Presentation is loading. Please wait.

Presentation is loading. Please wait.

ICFP 19991 Principals in Programming Languages: A Syntactic Proof Technique Steve Zdancewic Dan Grossman and Greg Morrisett Cornell University.

Published byMarvin Hurlburt Modified over 10 years ago

Similar presentations

Presentation on theme: "ICFP 19991 Principals in Programming Languages: A Syntactic Proof Technique Steve Zdancewic Dan Grossman and Greg Morrisett Cornell University."— Presentation transcript:

1 ICFP 19991 Principals in Programming Languages: A Syntactic Proof Technique Steve Zdancewic Dan Grossman and Greg Morrisett Cornell University

2 ICFP 19992 Type Abstraction Long history of study –Strachey 1967, Reynolds 1974, 1983, Mitchell & Plotkin 1988,... Reasoning about Programs –Type safety –System Design –Extensible Systems

3 ICFP 19993 Principals One way to characterize principals is by their "view" of the environment. Resources Available –Memory –Security Privileges –Type Information(this talk)

4 ICFP 19994 Types and Principals (* File handle *) abstype fh open : string fh read : fh char Host Client type fh = int fun open s =... val h = open"file"... API

5 ICFP 19995 Safety Properties Client cant create file handles: –Must call open to obtain file handles File handles are abstract: –No client ever performs [ handle + 3 ] –Host can return any integer as handle The read function is applied only to host- provided values

6 ICFP 19996 Polymorphic Encoding fh. host: { open: string fh, read: fh char }. )

7 ICFP 19997 Operational Models Needed Parametric Polymorphism Recursive Types References & State Control Operators Threads Objects...

8 ICFP 19998 The Goal Track and enforce type abstractions in an operational semantics. (Proofs in style of Wright & Felleisen 1992)

9 ICFP 19999 Linking Host and Client fh. host: { open: string fh, read: fh char }. ) int

10 ICFP 199910 Evaluation fh. host: { open: string fh, read: fh char }. ) int host: { open: string int, read: int char }. { int / fh })

11 ICFP 199911 Evaluation host: { open: string int, read: int char }. [ int / fh ]) { int / fh }{ / host }

12 ICFP 199912 An Observation No mention of fh No distinction between client and host { int / fh }{ / host }

13 ICFP 199913 Our Solution Make principals explicit in the syntax: Color client code blue Color host code red Typecheck with different rules: – Host knows fh = int Track colors during evaluation

14 ICFP 199914 Syntax fh | int | |... C x | n | x C | (C C) | [H] H x | n | x H | (H H) | [C] Ø | [x: ] | [x: ]

15 ICFP 199915 Client Operational Semantics [ x H] x H x x [n] int n [n] fh

16 ICFP 199916 Host Operational Semantics [ n fh ] int n e e' [e] [e']

17 ICFP 199917 handle int hr(handle) fh char [3] fh

18 ICFP 199918 handle int hr(handle) fh char [3] fh handle fh hr( handle int ) char [3] fh

19 ICFP 199919 handle int hr(handle) fh char [3] fh handle fh hr( handle int ) char [3] fh hr( [3] fh int ) char

20 ICFP 199920 handle int hr(handle) fh char [3] fh handle fh hr( handle int ) char [3] fh hr( [3] fh int ) char hr( 3 ) char

21 ICFP 199921 handle int hr(handle) fh char [3] fh handle fh hr( handle int ) char [3] fh hr( [3] fh int ) char hr( 3 ) char A char

22 ICFP 199922 handle int hr(handle) fh char [3] fh handle fh hr( handle int ) char [3] fh hr( [3] fh int ) char hr( 3 ) char A char A

23 ICFP 199923 Static Semantics C] int / fh C H int / fh H]

24 ICFP 199924 Theorems Soundness proved by standard Subject Reduction and Progress lemmas. Erasure property: Embeddings and colors dont affect evaluation.

25 ICFP 199925 Independence of Evaluation If C is host-free and h fh C is of type fh int then: ( h fh C) [n] fh m iff ( h fh C) [n'] fh m

26 ICFP 199926 File Handles Come From Open Suppose ( open string fh C) is well-typed and C is host-free. If ( open string fh C) [ s string ho(s) ] string fh steps to C' containing [n] fh as a subterm, then n was derived from a sequence of the form: ho ( s ) n

27 ICFP 199927 The General Setting Multiple principals Many abstract types Products, Sums, Recursive Types, and References Proofs follow standard techniques

28 ICFP 199928 Related Work Language Based Security (Smith & Volpano '97, Heintze & Riecke '98, Myers '99) Principals (Nielson & Nielson '92, Leroy & Rouaix '98) Other Parametricity Results (Abadi, Cardelli & Curien '93, Crary '99, Pierce & Sangiorgi '99)

29 ICFP 199929 Summary Principals are a useful conceptual framework. Operational approach to proving type abstraction properties

30 ICFP 199930 Host Operational Semantics [ n fh ] int n [ x C] x int / fh C x x

Download ppt "ICFP 19991 Principals in Programming Languages: A Syntactic Proof Technique Steve Zdancewic Dan Grossman and Greg Morrisett Cornell University."

Similar presentations

Transposing F to C Transposing F to C Andrew Kennedy & Don Syme Microsoft Research Cambridge, U.K.

Transposing F to C Transposing F to C Andrew Kennedy & Don Syme Microsoft Research Cambridge, U.K.
W.Koch: REGNET; 10/19991 Creation of digital goods (domain: Cultural Heritage, including libraries, museums, archives, galleries, etc) with emphasis on.

W.Koch: REGNET; 10/19991 Creation of digital goods (domain: Cultural Heritage, including libraries, museums, archives, galleries, etc) with emphasis on.
MDF99 Vocabulary Chapter HL7 Working Group Meetings April 26, 1999 Toronto, Canada Stan Huff -

MDF99 Vocabulary Chapter HL7 Working Group Meetings April 26, 1999 Toronto, Canada Stan Huff -
Types and Programming Languages Lecture 4 Simon Gay Department of Computing Science University of Glasgow 2006/07.

Types and Programming Languages Lecture 4 Simon Gay Department of Computing Science University of Glasgow 2006/07.
Types and Programming Languages Lecture 7 Simon Gay Department of Computing Science University of Glasgow 2006/07.

Types and Programming Languages Lecture 7 Simon Gay Department of Computing Science University of Glasgow 2006/07.
Substitution & Evaluation Order cos 441 David Walker.

Substitution & Evaluation Order cos 441 David Walker.
Security of Multithreaded Programs by Compilation Tamara Rezk INDES Project, INRIA Sophia Antipolis Mediterranee Joint work with Gilles Barthe, Alejandro.

Security of Multithreaded Programs by Compilation Tamara Rezk INDES Project, INRIA Sophia Antipolis Mediterranee Joint work with Gilles Barthe, Alejandro.
George W. Beeler, Jr. 1/25/19991© 1999, Health Level Seven, Inc. V3 Education: Building.

George W. Beeler, Jr. 1/25/19991© 1999, Health Level Seven, Inc. V3 Education: Building.
Type Systems and Object- Oriented Programming (III) John C. Mitchell Stanford University.

Type Systems and Object- Oriented Programming (III) John C. Mitchell Stanford University.
©William J Ferns, 19991 I. Models for Websites: What’s Involved in Building and Maintaining a Site?

©William J Ferns, I. Models for Websites: What’s Involved in Building and Maintaining a Site?
Bayesian Reconstruction of 3D Human Motion from Single-Camera Video

Bayesian Reconstruction of 3D Human Motion from Single-Camera Video
Type Analysis and Typed Compilation Stephanie Weirich Cornell University.

Type Analysis and Typed Compilation Stephanie Weirich Cornell University.
The Semantic Soundness of a Type System for Interprocedural Register Allocation and Constructor Registration Torben Amtoft Kansas State University joint.

The Semantic Soundness of a Type System for Interprocedural Register Allocation and Constructor Registration Torben Amtoft Kansas State University joint.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.

Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
Pedigree Types Yu David Liu, Johns Hopkins University / SUNY Binghamton Scott F. Smith, Johns Hopkins University July 7, IWACO’08.

Pedigree Types Yu David Liu, Johns Hopkins University / SUNY Binghamton Scott F. Smith, Johns Hopkins University July 7, IWACO’08.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
A URA: A language with authorization and audit Steve Zdancewic University of Pennsylvania HCSS 2008.

A URA: A language with authorization and audit Steve Zdancewic University of Pennsylvania HCSS 2008.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.

Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
CSE341: Programming Languages Lecture 16 Datatype-Style Programming With Lists or Structs Dan Grossman Winter 2013.

CSE341: Programming Languages Lecture 16 Datatype-Style Programming With Lists or Structs Dan Grossman Winter 2013.
CSE341: Programming Languages Lecture 27 Generics vs. Subtyping; Bounded Polymorphism Dan Grossman Fall 2011.

CSE341: Programming Languages Lecture 27 Generics vs. Subtyping; Bounded Polymorphism Dan Grossman Fall 2011.

Similar presentations

Ads by Google