Results 1  10
of
27
SecurityTyped Programming within DependentlyTyped Programming
"... Abstract. Several recent securitytyped programming languages allow programmers to express and enforce authorization policies governing access to controlled resources. Policies are expressed as propositions in an authorization logic, and enforced by a type system that requires each access to a sensi ..."
Abstract

Cited by 25 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Several recent securitytyped programming languages allow programmers to express and enforce authorization policies governing access to controlled resources. Policies are expressed as propositions in an authorization logic, and enforced by a type system that requires each access to a sensitive resource to be accompanied by a proof. The securitytyped languages described in the literature, such as Aura and PCML5, have been presented as new, standalone language designs. In this paper, we instead show how to embed a securitytyped programming language within an existing dependently typed programming language, Agda. This languagedesign strategy allows us to inherit both the metatheoretic results, such as type safety, and the implementation of the host language. Our embedding consists of the following ingredients: First, we represent the syntax and proofs of an authorization logic, Garg and Pfenning’s BL0, using dependent types. Second, we implement a proof search procedure, based on a focused sequent calculus, to ease the burden of constructing proofs. Third, we define an indexed monad of computations on behalf of a principal, with proofcarrying primitive operations. Our work shows that a dependently typed language can be used to prototype a securitytyped language, and contributes to the growing body of literature on using dependently typed languages to construct domainspecific type systems. 1
Distributed programming with distributed authorization
, 2009
"... We propose a programming language, called PCML5, for building distributed applications with distributed access control. Target applications include webbased systems in which programs must compute with stipulated resources at different sites. In such a setting, access control policies are decentrali ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
We propose a programming language, called PCML5, for building distributed applications with distributed access control. Target applications include webbased systems in which programs must compute with stipulated resources at different sites. In such a setting, access control policies are decentralized (each site may impose restrictions on access to its resources without the knowledge of or cooperation with other sites) and spatially distributed (each site may store its policies locally). To enforce such policies PCML5 employs a distributed proofcarrying authorization framework in which sensitive resources are governed by reference monitors that authenticate principals and demand logical proofs of compliance with sitespecific access control policies. The language provides primitive operations for authentication, and acquisition of proofs from local policies. The type system of PCML5 enforces locality restrictions on resources, ensuring that they can only be accessed from the site at which they reside, and enforces the authentication and authorization obligations required to comply with local access control policies. This ensures that a welltyped PCML5 program cannot incur a runtime access control violation at a reference monitor for a controlled resource.
The arrow calculus
, 2008
"... Abstract. We introduce the arrow calculus, a metalanguage for manipulating Hughes’s arrows with close relations both to Moggi’s metalanguage for monads and to Paterson’s arrow notation. Arrows are classically defined by extending lambda calculus with three constructs satisfying nine (somewhat idiosy ..."
Abstract

Cited by 20 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We introduce the arrow calculus, a metalanguage for manipulating Hughes’s arrows with close relations both to Moggi’s metalanguage for monads and to Paterson’s arrow notation. Arrows are classically defined by extending lambda calculus with three constructs satisfying nine (somewhat idiosyncratic) laws. In contrast, the arrow calculus adds four constructs satisfying five laws. Two of the constructs are arrow abstraction and application (satisfying beta and eta laws) and two correspond to unit and bind for monads (satisfying left unit, right unit, and associativity laws). The five laws were previously known to be sound; we show that they are also complete, and hence that the five laws may replace the nine. We give a translation from classic arrows into the arrow calculus to complement Paterson’s desugaring and show that the two translations form an equational correspondence in the sense of Sabry and Felleisen. We are also the first to publish formal type rules (which are unusual in that they require two contexts), which greatly aided our understanding of arrows. The first fruit of our new calculus is to reveal some redundancies in the classic formulation: the nine classic arrow laws can be reduced to eight, and the three additional classic arrow laws for arrows with apply can be reduced to two. The calculus has also been used to clarify the relationship between idioms, arrows and monads and as the inspiration for a categorical semantics of arrows. 1
Higherorder Representation of Substructural Logics
, 2009
"... We present a technique for higherorder representation of substructural logics such as linear or modal logic. We show that such logics can be encoded in the (ordinary) Logical Framework, without any linear or modal extensions. Using this encoding, metatheoretic proofs about such logics can easily be ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
(Show Context)
We present a technique for higherorder representation of substructural logics such as linear or modal logic. We show that such logics can be encoded in the (ordinary) Logical Framework, without any linear or modal extensions. Using this encoding, metatheoretic proofs about such logics can easily be developed in the Twelf proof assistant.
Auraconf: a unified approach to authorization and confidentiality
 In Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation, TLDI ’11
, 2011
"... This paper introduces AuraConf, the first programming language with a unified means to specify accesscontrol and confidentially policies. In concert with a proofcarrying access control mechanism, AuraConf allows confidentially policies to be specified declaratively using types and enforced via cry ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
This paper introduces AuraConf, the first programming language with a unified means to specify accesscontrol and confidentially policies. In concert with a proofcarrying access control mechanism, AuraConf allows confidentially policies to be specified declaratively using types and enforced via cryptography. Programs written in AuraConf enjoy a formal security guarantee via noninterference. Additionally, the language definition introduces a novel type system where the typechecker may use resources (i.e., private keys) and knowledge of an object’s provenance (i.e., how a ciphertext was computed) to guide analysis.
A monadic formalization of ML5
 In Prepreceedings of Workshop on Logical Frameworks and Metalanguages: Theory and Practice
, 2010
"... ML5 is a programming language for spatially distributed computing, based on a CurryHoward correspondence with the modal logic S5. However, the ML5 programming language differs from the logic in several ways. In this paper, we give a semantic embedding of ML5 into the dependently typed programming l ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
ML5 is a programming language for spatially distributed computing, based on a CurryHoward correspondence with the modal logic S5. However, the ML5 programming language differs from the logic in several ways. In this paper, we give a semantic embedding of ML5 into the dependently typed programming language Agda, which both explains these discrepancies between ML5 and S5 and suggests some simplifications and generalizations of the language. Our embedding translates ML5 into a slightly different logic: intuitionistic S5 extended with a lax modality that encapsulates effectful computations in a monad. Rather than formalizing lax S5 as a proof theory, we embed it as a universe within the the dependently typed host language, with the universe elimination given by implementing the modal logic’s Kripke semantics. 1
Nomadic Pict: Programming Languages, Communication Infrastructure Overlays, and Semantics for Mobile Computation
"... Mobile computation, in which executing computations can move from one physical computing device to another, is a recurring theme: from OS process migration, to languagelevel mobility, to virtual machine migration. This paper reports on the design, implementation, and verification of overlay network ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Mobile computation, in which executing computations can move from one physical computing device to another, is a recurring theme: from OS process migration, to languagelevel mobility, to virtual machine migration. This paper reports on the design, implementation, and verification of overlay networks to support reliable communication between migrating computations, in the Nomadic Pict project. We define two levels of abstraction as calculi with precise semantics: a lowlevel Nomadic πcalculus with migration and locationdependent communication, and a highlevel calculus that adds locationindependent communication. Implementations of locationindependent communication, as overlay networks that track migrations and forward messages, can be expressed as translations of the highlevel calculus into the low. We discuss the design space of such overlay network algorithms and define three precisely, as such translations. Based on the calculi, we design and implement the Nomadic Pict distributed programming language, to let such algorithms (and simple applications above them) to be quickly prototyped. We go on to develop the semantic theory of the Nomadic πcalculi, proving correctness of one example overlay network. This requires novel equivalences and congruence results that take migration into account, and reasoning principles for agents that are temporarily immobile (e.g. waiting on a lock
LF in LF: Mechanizing the Metatheory of LF in Twelf
 PREPRINT FOR LFMTP’12
, 2012
"... We present a mechanized proof of the metatheory of LF, i.e. the decidability of typechecking and the existence and uniqueness of canonical forms. We use a syntactic approach in which we define a translation from LF to its canonical forms presentation (in which only betashort, etalong terms are wel ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We present a mechanized proof of the metatheory of LF, i.e. the decidability of typechecking and the existence and uniqueness of canonical forms. We use a syntactic approach in which we define a translation from LF to its canonical forms presentation (in which only betashort, etalong terms are wellformed) and prove soundness and completeness of the translation, establishing that definitional equivalence in LF corresponds to syntactic equivalence in canonical forms. Much recent work is based on the system of canonical forms and hereditary substitution presented herein; our proof also serves to reconcile that presentation with the traditional version based on definitional equivalence.
Cut Reduction in Linear Logic as Asynchronous SessionTyped Communication ∗
"... Prior work has shown that intuitionistic linear logic can be seen as a sessiontype discipline for the πcalculus, where cut reduction in the sequent calculus corresponds to synchronous process reductions. In this paper, we exhibit a new process assignment from the asynchronous, polyadic πcalculus ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Prior work has shown that intuitionistic linear logic can be seen as a sessiontype discipline for the πcalculus, where cut reduction in the sequent calculus corresponds to synchronous process reductions. In this paper, we exhibit a new process assignment from the asynchronous, polyadic πcalculus to exactly the same proof rules. Prooftheoretically, the difference between these interpretations can be understood through permutations of inference rules that preserve observational equivalence of closed processes in the synchronous case. We also show that, under this new asynchronous interpretation, cut reductions correspond to a natural asynchronous buffered session semantics, where each session is allocated a separate communication buffer.