Skip to main content
×
Home

Types and trace effects of higher order programs

  • CHRISTIAN SKALKA (a1), SCOTT SMITH (a2) and DAVID VAN HORN (a3)
Abstract
Abstract

This paper shows how type effect systems can be combined with model-checking techniques to produce powerful, automatically verifiable program logics for higher order programs. The properties verified are based on the ordered sequence of events that occur during program execution, so-called event traces. Our type and effect systems infer conservative approximations of the event traces arising at run-time, and model-checking techniques are used to verify logical properties of these histories. Our language model is based on the λ-calculus. Technical results include a type inference algorithm for a polymorphic type effect system, and a method for applying known model-checking techniques to the trace effects inferred by the type inference algorithm, allowing static enforcement of history- and stack-based security mechanisms. A type safety result is proven for both unification and subtyping constraint versions of the type system, ensuring that statically well-typed programs do not contain trace event checks that can fail at run-time.

Copyright
References
Hide All
Abadi M. & Fournet C. (2003) Access control based on execution history. In Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS'03).
Amtoft T., Nielson F. & Nielson H. R. (1999) Type and Effect Systems: Behaviours for Concurrency. London: Imperial College Press.
Ball T. & Rajamani S. K. (2000) Bebop: A symbolic model checker for boolean programs. In proceedings of the 7th International SPIN Workshop on SPIN Model Checking and Software Verification. Lecture Notes in Computer Science vol. 1885, pp. 113–130.
Bartoletti M., Degano P. & Ferrari G. L. (2005a) Enforcing secure service composition. In CSFW. IEEE Computer Society, pp. 211223.
Bartoletti M., Degano P. & Ferrari G. L. (2005b) History-based access control with local policies. In FoSSaCS, Vladimiro S. (ed), Lecture Notes in Computer Science, vol. 3441. Springer, pp. 316332
Bauer L., Ligatti J. & Walker D. (2002a) More enforceable security policies. In Proceedings of the Foundations of Computer Security Workshop.
Bauer L., Ligatti J. & Walker D. (2002b) Types and effects for non-interfering program monitors. In Proceedings of the International Symposium on Software Security.
Besson F., Jensen T., Métayer D. Le & Thorn T. (2001) Model checking security properties of control flow graphs. J. Comput. Secur. 9, 217250.
Besson F., de Grenier de Latour, T. & Jensen T. (2002) Secure calling contexts for stack inspection. In PPDP '02: Proceedings of the 4th ACM SIGPLAN International Conference on Principles and Practice of Declarative Programming, pp. 76–87.
Burkart O., Caucal D., Moller F. & Steffen B. (2001) Verification on infinite structures. In Handbook on Process Algebra, Bergstra J., Pons A., & Smolka S. (eds), Elsevier, pp. 545623.
Chen H. & Wagner D. (2002) MOPS: An infrastructure for examining security properties of software. In CCS '02: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 235–244.
Colcombet T. & Fradet P. (2000) Enforcing trace properties by program transformation. In POPL '00: Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 54–66.
Das M., Lerner S. & Seigle M. (2002) ESP: path-sensitive program verification in polynomial time. In PLDI '02: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pp. 57–68.
DeLine R. & Fähndrich M. (2001) Enforcing high-level protocols in low-level software. In PLDI '01: Proceedings of the ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation, pp. 59–69.
Edjlali G., Acharya A. & Chaudhary V. (1998) History-based access control for mobile code. In ACM Conference on Computer and Communications Security, pp. 3848.
Eifrig J., Smith S. & Trifonov V. (1995) Type inference for recursively constrained types and its application to OOP. In Proceedings of the 1995 Mathematical Foundations of Programming Semantics Conference. Electronic Notes in Computer Science, vol. 1. Elsevier.
Erlingsson Ú. & Schneider F. B. (2000) SASI enforcement of security policies: A retrospective. In NSPW '99: Proceedings of the 1999 Workshop on New Security Paradigms, pp. 87–95.
Esparza J. (1994) On the decidability of model checking for several mu-calculi and Petri nets. In Proceeding of CAAP '94. Lecture Notes in Computer Science, vol. 787.
Esparza J., Kucera A. & Schwoon S. (2001) Model-checking LTL with regular valuations for pushdown systems. In TACS: 4th International Conference on Theoretical Aspects of Computer Software.
Foster J. S., Terauchi T. & Aiken A. (2002) Flow-sensitive type qualifiers. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 1–12.
Gong L., Mueller M., Prafullchandra H. & Schemers R. (1997) Going beyond the sandbox: An overview of the new security architecture in the Java Development Kit 1.2. In USENIX Symposium on Internet Technologies and Systems, pp. 103–112.
Hamlen K. W., Morrisett G. & Schneider F. B. (2006) Certified in-lined reference monitoring on. NET. In Plas '06: Proceedings of the 2006 Workshop on Programming Languages and Analysis for Security. New York: ACM Press, pp. 716.
Higuchi Tomoyuki & Ohori Atsushi. (2007) A static type system for JVM access control. ACM Trans. Program. Lang. Syst. 29 (1), 4.
Igarashi A. & Kobayashi N. (2002) Resource usage analysis. In Conference Record of POPL'02: The 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 331–342.
Jensen T., Métayer D. Le & Thorn T. (1999) Verification of control flow based security properties. In Proceedings of the 1999 IEEE Symposium on Security and Privacy.
Marriott K., Stuckey P. J. & Sulzmann M. (2003) Resource usage verification. In Proceedings of First Asian Programming Languages Symposium, APLAS 2003.
Kozen D. (1983) Results on the propositional mu-calculus. Theor. Comput. Sci., 27, 333354.
Mandelbaum Y., Walker D. & Harper R. (2003) An effective theory of type refinements. In Proceedings of the the Eighth ACM SIGPLAN International Conference on Functional Programming (ICFP'03).
Nierstrasz O. (1993) Regular types for active objects. In Proceedings of the OOPSL '93 Conference on Object-Oriented Programming Systems, Languages, and Applications, pp. 1–15.
Palsberg J. & O'Keefe P. (1995) A type system equivalent to flow analysis. ACM Trans. Program. Lang. Syst., 17 (4), 576599.
Pierce B. C. (2002) Types and Programming Languages. The MIT Press, Chap. 22.
Pottier F., Skalka C. & Smith S. (2001) A systematic approach to static access control. In Proceedings of the 10th European Symposium on Programming (ESOP'01), Sands, D. (ed), Lecture Notes in Computer Science, vol. 2028. Springer-Verlag, pp. 30-45.
Rossie J. G. Jr., (1998) Logical observable entities. In OOPSLA '98: Proceedings of the 13th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 154–165.
Schmidt D. A. (1998) Trace-based abstract interpretation of operational semantics. Lisp Symbol. Comput, 10 (3), 237271.
Schneider F. B. (2000) Enforceable security policies. Inform. Syst. Secur. 3 (1), 3050.
Skalka C. (2005) Trace effects and object orientation. In PPDP '05: Proceedings of the 7th ACM SIGPLAN International Conference on Principles and Practice of Declarative Programming, pp. 139–150.
Skalka C. & Pottier F. (2003) Syntactic type soundness for HM(X). Electro. Notes Theor. Comput. Sci., 75, pp. 6174.
Skalka C. & Smith S. (2000) Static enforcement of security with types. In Proceedings of the the Fifth ACM SIGPLAN International Conference on Functional Programming (ICFP'00), pp. 34–45.
Skalka C. & Smith S. (2004) History effects and verification. In Asian Programming Languages Symposium.
Skalka C., Smith S. & Van Horn D. (2005, January) A type and effect system for flexible abstract interpretation of Java. In Proceedings of the ACM Workshop on Abstract Interpretation of Object Oriented Languages. Electronic Notes in Theoretical Computer Science.
Steffen B. & Burkart O. (1992) Model checking for context-free processes. In CONCUR'92, Stony Brook (NY). Lecture Notes in Computer Science (LNCS), vol. 630. Heidelberg, Germany: Springer-Verlag, pp. 123–137.
Stone C. (2000) Singleton Types and Singleton Kinds. Tech. Rept. CMU-CS-00-153. Carnegie Mellon University.
Sulzmann M. (2001) A general type inference framework for Hindley/Milner style systems. In International Symposium on Functional and Logic Programming. Lecture Notes in Computer Science, vol. 2024. Springer-Verlag, pp. 246–263.
Talpin J.-P. & Jouvelot P. (1992) The type and effect discipline. In Seventh Annual IEEE Symposium on Logic in Computer Science, Santa Cruz, California. Los Alamitos, CA: IEEE Computer Society Press, pp. 162–173.
Tarski A. (1955) A lattice-theoretical fixpoint theorem and its applications. Pac. J. Math. 5 (2), 285309.
Trifonov V. & Smith S. (1996) Subtyping constrained types. In Proceedings of the Third International Static Analysis Symposium, vol. 1145. Springer-Verlag, pp. 349–365.
Van Horn, D. (2006a) Algorithmic Trace Effect Analysis. M.Phil. thesis, University of Vermont.
Van Horn, D. (2006b) Trace effect analyis, OCaml implementation. Available at: http://www.cs.uvm.edu/dvanhorn/trace/. Accessed June 2007.
Walker D. (2000) A type system for expressive security policies. In Conference Record of POPL'00: The 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 254–267.
Wallach D. S. & Felten E. (1998) Understanding Java stack inspection. In Proceedings of the 1998 IEEE Symposium on Security and Privacy.
Recommend this journal

Email your librarian or administrator to recommend adding this journal to your organisation's collection.

Journal of Functional Programming
  • ISSN: 0956-7968
  • EISSN: 1469-7653
  • URL: /core/journals/journal-of-functional-programming
Please enter your name
Please enter a valid email address
Who would you like to send this to? *
×

Metrics

Full text views

Total number of HTML views: 0
Total number of PDF views: 10 *
Loading metrics...

Abstract views

Total abstract views: 78 *
Loading metrics...

* Views captured on Cambridge Core between September 2016 - 23rd November 2017. This data will be updated every 24 hours.