Aura: Programming with Authorization and Audit

Standard programming models do not provide direct ways of managing secret or untrusted data. This is a problem because programmers must use ad hoc methods to ensure that secrets are not leaked and, conversely, that tainted data is not used to make critical decisions. This dissertation advocates integrating cryptography and language-based analyses in order to build programming environments for declarative information security, in which high-level specifications of confidentiality and integrity constraints are automatically enforced in hostile execution environments. This dissertation describes Aura, a family of programing languages which integrate functional programming, access control via authorization logic, automatic audit logging, and confidentially via encryption. Aura\u27s programming model marries an expressive, principled way to specify security policies with a practical policy-enforcement methodology that is well suited for auditing access grants and protecting secrets. Aura security policies are expressed as propositions in an authorization logic. Such logics are suitable for discussing delegation, permission, and other security-relevant concepts. Aura\u27s (dependent) type system cleanly integrates standard data types, like integers, with proofs of authorization-logic propositions; this lets programs manipulate authorization proofs just like ordinary values. In addition, security-relevant implementation details---like the creation of audit trails or the cryptographic representation of language constructs---can be handled automatically with little or no programmer intervention

The Lumberjack, February 17, 1967

The student newspaper of Humboldt State University.https://digitalcommons.humboldt.edu/studentnewspaper/1695/thumbnail.jp

Dependent Object Types

A scalable programming language is one in which the same concepts can describe small as well as large parts. Towards this goal, Scala unifies concepts from object and module systems. In particular, objects can contain type members, which can be selected as types, called path-dependent types. Focusing on path-dependent types, we develop a type-theoretic foundation for Scala: the calculus of Dependent Object Types (DOT). We derive DOT from System F, we add a lower bound to each type variable, in addition to its usual upper bound, (2) in System D, we turn each type variable into a regular term variable containing a type, (3) for a full subtyping lattice, we add intersection and union types, (4) for objects, we consolidate all values into records, (5) for objects that close over a self, we introduce a recursive type, binding a self term variable, (6) for recursive types, we first extend the theory in typing and then also in subtyping. Through this bottom-up exploration, we discover a sound, uniform yet powerful design for DOT. We devise strategies and techniques for proving soundness that scale through this iterative step-by-step process: (1) "pushback" of subtyping transitivity or subsumption, to concisely capture inversion of subtyping or typing, (2) distinction between concrete vs. abstract context variables, to resolve tension between preservation of types vs. preservation of type abstractions, (3) and, specifically for big-step semantics, a type that closes over an environment, to relate context-dependent types across closures. While ultimately, we have developed sound models of DOT in both big-step and small-step operational semantics, historically, the shift to big-step semantics has been helpful in focusing the requirements. In particular, by developing a novel big-step soundness proof for System F<:, calculi like System D<: emerge as straightforward generalizations, almost like removing artificial restrictions. Interesting in their own right, our type soundness techniques for definitional interpreters extend to mutable references without use of co-induction. The DOT calculus finally grounds languages like Scala in firm theory. The DOT calculus helps in finding bugs in Scala, and in understanding feature interaction better as well as requirements. The DOT calculus serves as a good basis for future work which studies extensions or encodings on top of the core, bridging the gap from DOT to Dotty / Scala

DynamiTE:A 21st-Century Framework for Concurrent Component-Based Design

The free ride for software developers is over. In the past, computer programs have increased in performance simply by running on new hardware with ever increasing clock speeds. Now, however, this line of development has reached its end and chip designers are producing new processors, not with faster clocks, but with more cores. To take advantage of the speed increases offered by these new products, applications need to be redesigned with parallel processing firmly in mind. The problem is that mainstream designs are still inherently sequential. Concurrency tends to be an afterthought that may be useful to gain a performance boost, not an essential part of the design process. The current vogue for object-oriented designs tends to also have the side-effect of making them heavily data-oriented which doesn't scale well; each shared element of data has to be protected from simultaneous access, resulting in operations becoming sequential again. In addition, the usual methods for protecting data tend to be very low-level and error-prone. In this thesis, we introduce a new design method whereby applications are constructed from small sequential tasks connected by intercommunication primitives. Our approach is based on a two-stage process; first, the individual tasks are created as independent entities and tested with appropriate inputs, then secondly, the communication infrastructure between them is developed. We provide support for the latter via the DynamiTE framework, which allows the interactions to be defined using the terms of a process calculus. Depending on the developer's background, they can treat this as just another API, as a design pattern or as an algebraic expression which can be property checked for issues such as deadlocks. Either way, the communication layer can be developed, tested and evaluated separately from the tasks once it is known how the tasks will interface with one another. To supplement DynamiTE, we define our own process calculus, Nomadic Time, using a carefully chosen novel selection of constructs. Among the features of the calculus are the ability to perform communication both locally (one-to-one) and globally (one-to-many), and the flexibility to change the location of tasks during execution. Security is paramount to the design of Nomadic Time and migratory operations can be limited in two ways; by simple enumeration of possibilities or by the optional typing of constructs to allow restriction on a task-by-task basis. While it can't eradicate all the problems inherent in designing concurrent applications, DynamiTE can make things easier by reducing the dependency on shared resources and enhancing the reusability of concurrent components

Use of proofs-as-programs to build an anology-based functional program editor

This thesis presents a novel application of the technique known as proofs-as-programs. Proofs-as-programs defines a correspondence between proofs in a constructive logic and functional programs. By using this correspondence, a functional program may be represented directly as the proof of a specification and so the program may be analysed within this proof framework. CʸNTHIA is a program editor for the functional language ML which uses proofs-as-programs to analyse users' programs as they are written. So that the user requires no knowledge of proof theory, the underlying proof representation is completely hidden. The proof framework allows programs written in CʸNTHIA to be checked to be syntactically correct, well-typed, well-defined and terminating. CʸNTHIA also embodies the idea of programming by analogy — rather than starting from scratch, users always begin with an existing function definition. They then apply a sequence of high-level editing commands which transform this starting definition into the one required. These commands preserve correctness and also increase programming efficiency by automating commonly occurring steps. The design and implementation of CʸNTHIA is described and its role as a novice programming environment is investigated. Use by experts is possible but only a sub-set of ML is currently supported. Two major trials of CʸNTHIA have shown that CʸNTHIA is well-suited as a teaching tool. Users of CʸNTHIA make fewer programming errors and the feedback facilities of CʸNTHIA mean that it is easier to track down the source of errors when they do occur

Software Engineering with Incomplete Information

Information may be the common currency of the universe, the stuff of creation. As the physicist John Wheeler claimed, we get ``it from bit''. Measuring information, however, is a hard problem. Knowing the meaning of information is a hard problem. Directing the movement of information is a hard problem. This hardness comes when our information about information is incomplete. Yet we need to offer decision making guidance, to the computer or developer, when facing this incompleteness. This work addresses this insufficiency within the universe of software engineering. This thesis addresses the first problem by demonstrating that obtaining the relative magnitude of information flow is computationally less expensive than an exact measurement. We propose ranked information flow, or RIF, where different flows are ordered according to their FlowForward, a new measure designed for ease of ordering. To demonstrate the utility of FlowForward, we introduce information contour maps: heatmapped callgraphs of information flow within software. These maps serve multiple engineering uses, such as security and refactoring. By mixing a type system with RIF, we address the problem of meaning. Information security is a common concern in software engineering. We present OaST, the world's first gradual security type system that replaces dynamic monitoring with information theoretic risk assessment. OaST now contextualises FlowForward within a formally verified framework: secure program components communicate over insecure channels ranked by how much information flows through them. This context helps the developer interpret the flows and enables security policy discovery, adaptation and refactoring. Finally, we introduce safestrings, a type-based system for controlling how the information embedded within a string moves through a program. This takes a structural approach, whereby a string subtype is a more precise, information limited, subset of string, ie a string that contains an email address, rather than anything else

Disability is Beautiful, Disability is my Culture

The stories of advocates in the disability rights movement remain largely undocumented, especially in the area of the arts. This research uses ethnographic fieldwork to document such stories in the interviewee's own words. The resulting portrait of disability, advocacy, and the arts also details the story of interviewee and interviewer, and of the fieldworking process as a whole. This thesis focuses on the life history and life story of musician Jim Whalen and his contributions to the disability rights and arts movement. The fieldstudy explores the stories, creations, beliefs, motives, feelings, philosophies, thoughts, and life histories, of not only Whalen but also of the researcher and others intersecting with Whalen's life and work, including writer Steve Kuusisto. An ethnographic methodology, including both in-depth interviews and participant observation, comprise the research design. The researcher uses the interdisciplinary-research tools of fieldwork in order to document and represent his findings. In this study, advocacy and art are understood as vehicles to reframe current notions about disability. In addition to insight into the disability rights movement at this point in time, the stories included provide an arsenal of techniques, concepts, and tools to help disability advocates understand, reframe, and renegotiate life experiences, in particular through art. In conjunction with reframing ideas such as "This is normal for me" and renegotiating experiences such as "Always stops right now," other advocacy tools discovered include "Summoning the dragon," "Not if, but how," and "Everyone has a why." The final product is part word portrait, part life history, part snapshot, part auto-ethnography, part biography, part oral history, part cultural history, part narrative, part ethnography --it is both an explanation and an ode to the two central themes from which the title is born: "Disability is my culture" and "Disability is beautiful.

Mustang, July 29, 1971

Student newspaper of California Polytechnic State University, San Luis Obispo, CA.https://digitalcommons.calpoly.edu/studentnewspaper/2733/thumbnail.jp