5, for building distributed applications with distributed access control. Target applications include webbased systems in which programs must compute with stipulated resources at different sites. In such a setting, access control policies are decentralized (each site may impose restrictions on access to its resources without the knowledge of or cooperation with other sites) and spatially distributed (each site may store its policies locally). To enforce such policies PCML5 employs a distributed proofcarrying authorization framework in which sensitive resources are governed by reference monitors that authenticate principals and demand logical proofs of compliance with sitespecific access control policies. The language provides primitive operations for authentication, and acquisition of proofs from local policies. The type system of PCML5 enforces locality restrictions on resources, ensuring that they can only be accessed from the site at which they reside, and enforces the authentication and authorization obligations required to comply with local access control policies. This ensures that a welltyped PCML5 program cannot incur a runtime access control violation at a reference monitor for a controlled resource. 1.
SecurityTyped Programming within DependentlyTyped Programming
"... Abstract. Several recent securitytyped programming languages allow programmers to express and enforce authorization policies governing access to controlled resources. Policies are expressed as propositions in an authorization logic, and enforced by a type system that requires each access to a sensi ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
Abstract. Several recent securitytyped programming languages allow programmers to express and enforce authorization policies governing access to controlled resources. Policies are expressed as propositions in an authorization logic, and enforced by a type system that requires each access to a sensitive resource to be accompanied by a proof. The securitytyped languages described in the literature, such as Aura and PCML5, have been presented as new, standalone language designs. In this paper, we instead show how to embed a securitytyped programming language within an existing dependently typed programming language, Agda. This languagedesign strategy allows us to inherit both the metatheoretic results, such as type safety, and the implementation of the host language. Our embedding consists of the following ingredients: First, we represent the syntax and proofs of an authorization logic, Garg and Pfenning’s BL0, using dependent types. Second, we implement a proof search procedure, based on a focused sequent calculus, to ease the burden of constructing proofs. Third, we define an indexed monad of computations on behalf of a principal, with proofcarrying primitive operations. Our work shows that a dependently typed language can be used to prototype a securitytyped language, and contributes to the growing body of literature on using dependently typed languages to construct domainspecific type systems. 1
Higherorder Representation of Substructural Logics
, 2009
"... We present a technique for higherorder representation of substructural logics such as linear or modal logic. We show that such logics can be encoded in the (ordinary) Logical Framework, without any linear or modal extensions. Using this encoding, metatheoretic proofs about such logics can easily be ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
We present a technique for higherorder representation of substructural logics such as linear or modal logic. We show that such logics can be encoded in the (ordinary) Logical Framework, without any linear or modal extensions. Using this encoding, metatheoretic proofs about such logics can easily be developed in the Twelf proof assistant.
A monadic formalization of ML5
 In Prepreceedings of Workshop on Logical Frameworks and Metalanguages: Theory and Practice
, 2010
"... ML5 is a programming language for spatially distributed computing, based on a CurryHoward correspondence with the modal logic S5. However, the ML5 programming language differs from the logic in several ways. In this paper, we give a semantic embedding of ML5 into the dependently typed programming l ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
ML5 is a programming language for spatially distributed computing, based on a CurryHoward correspondence with the modal logic S5. However, the ML5 programming language differs from the logic in several ways. In this paper, we give a semantic embedding of ML5 into the dependently typed programming language Agda, which both explains these discrepancies between ML5 and S5 and suggests some simplifications and generalizations of the language. Our embedding translates ML5 into a slightly different logic: intuitionistic S5 extended with a lax modality that encapsulates effectful computations in a monad. Rather than formalizing lax S5 as a proof theory, we embed it as a universe within the the dependently typed host language, with the universe elimination given by implementing the modal logic’s Kripke semantics. 1
Nomadic Pict: Programming Languages, Communication Infrastructure Overlays, and Semantics for Mobile Computation
"... Mobile computation, in which executing computations can move from one physical computing device to another, is a recurring theme: from OS process migration, to languagelevel mobility, to virtual machine migration. This paper reports on the design, implementation, and verification of overlay network ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Mobile computation, in which executing computations can move from one physical computing device to another, is a recurring theme: from OS process migration, to languagelevel mobility, to virtual machine migration. This paper reports on the design, implementation, and verification of overlay networks to support reliable communication between migrating computations, in the Nomadic Pict project. We define two levels of abstraction as calculi with precise semantics: a lowlevel Nomadic πcalculus with migration and locationdependent communication, and a highlevel calculus that adds locationindependent communication. Implementations of locationindependent communication, as overlay networks that track migrations and forward messages, can be expressed as translations of the highlevel calculus into the low. We discuss the design space of such overlay network algorithms and define three precisely, as such translations. Based on the calculi, we design and implement the Nomadic Pict distributed programming language, to let such algorithms (and simple applications above them) to be quickly prototyped. We go on to develop the semantic theory of the Nomadic πcalculi, proving correctness of one example overlay network. This requires novel equivalences and congruence results that take migration into account, and reasoning principles for agents that are temporarily immobile (e.g. waiting on a lock
Cut Reduction in Linear Logic as Asynchronous SessionTyped Communication ∗
"... Prior work has shown that intuitionistic linear logic can be seen as a sessiontype discipline for the πcalculus, where cut reduction in the sequent calculus corresponds to synchronous process reductions. In this paper, we exhibit a new process assignment from the asynchronous, polyadic πcalculus ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Prior work has shown that intuitionistic linear logic can be seen as a sessiontype discipline for the πcalculus, where cut reduction in the sequent calculus corresponds to synchronous process reductions. In this paper, we exhibit a new process assignment from the asynchronous, polyadic πcalculus to exactly the same proof rules. Prooftheoretically, the difference between these interpretations can be understood through permutations of inference rules that preserve observational equivalence of closed processes in the synchronous case. We also show that, under this new asynchronous interpretation, cut reductions correspond to a natural asynchronous buffered session semantics, where each session is allocated a separate communication buffer.
Lecture Notes on Intuitionistic Kripke Semantics 15816: Modal Logic
, 2010
"... In this lecture we present an intuitionistic approach to describing a multipleworld semantics for modal logic in the style of Kripke. This is done by providing judgments and inference rules that reason about truths in multiple worlds. A thorough analysis of intuitionistic modal logic in this style ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In this lecture we present an intuitionistic approach to describing a multipleworld semantics for modal logic in the style of Kripke. This is done by providing judgments and inference rules that reason about truths in multiple worlds. A thorough analysis of intuitionistic modal logic in this style
A Confidentiality Extension to the Aura Programming Language
"... Abstract. The core Aura language [7, 21] supports a securityfocused programming model that mixes access control, audit, and MLlike computations. This paper presents a language extension, AuraConf, which adds support for the secure handling of confidential data. AuraConf allows a confidentiality po ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. The core Aura language [7, 21] supports a securityfocused programming model that mixes access control, audit, and MLlike computations. This paper presents a language extension, AuraConf, which adds support for the secure handling of confidential data. AuraConf allows a confidentiality policy to be specified declaratively using types and enforced via cryptography. Programs written in AuraConf enjoy a formal security guarantee via noninterference. Additionally, the language definition introduces a novel type system where the typechecker may use resources (i.e., private keys) and knowledge of an object’s provenance (i.e., how a ciphertext was computed) to guide analysis.
Foundations and Applications of HigherDimensional Directed Type Theory
"... Intuitionistic type theory [43] is an expressive formalism that unifies mathematics and computation. A central concept is the propositionsastypes principle, according to which propositions are interpreted as types, and proofs of a proposition are interpreted as programs of the associated type. Mat ..."
Abstract
 Add to MetaCart
Intuitionistic type theory [43] is an expressive formalism that unifies mathematics and computation. A central concept is the propositionsastypes principle, according to which propositions are interpreted as types, and proofs of a proposition are interpreted as programs of the associated type. Mathematical propositions are thereby to be understood as specifications, or problem descriptions, that are solved by providing a program that meets the specification. Conversely, a program can, by the same token, be understood as a proof of its type viewed as a proposition. Over the last quartercentury type theory has emerged as the central organizing principle of programming language research, through the identification of the informal concept of language features with type structure. Numerous benefits accrue from the identification of proofs and programs in type theory. First, it provides the foundation for integrating types and verification, the two most successful formal methods used to ensure the correctness of software. Second, it provides a language for the mechanization of mathematics in which proof checking is equivalent to type checking, and proof search is equivalent to writing a program to meet a specification.
TypeSafe Web Programming in QWeS 2 T
, 2010
"... Web applications (webapps) are very popular because they are easy to prototype and they can invoke other external webapps, supplied by third parties, as building blocks. Yet, writing correct webapps is complex because developers are required to reason about distributed computation and to write code ..."
Abstract
 Add to MetaCart
Web applications (webapps) are very popular because they are easy to prototype and they can invoke other external webapps, supplied by third parties, as building blocks. Yet, writing correct webapps is complex because developers are required to reason about distributed computation and to write code using heterogeneous languages, often not originally designed with distributed computing in mind. Testing is the common way to catch bugs as current technologies provide limited support. There are doubts this can scale up to meet the expectations of more sophisticated web applications. In this paper, we propose an abstraction that provides simple primitives to manage the two main forms of distributed computation found on the web: remote procedure calls (code executed on a server on behalf of a client) and mobile code (server code executed on a client). We embody this abstraction in a typesafe language with localized static typechecking that we call QWeS 2 T and for which we have implemented a working prototype. We use it to express interaction patterns commonly found on the Web as well as more sophisticated forms that are beyond current