183 research outputs found
An algebraic basis for specifying and enforcing access control in security systems
Security services in a multi-user environment are often based on access control mechanisms. Static aspects of an access control policy can be formalised using abstract algebraic models. We integrate these static aspects into a dynamic framework considering requesting access to resources as a process aiming at the prevention of access control violations when a program is executed. We use another algebraic technique, monads, as a meta-language to integrate access control operations into a functional
programming language. The integration of monads and concepts from a denotational model for process algebras provides a framework for programming of access control in security systems
Dynamic slicing of aspect oriented programs
As software application grows larger and become more complex, program maintenance activities such as adding new functionality, debugging and testing consume increasing amount of available resources for software development. In order to cope with this increased complexity, programmer need effective computer supported methods for decomposition and dependence analysis of programs. Program slicing is one method for such decomposition and dependence analysis. Program slicing is a decomposition technique which extracts program elements related to a particular computation from a program. A program slice consists of those parts of a program that may directly or indirectly affect the values computed at some program point of interest, referred to as a slicing criterion. A program slice can be static or dynamic. Static slice contains all the statements that may affect the slicing criterion for every possible inputs to the program. Dynamic slice contains only those statements that actually affect the slicing criterion for a particular input to the program. Aspect-oriented programming is a new programming technique proposed for cleanly modularizing the cross- cutting structure of concerns. An aspect is an area of concern that cuts across the structure of a program. The main idea behind aspect-oriented programming (AOP) is to allow a program to be constructed by describing each concern separately. Aspect J is an aspect-oriented extension to the Java programming language. Aspect J adds new concepts and associated constructs called join points, pointcuts, advices, introductions, and aspects to Java. Zhao developed the aspect-oriented system dependence graph (ASDG) to represent aspect-oriented programs and used two-pass slicing algorithm to compute static slice of aspect-oriented programs. But the disadvantage of his ASDG is that the weaving process is not represented correctly and this graph cannot be used for dynamic slicing. Our objective was to develop a suitable intermediate representation of an aspectoriented program and to develop suitable dynamic slicing technique
Gradual Liquid Type Inference
Liquid typing provides a decidable refinement inference mechanism that is
convenient but subject to two major issues: (1) inference is global and
requires top-level annotations, making it unsuitable for inference of modular
code components and prohibiting its applicability to library code, and (2)
inference failure results in obscure error messages. These difficulties
seriously hamper the migration of existing code to use refinements. This paper
shows that gradual liquid type inference---a novel combination of liquid
inference and gradual refinement types---addresses both issues. Gradual
refinement types, which support imprecise predicates that are optimistically
interpreted, can be used in argument positions to constrain liquid inference so
that the global inference process e effectively infers modular specifications
usable for library components. Dually, when gradual refinements appear as the
result of inference, they signal an inconsistency in the use of static
refinements. Because liquid refinements are drawn from a nite set of
predicates, in gradual liquid type inference we can enumerate the safe
concretizations of each imprecise refinement, i.e. the static refinements that
justify why a program is gradually well-typed. This enumeration is useful for
static liquid type error explanation, since the safe concretizations exhibit
all the potential inconsistencies that lead to static type errors. We develop
the theory of gradual liquid type inference and explore its pragmatics in the
setting of Liquid Haskell.Comment: To appear at OOPSLA 201
A Design for a Security-typed Language with Certificate-based Declassification
This paper presents a calculus that supports information-flow security policies and certificate-based declassification. The decentralized label model and its downgrading mechanisms are concisely expressed in the polymorphic lambda calculus with subtyping (System F≾). We prove a conditioned version of the noninterference theorem such that authorization for declassification is justified by digital certificates from public-key infrastructures
Heap Abstractions for Static Analysis
Heap data is potentially unbounded and seemingly arbitrary. As a consequence,
unlike stack and static memory, heap memory cannot be abstracted directly in
terms of a fixed set of source variable names appearing in the program being
analysed. This makes it an interesting topic of study and there is an abundance
of literature employing heap abstractions. Although most studies have addressed
similar concerns, their formulations and formalisms often seem dissimilar and
some times even unrelated. Thus, the insights gained in one description of heap
abstraction may not directly carry over to some other description. This survey
is a result of our quest for a unifying theme in the existing descriptions of
heap abstractions. In particular, our interest lies in the abstractions and not
in the algorithms that construct them.
In our search of a unified theme, we view a heap abstraction as consisting of
two features: a heap model to represent the heap memory and a summarization
technique for bounding the heap representation. We classify the models as
storeless, store based, and hybrid. We describe various summarization
techniques based on k-limiting, allocation sites, patterns, variables, other
generic instrumentation predicates, and higher-order logics. This approach
allows us to compare the insights of a large number of seemingly dissimilar
heap abstractions and also paves way for creating new abstractions by
mix-and-match of models and summarization techniques.Comment: 49 pages, 20 figure
- …