149 research outputs found
Language-Based Data Sharing in Web Applications
Cloud development and virtualization of applications is crucially becoming the common
practice in the software engineering industry. Many systems and database tools are
available to support applications with many instances and views, but all the orchestration of data and functionality in the so-called multi-tenant applications comes with a high development and maintenance cost. Due to the high costs of developing and maintaining such applications, there is an increasing need for languages and tools that support the gradual development of software for a highly shared environment, at the developer and user level.
We extend a typed, reactive and incremental programming environment and language
with parameterized modules that increase application modularity, with lenses that
provide a (filtered) data sharing mechanism between modules, and the (dynamic) verification of module access conditions to implement data privacy. The combination of
these mechanisms is a safe and powerful mechanism to design and evolve cloud and web applications.
We present a pragmatic programming language supported by a deployed prototype
where several examples of applications illustrate this new programming paradigm. We
also provide a largerweb application example as a means of showing how the combination of the introduced mechanisms allows for the development of multi-tenant applications, and to compare it against implementations in modern frameworks
PLACES'10: The 3rd Workshop on Programmng Language Approaches to concurrency and Communication-Centric Software
Paphos, Cyprus. March 201
Recommended from our members
Proving Cryptographic C Programs Secure with General-Purpose Verification Tools
Security protocols, such as TLS or Kerberos, and security devices such as the Trusted Platform Module (TPM), Hardware Security Modules (HSMs) or PKCS#11 tokens, are central to many computer interactions.
Yet, such security critical components are still often found vulnerable to attack after their deployment, either because the specification is insecure, or because of implementation errors.
Techniques exist to construct machine-checked proofs of security properties for abstract specifications.
However, this may leave the final executable code, often written in lower level languages such as C, vulnerable both to logical errors, and low-level flaws.
Recent work on verifying security properties of C code is often based on soundly extracting, from C programs, protocol models on which security properties can be proved.
However, in such methods, any change in the C code, however trivial, may require one to perform a new and complex security proof.
Our goal is therefore to develop or identify a framework in which security properties of cryptographic systems can be formally proved, and that can also be used to soundly verify, using existing general-purpose tools, that a C program shares the same security properties.
We argue that the current state of general-purpose verification tools for the C language, as well as for functional languages, is sufficient to achieve this goal, and illustrate our argument by developing two verification frameworks around the VCC verifier.
In the symbolic model, we illustrate our method by proving authentication and weak secrecy for implementations of several network security protocols.
In the computational model, we illustrate our method by proving authentication and strong secrecy properties for an exemplary key management API, inspired by the TPM
Owl: Compositional Verification of Security Protocols via an Information-Flow Type System
Computationally sound protocol verification tools promise to deliver full-strength cryptographic proofs for security protocols. Unfortunately, current tools lack either modularity or automation.
We propose a new approach based on a novel use of information flow and refinement types for sound cryptographic proofs. Our framework, Owl, allows type-based modular descriptions of security protocols, wherein disjoint subprotocols can be programmed and automatically proved secure separately.
We give a formal security proof for Owl via a core language which supports standard symmetric and asymmetric primitives, Diffie-Hellman operations, and hashing via random oracles. We also implement a type checker for Owl along with a prototype extraction mechanism to Rust, and evaluate it on 14 case studies, including (simplified forms of) SSH key exchange and Kerberos
SDN Access Control for the Masses
The evolution of Software-Defined Networking (SDN) has so far been
predominantly geared towards defining and refining the abstractions on the
forwarding and control planes. However, despite a maturing south-bound
interface and a range of proposed network operating systems, the network
management application layer is yet to be specified and standardized. It has
currently poorly defined access control mechanisms that could be exposed to
network applications. Available mechanisms allow only rudimentary control and
lack procedures to partition resource access across multiple dimensions.
We address this by extending the SDN north-bound interface to provide control
over shared resources to key stakeholders of network infrastructure: network
providers, operators and application developers. We introduce a taxonomy of SDN
access models, describe a comprehensive design for SDN access control and
implement the proposed solution as an extension of the ONOS network controller
intent framework
Towards a formally designed and verified embedded operating system: case study using the B method
The dramatic growth in practical applications for iris biometrics has been accompanied
by relevant developments in the underlying algorithms and techniques. Along
with the research focused on near-infrared images captured with subject cooperation,
e orts are being made to minimize the trade-o between the quality of the captured
data and the recognition accuracy on less constrained environments, where images are
obtained at the visible wavelength, at increased distances, over simpli ed acquisition
protocols and adverse lightning conditions. At a rst stage, interpolation e ects on
normalization process are addressed, pointing the outcomes in the overall recognition
error rates. Secondly, a couple of post-processing steps to the Daugman's approach
are performed, attempting to increase its performance in the particular unconstrained
environments this thesis assumes. Analysis on both frequency and spatial domains
and nally pattern recognition methods are applied in such e orts. This thesis embodies
the study on how subject recognition can be achieved, without his cooperation,
making use of iris data captured at-a-distance, on-the-move and at visible wavelength
conditions. Widely used methods designed for constrained scenarios are analyzed
- âŚ