Results 1  10
of
116
A SOUND TYPE SYSTEM FOR SECURE FLOW ANALYSIS
, 1996
"... Ensuring secure information ow within programs in the context of multiple sensitivity levels has been widely studied. Especially noteworthy is Denning's work in secure ow analysis and the lattice model [6][7]. Until now, however, the soundness of Denning's analysis has not been established ..."
Abstract

Cited by 545 (21 self)
 Add to MetaCart
Ensuring secure information ow within programs in the context of multiple sensitivity levels has been widely studied. Especially noteworthy is Denning's work in secure ow analysis and the lattice model [6][7]. Until now, however, the soundness of Denning's analysis has not been established satisfactorily. Weformulate Denning's approach as a type system and present a notion of soundness for the system that can be viewed as a form of noninterference. Soundness is established by proving, with respect to a standard programming language semantics, that all welltyped programs have this noninterference property.
A typebased approach to program security
 In Proceedings of the 7th International Joint Conference on the Theory and Practice of Software Development
, 1997
"... Abstract. This paper presents a type system which guarantees that welltyped programs in a procedural programming language satisfy a noninterference security property. With all program inputs and outputs classified at various security levels, the property basically states that a program output, clas ..."
Abstract

Cited by 162 (4 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents a type system which guarantees that welltyped programs in a procedural programming language satisfy a noninterference security property. With all program inputs and outputs classified at various security levels, the property basically states that a program output, classified at some level, can never change as a result of modifying only inputs classified at higher levels. Intuitively, this means the program does not “leak ” sensitive data. The property is similar to a notion introduced years ago by Goguen and Meseguer to model security in multilevel computer systems [7]. We also give an algorithm for inferring and simplifying principal types, which document the security requirements of programs. 1
A Calculus for Overload Functions with Subtyping

, 1992
"... We present a simple extension of typed calculus where functions can be overloaded by putting different "branches of code" together. When the function is applied, the branch to execute is chosen according to a particular selection rule which depends on the type of the argument. The cru ..."
Abstract

Cited by 153 (26 self)
 Add to MetaCart
(Show Context)
We present a simple extension of typed calculus where functions can be overloaded by putting different "branches of code" together. When the function is applied, the branch to execute is chosen according to a particular selection rule which depends on the type of the argument. The crucial feature of the present approach is that the branch selection depends on the "runtime type" of the argument, which may differ from its compiletime type, because of the existence of a subtyping relation among types. Hence overloading cannot be eliminated by a static analysis of code, but is an essential feature to be dealt with during computation. We obtain in this way a typedependent calculus, which differs from the various calculi where types do not play any role during computation. We prove Confluence and a generalized SubjectReduction theorem for this calculus. We prove Strong Normalization for a "stratified" subcalculus. The definition of this calculus is guided by the understand...
Type Inference for Records in a Natural Extension of ML
 Theoretical Aspects of ObjectOriented Programming: Types, Semantics, and Language Design
, 1994
"... We describe an extension of ML with records where inheritance is given by ML generic polymorphism. All common operations on records but concatenation are supported, in particular the free extension of records. Other operations such as renaming of fields are added. The solution relies on an extension ..."
Abstract

Cited by 90 (7 self)
 Add to MetaCart
We describe an extension of ML with records where inheritance is given by ML generic polymorphism. All common operations on records but concatenation are supported, in particular the free extension of records. Other operations such as renaming of fields are added. The solution relies on an extension of ML, where the language of types is sorted and considered modulo equations, and on a record extension of types. The solution is simple and modular and the type inference algorithm is efficient in practice.
Programming with Intersection Types and Bounded Polymorphism
, 1991
"... representing the official policies, either expressed or implied, of the U.S. Government. ..."
Abstract

Cited by 80 (4 self)
 Add to MetaCart
(Show Context)
representing the official policies, either expressed or implied, of the U.S. Government.
Intersection Type Assignment Systems
 THEORETICAL COMPUTER SCIENCE
, 1995
"... This paper gives an overview of intersection type assignment for the Lambda Calculus, as well as compare in detail variants that have been defined in the past. It presents the essential intersection type assignment system, that will prove to be as powerful as the wellknown BCDsystem. It is essenti ..."
Abstract

Cited by 73 (38 self)
 Add to MetaCart
This paper gives an overview of intersection type assignment for the Lambda Calculus, as well as compare in detail variants that have been defined in the past. It presents the essential intersection type assignment system, that will prove to be as powerful as the wellknown BCDsystem. It is essential in the following sense: it is an almost syntax directed system that satisfies all major properties of the BCDsystem, and the types used are the representatives of equivalence classes of types in the BCDsystem. The set of typeable terms can be characterized in the same way, the system is complete with respect to the simple type semantics, and it has the principal type property.
Intersection Types and Computational Effects
, 2000
"... We show that standard formulations of intersection type systems are unsound in the presence of computational effects, and propose a solution similar to the value restriction for polymorphism adopted in the revised definition of Standard ML. It differs in that it is not tied to letexpressions and re ..."
Abstract

Cited by 72 (7 self)
 Add to MetaCart
We show that standard formulations of intersection type systems are unsound in the presence of computational effects, and propose a solution similar to the value restriction for polymorphism adopted in the revised definition of Standard ML. It differs in that it is not tied to letexpressions and requires an additional weakening of the usual subtyping rules. We also present a bidirectional typechecking algorithm for the resulting language that does not require an excessive amount of type annotations and illustrate it through some examples. We further show that the type assignment system can be extended to incorporate parametric polymorphism. Taken together, we see our system and associated typechecking algorithm as a significant step towards the introduction of intersection types into realistic programming languages. The added expressive power would allow many more properties of programs to be stated by the programmer and statically verified by a compiler.
Semantics of separationlogic typing and higherorder frame rules
 In Symposium on Logic in Computer Science, LICS’05
, 2005
"... We show how to give a coherent semantics to programs that are wellspecified in a version of separation logic for a language with higher types: idealized algol extended with heaps (but with immutable stack variables). In particular, we provide simple sound rules for deriving higherorder frame rules ..."
Abstract

Cited by 67 (19 self)
 Add to MetaCart
(Show Context)
We show how to give a coherent semantics to programs that are wellspecified in a version of separation logic for a language with higher types: idealized algol extended with heaps (but with immutable stack variables). In particular, we provide simple sound rules for deriving higherorder frame rules, allowing for local reasoning.
Programming with intersection types, union types, and polymorphism
, 1991
"... Programming with intersection types, union types, and polymorphism ..."
Abstract

Cited by 54 (3 self)
 Add to MetaCart
(Show Context)
Programming with intersection types, union types, and polymorphism