A URA : Preliminary Technical Results University of Pennsylvania Technical Report MS-CIS-0810 April 17 , 2008

This paper presents A URA, a programming language for access control that treats ordinary programming constructs (e.g. , integers and recursive functions) and authorization logic construc ts (e.g., principals and access control policies) in a uniform way. A UR is based on polymorphic DCC and uses dependent types to permit assertions that refer directly to A URA values while keeping computation out of the assertion level to ensure tractability. The main technical results of this paper include fully mechanically verified proofs of the decidability and soundness for A URA’s type system, and a prototype typechecker and interpreter.

[1]  Philip Wadler,et al.  Well-Typed Programs Can't Be Blamed , 2009, ESOP.

[2]  Frank Pfenning,et al.  An Authorization Logic With Explicit Time , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[3]  Michael Hicks,et al.  Fable: A Language for Enforcing User-defined Security Policies , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[4]  Arthur Charguéraud,et al.  Engineering formal metatheory , 2008, POPL '08.

[5]  Peeter Laud,et al.  On the computational soundness of cryptographically masked flows , 2008, POPL '08.

[6]  Andrew D. Gordon,et al.  A type discipline for authorization policies , 2005, TOPL.

[7]  Andrew D. Gordon,et al.  A Type Discipline for Authorization in Distributed Systems , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[8]  Steve Zdancewic,et al.  A Cryptographic Decentralized Label Model , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[9]  Karl Crary,et al.  Towards a mechanized metatheory of standard ML , 2007, POPL '07.

[10]  Simon L. Peyton Jones,et al.  System F with type equality coercions , 2007, TLDI '07.

[11]  U. Norell,et al.  Towards a practical programming language based on dependent type theory , 2007 .

[12]  Geoffrey Smith,et al.  Secure information flow with random assignment and encryption , 2006, FMSE '06.

[13]  Simon L. Peyton Jones,et al.  Simple unification-based type inference for GADTs , 2006, ICFP '06.

[14]  Access control in a core calculus of dependency , 2006, ICFP '06.

[15]  Lars Birkedal,et al.  Polymorphism and separation in hoare type theory , 2006, ICFP '06.

[16]  Aaron Stump,et al.  A language-based approach to functionally correct imperative programming , 2005, ICFP '05.

[17]  Lujo Bauer,et al.  Device-Enabled Authorization in the Grey System ¶ , 2006 .

[18]  Varmo Vene,et al.  A Type System for Computationally Secure Information Flow , 2005, FCT.

[19]  S. Etalle,et al.  An audit logic for accountability , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[20]  Jan Vitek,et al.  Type-based distributed access control , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[21]  Martín Abadi,et al.  Logic in access control , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[22]  Hongwei Xi,et al.  Applied Type System: Extended Abstract , 2003, TYPES.

[23]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[24]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[25]  Don Syme ILX: Extending the .NET Common IL for Functional Language Interoperability , 2001, Electron. Notes Theor. Comput. Sci..

[26]  Peter Hancock,et al.  Interactive Programs in Dependent Type Theory , 2000, CSL.

[27]  Christine Paulin-Mohring,et al.  The coq proof assistant reference manual , 2000 .

[28]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[29]  Andrew C. Myers,et al.  Jif: java information flow , 1999 .

[30]  Frank Pfenning,et al.  Dependent types in practical programming , 1999, POPL '99.

[31]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[32]  Lennart Augustsson,et al.  Cayenne—a language with dependent types , 1998, ICFP '98.

[33]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[34]  Joan Feigenbaum,et al.  REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[35]  Simon Peyton-Jones,et al.  Henk: A Typed Intermediate Language , 1997 .

[36]  William C. Frederick,et al.  A Combinatory Logic , 1995 .

[37]  Martín Abadi,et al.  Authentication in the Taos operating system , 1994, TOCS.

[38]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[39]  Butler W. Lampson,et al.  A Calculus for Access Control in Distributed , 1993 .

[40]  Philip Wadler,et al.  Monads for functional programming , 1995, NATO ASI PDC.

[41]  Thierry Coquand,et al.  The Calculus of Constructions , 1988, Inf. Comput..

[42]  William A. Howard,et al.  The formulae-as-types notion of construction , 1969 .