23,659 research outputs found
An algebraic basis for specifying and enforcing access control in security systems
Security services in a multi-user environment are often based on access control mechanisms. Static aspects of an access control policy can be formalised using abstract algebraic models. We integrate these static aspects into a dynamic framework considering requesting access to resources as a process aiming at the prevention of access control violations when a program is executed. We use another algebraic technique, monads, as a meta-language to integrate access control operations into a functional
programming language. The integration of monads and concepts from a denotational model for process algebras provides a framework for programming of access control in security systems
Type-based Dependency Analysis for JavaScript
Dependency analysis is a program analysis that determines potential data flow
between program points. While it is not a security analysis per se, it is a
viable basis for investigating data integrity, for ensuring confidentiality,
and for guaranteeing sanitization. A noninterference property can be stated and
proved for the dependency analysis. We have designed and implemented a
dependency analysis for JavaScript. We formalize this analysis as an
abstraction of a tainting semantics. We prove the correctness of the tainting
semantics, the soundness of the abstraction, a noninterference property, and
the termination of the analysis.Comment: Technical Repor
Lambda Calculus in Core Aldwych
Core Aldwych is a simple model for concurrent computation, involving the concept of agents which communicate through shared variables. Each variable will have exactly one agent that can write to it, and its value can never be changed once written, but a value can contain further variables which are written to later. A key aspect is that the reader of a value may become the writer of variables in it. In this paper we show how this model can be used to encode lambda calculus. Individual function applications can be explicitly encoded as lazy or not, as required. We then show how this encoding can be extended to cover functions which manipulate mutable variables, but with the underlying Core Aldwych implementation still using only immutable variables. The ordering of function applications then becomes an issue, with Core Aldwych able to model either the enforcement of an ordering or the retention of indeterminate ordering, which allows parallel execution
Modalities, Cohesion, and Information Flow
It is informally understood that the purpose of modal type constructors in
programming calculi is to control the flow of information between types. In
order to lend rigorous support to this idea, we study the category of
classified sets, a variant of a denotational semantics for information flow
proposed by Abadi et al. We use classified sets to prove multiple
noninterference theorems for modalities of a monadic and comonadic flavour. The
common machinery behind our theorems stems from the the fact that classified
sets are a (weak) model of Lawvere's theory of axiomatic cohesion. In the
process, we show how cohesion can be used for reasoning about multi-modal
settings. This leads to the conclusion that cohesion is a particularly useful
setting for the study of both information flow, but also modalities in type
theory and programming languages at large
A framework for deadlock detection in core ABS
We present a framework for statically detecting deadlocks in a concurrent
object-oriented language with asynchronous method calls and cooperative
scheduling of method activations. Since this language features recursion and
dynamic resource creation, deadlock detection is extremely complex and
state-of-the-art solutions either give imprecise answers or do not scale. In
order to augment precision and scalability we propose a modular framework that
allows several techniques to be combined. The basic component of the framework
is a front-end inference algorithm that extracts abstract behavioural
descriptions of methods, called contracts, which retain resource dependency
information. This component is integrated with a number of possible different
back-ends that analyse contracts and derive deadlock information. As a
proof-of-concept, we discuss two such back-ends: (i) an evaluator that computes
a fixpoint semantics and (ii) an evaluator using abstract model checking.Comment: Software and Systems Modeling, Springer Verlag, 201
- …