ICFP 19991 Principals in Programming Languages: A Syntactic Proof Technique Steve Zdancewic Dan Grossman and Greg Morrisett Cornell University.

Slides:



Advertisements
Similar presentations
Transposing F to C Transposing F to C Andrew Kennedy & Don Syme Microsoft Research Cambridge, U.K.
Advertisements

W.Koch: REGNET; 10/19991 Creation of digital goods (domain: Cultural Heritage, including libraries, museums, archives, galleries, etc) with emphasis on.
MDF99 Vocabulary Chapter HL7 Working Group Meetings April 26, 1999 Toronto, Canada Stan Huff -
Types and Programming Languages Lecture 4 Simon Gay Department of Computing Science University of Glasgow 2006/07.
Types and Programming Languages Lecture 7 Simon Gay Department of Computing Science University of Glasgow 2006/07.
Substitution & Evaluation Order cos 441 David Walker.
Security of Multithreaded Programs by Compilation Tamara Rezk INDES Project, INRIA Sophia Antipolis Mediterranee Joint work with Gilles Barthe, Alejandro.
George W. Beeler, Jr. 1/25/19991© 1999, Health Level Seven, Inc. V3 Education: Building.
Type Systems and Object- Oriented Programming (III) John C. Mitchell Stanford University.
©William J Ferns, I. Models for Websites: What’s Involved in Building and Maintaining a Site?
Bayesian Reconstruction of 3D Human Motion from Single-Camera Video
Type Analysis and Typed Compilation Stephanie Weirich Cornell University.
The Semantic Soundness of a Type System for Interprocedural Register Allocation and Constructor Registration Torben Amtoft Kansas State University joint.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
Pedigree Types Yu David Liu, Johns Hopkins University / SUNY Binghamton Scott F. Smith, Johns Hopkins University July 7, IWACO’08.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
A URA: A language with authorization and audit Steve Zdancewic University of Pennsylvania HCSS 2008.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
CSE341: Programming Languages Lecture 16 Datatype-Style Programming With Lists or Structs Dan Grossman Winter 2013.
CSE341: Programming Languages Lecture 27 Generics vs. Subtyping; Bounded Polymorphism Dan Grossman Fall 2011.
Ashish Kundu CS590F Purdue 02/12/07 Language-Based Information Flow Security Andrei Sabelfield, Andrew C. Myers Presentation: Ashish Kundu
Principal Type Schemes for Modular Programs Derek Dreyer and Matthias Blume Toyota Technological Institute at Chicago ESOP 2007 Braga, Portugal.
Typed Assembly Languages COS 441, Fall 2004 Frances Spalding Based on slides from Dave Walker and Greg Morrisett.
Functional Design and Programming Lecture 1: Functional modeling, design and programming.
Intensional Polymorphism in Type-Erasure Semantics Karl Crary, Stephanie Weirich, Greg Morrisett Presentation by Nate Waisbrot.
Information Flow, Security and Programming Languages Steve Steve Zdancewic.
Denotational Semantics Syntax-directed approach, generalization of attribute grammars: –Define context-free abstract syntax –Specify syntactic categories.
Data Abstraction COS 441 Princeton University Fall 2004.
Parametric Polymorphism COS 441 Princeton University Fall 2004.
Steve Zdancewic ESOP011 Secure Information Flow and CPS Steve Zdancewic Joint work with Andrew Myers Cornell University.
Survey of Typed Assembly Language (TAL) Introduction and Motivation –Conventional untyped compiler < Typed intermediate languages –Typed intermediate language.
01/17/20031 Guarded Recursive Datatype Constructors Hongwei Xi and Chiyan Chen and Gang Chen Boston University.
Typed Memory Management in a Calculus of Capabilities David Walker (with Karl Crary and Greg Morrisett)
1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.
1 A Dependently Typed Assembly Language Hongwei Xi University of Cincinnati and Robert Harper Carnegie Mellon University.
Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space html://
Generative type abstraction and type-level computation (Wrestling with System FC) Stephanie Weirich, Steve Zdancewic University of Pennsylvania Dimitrios.
Robust Declassification Steve Zdancewic Andrew Myers Cornell University.
A Type System for Expressive Security Policies David Walker Cornell University.
Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.
Discrete Structures Chapter 5: Sequences, Mathematical Induction, and Recursion 5.2 Mathematical Induction I [Mathematical induction is] the standard proof.
Mechanized Metatheory for User- Defined Type Extensions Dan Marino, Brian Chin, Todd Millstein UCLA Gang Tan Boston College Robert J. Simmons, David Walker.
Advanced Type Systems for Low-Level Languages Greg Morrisett Cornell University.
Platforms and tools for Web Services and Mobile Applications Introduction to C# Bent Thomsen Aalborg University 3rd and 4th of June 2004.
A Formal Model of Modularity in Aspect-Oriented Programming Jonathan Aldrich : Objects and Aspects Carnegie Mellon University.
Feudal C Automatic memory management with zero runtime overhead CS263 - Spring 1999 Scott McPeak Dan Bonachea Carol Hurwitz C.
Types for Programs and Proofs Lecture 1. What are types? int, float, char, …, arrays types of procedures, functions, references, records, objects,...
4 Dec 2001Kestrel1 From Patterns to Programming Languages Matthias Felleisen Northeastern University.
Containment and Integrity for Mobile Code Security policies as types Andrew Myers Fred Schneider Department of Computer Science Cornell University.
Typed Lambda Calculus Chapter 9 Benjamin Pierce Types and Programming Languages.
A Locally Nameless Theory of Objects 1.Introduction:  -calculus and De Bruijn notation 2.locally nameless technique 3.formalization in Isabelle and proofs.
Principles of programming languages 5: An operational semantics of a small subset of C Department of Information Science and Engineering Isao Sasano.
Type Safety Kangwon National University 임현승 Programming Languages.
Recursion. What is recursion? Rules of recursion Mathematical induction The Fibonacci sequence Summary Outline.
Introduction to Programming Languages S1.3.1Bina © 1998 Liran & Ofir Introduction to Programming Languages Programming in C.
Reading and Writing Mathematical Proofs Spring 2015 Lecture 4: Beyond Basic Induction.
Singleton Kinds and Singleton Types Christopher A. Stone August 2, 1999 Thesis Committee Bob Harper, chair Peter Lee John Reynolds Jon Riecke (Bell Laboratories)
Advanced Formal Methods Lecture 3: Simply Typed Lambda calculus Mads Dam KTH/CSC Course 2D1453, Some material from B. Pierce: TAPL + some from.
1 Compiler Construction (CS-636) Muhammad Bilal Bashir UIIT, Rawalpindi.
A Type System for Higher-Order Modules Derek Dreyer, Karl Crary, and Robert Harper Carnegie Mellon University POPL 2003.
A Mechanized Model of the Theory of Objects 1.Functional  -calculus in Isabelle 2.Confluence Proof in Isabelle 3.Ongoing Work, Applications, Conclusion.
CMSC 330: Organization of Programming Languages Operational Semantics.
Types and Programming Languages Lecture 3 Simon Gay Department of Computing Science University of Glasgow 2006/07.
Alias Types David Walker Cornell University What do you want to type check today?
Extreme predicates beyond continuity K. Rustan M. Leino Principal Researcher Research in Software Engineering (RiSE), Microsoft Research, Redmond Visiting.
Programming Languages Dan Grossman 2013 ML Expressions and Variable Bindings.
CSE-321 Programming Languages Simply Typed -Calculus
Types for Programs and Proofs
TALx86: A Realistic Typed Assembly Language
Programming Languages Dan Grossman 2013
Presentation transcript:

ICFP Principals in Programming Languages: A Syntactic Proof Technique Steve Zdancewic Dan Grossman and Greg Morrisett Cornell University

ICFP Type Abstraction Long history of study –Strachey 1967, Reynolds 1974, 1983, Mitchell & Plotkin 1988,... Reasoning about Programs –Type safety –System Design –Extensible Systems

ICFP Principals One way to characterize principals is by their "view" of the environment. Resources Available –Memory –Security Privileges –Type Information(this talk)

ICFP Types and Principals (* File handle *) abstype fh open : string fh read : fh char Host Client type fh = int fun open s =... val h = open"file"... API

ICFP Safety Properties Client cant create file handles: –Must call open to obtain file handles File handles are abstract: –No client ever performs [ handle + 3 ] –Host can return any integer as handle The read function is applied only to host- provided values

ICFP Polymorphic Encoding fh. host: { open: string fh, read: fh char }. )

ICFP Operational Models Needed Parametric Polymorphism Recursive Types References & State Control Operators Threads Objects...

ICFP The Goal Track and enforce type abstractions in an operational semantics. (Proofs in style of Wright & Felleisen 1992)

ICFP Linking Host and Client fh. host: { open: string fh, read: fh char }. ) int

ICFP Evaluation fh. host: { open: string fh, read: fh char }. ) int host: { open: string int, read: int char }. { int / fh })

ICFP Evaluation host: { open: string int, read: int char }. [ int / fh ]) { int / fh }{ / host }

ICFP An Observation No mention of fh No distinction between client and host { int / fh }{ / host }

ICFP Our Solution Make principals explicit in the syntax: Color client code blue Color host code red Typecheck with different rules: – Host knows fh = int Track colors during evaluation

ICFP Syntax fh | int | |... C x | n | x C | (C C) | [H] H x | n | x H | (H H) | [C] Ø | [x: ] | [x: ]

ICFP Client Operational Semantics [ x H] x H x x [n] int n [n] fh

ICFP Host Operational Semantics [ n fh ] int n e e' [e] [e']

ICFP handle int hr(handle) fh char [3] fh

ICFP handle int hr(handle) fh char [3] fh handle fh hr( handle int ) char [3] fh

ICFP handle int hr(handle) fh char [3] fh handle fh hr( handle int ) char [3] fh hr( [3] fh int ) char

ICFP handle int hr(handle) fh char [3] fh handle fh hr( handle int ) char [3] fh hr( [3] fh int ) char hr( 3 ) char

ICFP handle int hr(handle) fh char [3] fh handle fh hr( handle int ) char [3] fh hr( [3] fh int ) char hr( 3 ) char A char

ICFP handle int hr(handle) fh char [3] fh handle fh hr( handle int ) char [3] fh hr( [3] fh int ) char hr( 3 ) char A char A

ICFP Static Semantics C] int / fh C H int / fh H]

ICFP Theorems Soundness proved by standard Subject Reduction and Progress lemmas. Erasure property: Embeddings and colors dont affect evaluation.

ICFP Independence of Evaluation If C is host-free and h fh C is of type fh int then: ( h fh C) [n] fh m iff ( h fh C) [n'] fh m

ICFP File Handles Come From Open Suppose ( open string fh C) is well-typed and C is host-free. If ( open string fh C) [ s string ho(s) ] string fh steps to C' containing [n] fh as a subterm, then n was derived from a sequence of the form: ho ( s ) n

ICFP The General Setting Multiple principals Many abstract types Products, Sums, Recursive Types, and References Proofs follow standard techniques

ICFP Related Work Language Based Security (Smith & Volpano '97, Heintze & Riecke '98, Myers '99) Principals (Nielson & Nielson '92, Leroy & Rouaix '98) Other Parametricity Results (Abadi, Cardelli & Curien '93, Crary '99, Pierce & Sangiorgi '99)

ICFP Summary Principals are a useful conceptual framework. Operational approach to proving type abstraction properties

ICFP Host Operational Semantics [ n fh ] int n [ x C] x int / fh C x x

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.