Abstract
Several recent security-typed programming languages, such as Aura, PCML5, and Fine, allow programmers to express and enforce access control and information flow policies. In this paper, we show that security-typed programming can be embedded as a library within a general-purpose dependently typed programming language, Agda. Our library, Aglet, accounts for the major features of existing security-typed programming languages, such as decentralized access control, typed proof-carrying authorization, ephemeral and dynamic policies, authentication, spatial distribution, and information flow. The implementation of Aglet consists of the following ingredients: First, we represent the syntax and proofs of an authorization logic, Garg and Pfenning's BL0, using dependent types. Second, we implement a proof search procedure, based on a focused sequent calculus, to ease the burden of constructing proofs. Third, we represent computations using a monad indexed by pre- and post-conditions drawn from the authorization logic, which permits ephemeral policies that change during execution. We describe the implementation of our library and illustrate its use on a number of the benchmark examples considered in the literature.
Supplemental Material
- }}M. Abadi. Access control in a core calculus of dependency. In Internatonal Conference on Functional Programming, 2006. Google Scholar
Digital Library
- }}M. Abadi. Variations in access control logic. In International Conference on Deontic Logic in Computer Science, pages 96--109. Springer-Verlag, 2008. Google Scholar
Digital Library
- }}M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15 (4): 706--734, September 1993. Google Scholar
Digital Library
- }}M. Abadi, A. Banerjee, N. Heintze, and J. G. Riecke. A core calculus of dependency. In ACM Symposium on Principles of Programming Languages, pages 147--160. ACM Press, 1999. Google Scholar
Digital Library
- }}T. Altenkirch and C. McBride. Generic programming within dependently typed programming. In IFIP TC2 Working Conference on Generic Programming, Schloss Dagstuhl, 2003. Google Scholar
Digital Library
- }}J.-M. Andreoli. Logic programming with focusing proofs in linear logic. Journal of Logic and Computation, 2 (3): 297--347, 1992.Google Scholar
Cross Ref
- }}A. W. Appel and E. W. Felten. Proof-carrying authentication. In ACM Conference on Computer and Communications Security, pages 52--62, 1999. Google Scholar
Digital Library
- }}K. Avijit and R. Harper. A language for access control. Technical Report CMU-CS-07-140, Carnegie Mellon University, Computer Science Department, 2007.Google Scholar
- }}K. Avijit, A. Datta, and R. Harper. Distributed programming with distributed authorization. In ACM SIGPLAN-SIGACT Symposium on Types in Language Design and Implementation, 2010. Google Scholar
Digital Library
- }}L. Bauer, S. Garriss, J. M. Mccune, M. K. Reiter, J. Rouse, and P. Rutenbar. Device-enabled authorization in the Grey System. In Proceedings of the 8th Information Security Conference, pages 431--445. Springer Verlag LNCS, 2005. Google Scholar
Digital Library
- }}J. Bengtson, K. Bhargavan, C. Fournet, A. Gordon, and S. Maffeis. Refinement types for secure implementations. In Computer Science Logic, 2008.Google Scholar
- }}J. Borgström, A. D. Gordon, and R. Pucella. Roles, Stacks, Histories: A Triple for Hoare. Technical Report MSR-TR-2009-97, Microsoft Research, 2009.Google Scholar
- }}A. Chaudhuri and D. Garg. PCAL: Language support for proof-carrying authorization systems. In Proceedings of the 14th European Symposium on Research in Computer Security, September 2009. Google Scholar
Digital Library
- }}S. Chong, A. C. Myers, K. Vikram, and L. Zheng. Jif reference manual. Available from http://www.cs.cornell.edu/jif/doc/jif-3.3.0/manual.html|, February 2009.Google Scholar
- }}T. Chothia, D. Duggan, and J. Vitek. Type-based distributed access control (extended abstract). In Computer Security Foundations Workshop, 2003.Google Scholar
Cross Ref
- }}H. DeYoung and F. Pfenning. Reasoning about the consequences of authorization policies in a linear epistemic logic. In Workshop on Foundations of Computer Security, 2009.Google Scholar
- }}H. DeYoung, D. Garg, and F. Pfenning. An authorization logic with explicit time. In IEEE Computer Security Foundations Symposium, 2008. Google Scholar
Digital Library
- }}D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Specifying and reasoning about dynamic access-control policies. In International Joint Conference on Automated Reasoning, pages 632--646. Springer, 2006. Google Scholar
Digital Library
- }}C. Fournet, A. D. Gordon, and S. Maffeis. A type discipline for authorization in distributed systems. In Computer Science Logic, 2007.Google Scholar
- }}D. Garg. Proof Theory for Authorization Logic and its Application to a Practical File System. PhD thesis, Carnegie Mellon University, 2009.Google Scholar
- }}D. Garg. Proof search in an authorization logic. Technical Report CMU-CS-09-121, Computer Science Department, Carnegie Mellon University, April 2009.Google Scholar
Cross Ref
- }}D. Garg and F. Pfenning. Non-interference in constructive authorization logic. In Computer Security Foundations Workshop, pages 183--293, 2006. Google Scholar
Digital Library
- }}D. Garg and F. Pfenning. PCFS: A proof-carrying file system. Technical Report CMU-CS-09-123, Carnegie Mellon University, 2009.Google Scholar
Cross Ref
- }}L. Jia, J. A. Vaughan, K. Mazurak, J. Zhao, L. Zarko, J. Schorr, and S. Zdancewic. Aura: A programming language for authorization and audit. In ACM SIGPLAN International Conference on Functional Programming, 2008. Google Scholar
Digital Library
- }}K. Kariso. Integrating Agda and automated theorem proving techniques. Talk at Dependently Typed Programming Workshop, 2010.Google Scholar
- }}S. Krishnamurthi. The CONTINUE server (or, How I administered PADL 2002 and 2003). In International Symposium on Practical Aspects of Declarative Languages, pages 2--16. Springer-Verlag, 2003. Google Scholar
Digital Library
- }}D. R. Licata and R. Harper. A monadic formalization of ML5. In Pre-preceedings of Workshop on Logical Frameworks and Meta-languages: Theory and Practice, July 2010.Google Scholar
Cross Ref
- }}J. Morgenstern and D. R. Licata. Security-typed programming within dependently typed programming. Technical Report CMU-CS-10--114, Carnegie Mellon University, 2010.Google Scholar
Digital Library
- }}T. Murphy, VII. Modal Types for Mobile Code. PhD thesis, Carnegie Mellon, January 2008. Available as technical report CMU-CS-08-126. Google Scholar
Digital Library
- }}A. Nanevski, G. Morrisett, and L. Birkedal. Polymorphism and separation in Hoare Type Theory. In ACM SIGPLAN International Conference on Functional Programming, pages 62--73, Portland, Oregon, 2006. Google Scholar
Digital Library
- }}A. Nanevski, G. Morrisett, A. Shinnar, P. Govereau, and L. Birkedal. Ynot: Reasoning with the awkward squad. In ACM SIGPLAN International Conference on Functional Programming, 2008.Google Scholar
- }}U. Norell. Towards a practical programming language based on dependent type theory. PhD thesis, Chalmers University of Technology, 2007.Google Scholar
- }}F. Pfenning and R. Davies. A judgmental reconstruction of modal logic. Mathematical Structures in Computer Science, 11: 511--540, 2001. Google Scholar
Digital Library
- }}F. Pfenning and R. J. Simmons. Substructural operational semantics as ordered logic programming. In IEEE Symposium on Logic In Computer Science, pages 101--110, Los Alamitos, CA, USA, September 2009. IEEE Computer Society. Google Scholar
Digital Library
- }}G. Plotkin and M. Pretnar. Handlers of algebraic effects. In European Symposium on Programming, pages 80--94. Springer-Verlag, 2009. Google Scholar
Digital Library
- }}A. Russo, K. Claessen, and J. Hughes. A library for light-weight information-flow security in Haskell. In ACM SIGPLAN Symposium on Haskell, pages 13--24. ACM, 2008. Google Scholar
Digital Library
- }}N. Swamy, B. J. Corcoran, and M. Hicks. Fable: A language for enforcing user-defined security policies. In IEEE Symposium on Security and Privacy, pages 369--383. IEEE Computer Society, 2008. Google Scholar
Digital Library
- }}N. Swamy, J. Chen, and R. Chugh. Enforcing stateful authorization and information flow policies in Fine. In European Symposium on Programming, 2010. Google Scholar
Digital Library
- }}J. A. Vaughan, L. Jia, K. Mazurak, and S. Zdancewic. Evidence-based audit. In IEEE Computer Security Foundations Symposium, June 2008. Google Scholar
Digital Library
- }}E. Wobber, M. Abadi, M. Burrows, and B. Lampson. Authentication in the Taos operating system. ACM Transactions On Computer Systems, 12 (1): 3--32, 1994. Google Scholar
Digital Library
Index Terms
Security-typed programming within dependently typed programming
Recommendations
Security-typed programming within dependently typed programming
ICFP '10: Proceedings of the 15th ACM SIGPLAN international conference on Functional programmingSeveral recent security-typed programming languages, such as Aura, PCML5, and Fine, allow programmers to express and enforce access control and information flow policies. In this paper, we show that security-typed programming can be embedded as a ...
Dependently typed programming in Agda
TLDI '09: Proceedings of the 4th international workshop on Types in language design and implementationDependently typed languages have for a long time been used to describe proofs about programs. Traditionally, dependent types are used mostly for stating and proving the properties of the programs and not in defining the programs themselves. An ...
Propositional equality for gradual dependently typed programming
Gradual dependent types can help with the incremental adoption of dependently typed code by providing a principled semantics for imprecise types and proofs, where some parts have been omitted. Current theories of gradual dependent types, though, lack ...







Comments