Skip to main content
×
Home
    • Aa
    • Aa

Roles, stacks, histories: A triple for Hoare

  • JOHANNES BORGSTRÖM (a1), ANDREW D. GORDON (a1) and RICCARDO PUCELLA (a2)
Abstract
Abstract

Behavioral type and effect systems regulate properties such as adherence to object and communication protocols, dynamic security policies, avoidance of race conditions, and many others. Typically, each system is based on some specific syntax of constraints, and is checked with an ad hoc solver. Instead, we advocate types refined with first-order logic formulas as a basis for behavioral type systems, and general purpose automated theorem provers as an effective means of checking programs. To illustrate this approach, we define a triple of security-related type systems: for role-based access control, for stack inspection, and for history-based access control. The three are all instances of a refined state monad. Our semantics allows a precise comparison of the similarities and differences of these mechanisms. In our examples, the benefit of behavioral type-checking is to rule out the possibility of unexpected security exceptions, a common problem with code-based access control.

Copyright
Linked references
Hide All

This list contains references from the content that can be linked to their source. For a full set of references and notes please see the PDF or HTML where available.

A. Banerjee & D. Naumann (2005a) History-based access control and secure information flow. In Construction and Analysis of Safe, Secure and Interoperable Smart Devices (CASSIS 2004), G. Barthe , L. Burdy , M. Huisman , J.-L. Lanet & T. Muntean (eds), Lecture Notes in Computer Science, vol. 3362. Berlin Heidelberg, Germany: Springer, pp. 2748.

L. de Moura & N. Bjørner (2008) Z3: An efficient SMT solver. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS'08), C. R. Ramakrishnan & J. Rehof (eds), Lecture Notes in Computer Science, vol. 4963. Berlin Heidelberg, Germany: Springer, pp. 337340.

L. Jia , J. A. Vaughan , K. Mazurak , J. Zhao , L. Zarko , J. Schorr & S. Zdancewic (2008) AURA: Preliminary Technical Results. Technical Report MS-CIS-08-10, University of Pennsylvania.

Y. Régis-Gianas & F. Pottier (2008) A Hoare logic for call-by-value functional programs. In Mathematics of Program Construction (MPC'08), P. Adebaud & C. Paulin-Mohring (eds), Lecture Notes in Computer Science, vol. 5133. Berlin Heidelberg, Germany: Springer, pp. 305335.

Recommend this journal

Email your librarian or administrator to recommend adding this journal to your organisation's collection.

Journal of Functional Programming
  • ISSN: 0956-7968
  • EISSN: 1469-7653
  • URL: /core/journals/journal-of-functional-programming
Please enter your name
Please enter a valid email address
Who would you like to send this to? *
×

Metrics

Full text views

Total number of HTML views: 0
Total number of PDF views: 6 *
Loading metrics...

Abstract views

Total abstract views: 132 *
Loading metrics...

* Views captured on Cambridge Core between September 2016 - 28th May 2017. This data will be updated every 24 hours.