7,198 research outputs found
Polymonadic Programming
Monads are a popular tool for the working functional programmer to structure
effectful computations. This paper presents polymonads, a generalization of
monads. Polymonads give the familiar monadic bind the more general type forall
a,b. L a -> (a -> M b) -> N b, to compose computations with three different
kinds of effects, rather than just one. Polymonads subsume monads and
parameterized monads, and can express other constructions, including precise
type-and-effect systems and information flow tracking; more generally,
polymonads correspond to Tate's productoid semantic model. We show how to equip
a core language (called lambda-PM) with syntactic support for programming with
polymonads. Type inference and elaboration in lambda-PM allows programmers to
write polymonadic code directly in an ML-like syntax--our algorithms compute
principal types and produce elaborated programs wherein the binds appear
explicitly. Furthermore, we prove that the elaboration is coherent: no matter
which (type-correct) binds are chosen, the elaborated program's semantics will
be the same. Pleasingly, the inferred types are easy to read: the polymonad
laws justify (sometimes dramatic) simplifications, but with no effect on a
type's generality.Comment: In Proceedings MSFP 2014, arXiv:1406.153
Nontransitive Policies Transpiled
Nontransitive Noninterference (NTNI) and Nontransitive Types (NTT) are a new security condition and enforcement for policies which, in contrast to Denning\u27s classical lattice model, assume no transitivity of the underlying flow relation. Nontransitive security policies are a natural fit for coarse-grained information-flow control where labels are specified at module rather than variable level of granularity.While the nontransitive and transitive policies pursue different goals and have different intuitions, this paper demonstrates that nontransitive noninterference can in fact be reduced to classical transitive noninterference. We develop a lattice encoding that establishes a precise relation between NTNI and classical noninterference. Our results make it possible to clearly position the new NTNI characterization with respect to the large body of work on noninterference. Further, we devise a lightweight program transformation that leverages standard flow-sensitive information-flow analyses to enforce nontransitive policies. We demonstrate several immediate benefits of our approach, both theoretical and practical. First, we improve the permissiveness over (while retaining the soundness of) the nonstandard NTT enforcement. Second, our results naturally generalize to a language with intermediate inputs and outputs. Finally, we demonstrate the practical benefits by utilizing state-of-the-art flow-sensitive tool JOANA to enforce nontransitive policies for Java programs
Spartan Daily, December 3, 1979
Volume 73, Issue 61https://scholarworks.sjsu.edu/spartandaily/6559/thumbnail.jp
Spartan Daily, November 4, 1980
Volume 75, Issue 46https://scholarworks.sjsu.edu/spartandaily/6682/thumbnail.jp
Spartan Daily, November 4, 1980
Volume 75, Issue 46https://scholarworks.sjsu.edu/spartandaily/6682/thumbnail.jp
LJGS: Gradual Security Types for Object-Oriented Languages
LJGS is a lightweight Java core calculus with a gradual security type system. The calculus guarantees secure information flow for
sequential, class-based, typed object-oriented programming with
mutable objects and virtual method calls. An LJGS program is
composed of fragments that are checked either statically or
dynamically. Statically checked fragments adhere to a security type
system so that they incur no run-time penalty whereas dynamically
checked fragments rely on run-time security labels. The programmer
marks the boundaries between static and dynamic checking with casts
so that it is always clear whether a program fragment requires
run-time checks. LJGS requires security annotations on fields and
methods. A field annotation either specifies a fixed static
security level or it prescribes dynamic checking. A method
annotation specifies a constrained polymorphic security signature.
The types of local variables in method bodies are analyzed
flow-sensitively and require no annotation. The dynamic checking of
fields relies on a static points-to analysis to approximate implicit
flows. We prove type soundness and non-interference for LJGS
Symbolic Abstract Heaps for Polymorphic Information-flow Guard Inference (Extended Version)
In the realm of sound object-oriented program analyses for information-flow
control, very few approaches adopt flow-sensitive abstractions of the heap that
enable a precise modeling of implicit flows. To tackle this challenge, we
advance a new symbolic abstraction approach for modeling the heap in Java-like
programs. We use a store-less representation that is parameterized with a
family of relations among references to offer various levels of precision based
on user preferences. This enables us to automatically infer polymorphic
information-flow guards for methods via a co-reachability analysis of a
symbolic finite-state system. We instantiate the heap abstraction with three
different families of relations. We prove the soundness of our approach and
compare the precision and scalability obtained with each instantiated heap
domain by using the IFSpec benchmarks and real-life applications
- …