A Systematic Approach to Static Access Control

Pottier, François; Skalka, Christian; Smith, Scott F.

doi:10.1007/3-540-45309-1_3

Cited by 54 publications

(79 citation statements)

References 10 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The λ sec -calculus of Pottier et al (2005) is a call-by-value λ-calculus model of higherorder stack inspection. We present the language as given by Clements and Felleisen (2004).…”

Section: The λ Sec -Calculus and Stack-inspectionmentioning

confidence: 99%

Systematic abstraction of abstract machines

Horn¹,

Might²

2012

J. Funct. Prog.

View full text Add to dashboard Cite

We describe a derivational approach to abstract interpretation that yields novel and transparently sound static analyses when applied to well-established abstract machines for higherorder and imperative programming languages. To demonstrate the technique and support our claim, we transform the CEK machine of Felleisen and Friedman (Proc. of the 14th ACM SIGACT-SIGPLAN Symp. Prin. Program. Langs, 1987, pp. 314-325), a lazy variant of Krivine's machine (Higher-Order Symb. Comput. Vol 20, 2007, pp. 199-207), and the stackinspecting CM machine of Clements and Felleisen (ACM Trans. Program. Lang. Syst. Vol 26, 2004Vol 26, , pp. 1029Vol 26, -1052 into abstract interpretations of themselves. The resulting analyses bound temporal ordering of program events; predict return-flow and stack-inspection behavior; and approximate the flow and evaluation of by-need parameters. For all of these machines, we find that a series of well-known concrete machine refactorings, plus a technique of store-allocated continuations, leads to machines that abstract into static analyses simply by bounding their stores. These machines are parameterized by allocation functions that tune performance and precision and substantially expand the space of analyses that this framework can represent. We demonstrate that the technique scales up uniformly to allow static analysis of realistic language features, including tail calls, conditionals, mutation, exceptions, first-class continuations, and even garbage collection. In order to close the gap between formalism and implementation, we provide translations of the mathematics as running Haskell code for the initial development of our method.

show abstract

“…The λ sec -calculus of Pottier et al (2005) is a call-by-value λ-calculus model of higherorder stack inspection. We present the language as given by Clements and Felleisen (2004).…”

Section: The λ Sec -Calculus and Stack-inspectionmentioning

confidence: 99%

Systematic abstraction of abstract machines

Horn¹,

Might²

2012

J. Funct. Prog.

View full text Add to dashboard Cite

show abstract

“…Java stack inspection [46,34,29] is a language-based security mechanism that uses an underlying security model of principals and resources-all code is annotated with a principal identifier p, and a local ACL policy A mapping principals p to resources r(c) for which they are authorized is taken as given. An event ev p is issued whenever a codebase annotated with p is entered.…”

Section: Stack Inspection With Parameterized Privilegesmentioning

confidence: 99%

Types and trace effects of higher order programs

2007

Self Cite

View full text Add to dashboard Cite

Abstract. This paper shows how type effect systems can be combined with model-checking techniques to produce powerful, automatically verifiable program logics for higher order programs. The properties verified are based on the ordered sequence of events that occur during program execution, so called event traces. Our type and effect systems infer conservative approximations of the event traces arising at run-time, and model-checking techniques are used to verify logical properties of these histories. Our language model is based on the λ-calculus. Technical results include a type inference algorithm for a polymorphic type effect system, and a method for applying known model-checking techniques to the trace effects inferred by the type inference algorithm, allowing static enforcement of history-and stack-based security mechanisms. A type safety result is proven for both unification and subtyping constraint versions of the type system, ensuring that statically well-typed programs do not contain trace event checks that can fail at run-time.

show abstract

“…Their goal is to optimize the authorization performance, while one of the purposes of this paper is to discover authorization requirements by analyzing all possible paths through the program, even those that may not be discovered by a limited number of test cases. Pottier, et al [29] extend and formalize the SPS via type theory using a λ-calculus, called λ sec . However, their work does not address incomplete-program analysis [30].…”

Section: Related Workmentioning

confidence: 99%