Type-based confinement

Confinement properties impose a structure on object graphs which can be used to enforce encapsulation properties. From a practical point of view, encapsulation is essential for building secure object-oriented systems as security requires that the interface between trusted and untrusted components of a system be clearly delineated and restricted to the smallest possible set of operations and data structures. This paper investigates the notion of package-level confinement and proposes a type system that enforces this notion for a call-by-value object calculus as well as a generic extension thereof. We give a proof of soundness of this type system, and establish links between this work and related research in language-based security.

[1]  Dan Grossman,et al.  Syntactic type abstraction , 2000, TOPL.

[2]  Martin C. Rinard,et al.  Ownership types for safe region-based memory management in real-time Java , 2003, PLDI '03.

[3]  James Noble,et al.  Simple Ownership Types for Object Containment , 2001, ECOOP.

[4]  Martin Rinard,et al.  Safejava: a unified type system for safe programming , 2004 .

[5]  Paulo Sérgio Almeida Balloon Types: Controlling Sharing of State in Data Types , 1997, ECOOP.

[6]  Anindya Banerjee,et al.  Representation independence, confinement and access control [extended abstract] , 2002, POPL '02.

[7]  Anindya Banerjee,et al.  Secure information flow and pointer con .nement in a java-like language , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[8]  Alexander Aiken,et al.  A theory of type qualifiers , 1999, PLDI '99.

[9]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[10]  Jacques Mossière,et al.  Hidden software capabilities , 1996, Proceedings of 16th International Conference on Distributed Computing Systems.

[11]  Martin Trapp,et al.  An Approach to Improve Locality Using Sandwich Types , 1998, Types in Compilation.

[12]  Sophia Drossopoulou,et al.  Ownership, encapsulation and the disjointness of type and effect , 2002, OOPSLA '02.

[13]  Dan S. Wallach,et al.  Extensible security architectures for Java , 1997, SOSP.

[14]  John Tang Boyland,et al.  Capabilities for Sharing: A Generalisation of Uniqueness and Read-Only , 2001, ECOOP.

[15]  Henry M. Levy,et al.  Capability-Based Computer Systems , 1984 .

[16]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[17]  Jan Vitek,et al.  Secure composition of untrusted code: box π, wrappers, and causality types , 2003 .

[18]  Peter Müller,et al.  Modular Specification and Verification of Object-Oriented Programs , 2002, Lecture Notes in Computer Science.

[19]  Jens Palsberg,et al.  Lightweight confinement for featherweight java , 2003, OOPSLA 2003.

[20]  David Gerard Clarke,et al.  Object ownership and containment , 2003 .

[21]  James Noble,et al.  Checking ownership and confinement , 2004, Concurr. Pract. Exp..

[22]  Arnd Poetzsch-Heffter,et al.  Modular specification and verification techniques for object-oriented software components , 2000 .

[23]  Craig Chambers,et al.  Alias annotations for program understanding , 2002, OOPSLA '02.

[24]  Richard C. Holt,et al.  The Geneva convention on the treatment of object aliasing , 1992, OOPS.

[25]  Philip Wadler,et al.  Featherweight Java: a minimal core calculus for Java and GJ , 2001, TOPL.

[26]  Martin C. Rinard,et al.  A parameterized type system for race-free Java programs , 2001, OOPSLA '01.

[27]  Jan Vitek,et al.  Flexible Alias Protection , 1998, ECOOP.

[28]  Jan Vitek,et al.  The JavaSeal Mobile Agent Kernel , 2004, Autonomous Agents and Multi-Agent Systems.

[29]  Stuart Kent,et al.  Encapsulation and Aggregation , 1995 .

[30]  Liuba Shrira,et al.  Lazy modular upgrades in persistent object stores , 2003, OOPSLA.

[31]  James Noble,et al.  Saving the world from bad beans: deployment-time confinement checking , 2003, OOPSLA '03.

[32]  Jens Palsberg,et al.  Encapsulating objects with confined types , 2001, TOPL.

[33]  Peter M Uller,et al.  Universes: a type system for controlling representation exposure , 1999 .

[34]  Liuba Shrira,et al.  Ownership types for object encapsulation , 2003, POPL '03.

[35]  John Hogg,et al.  Islands: aliasing protection in object-oriented languages , 1991, OOPSLA '91.

[36]  Martín Abadi,et al.  A Theory of Objects , 1996, Monographs in Computer Science.

[37]  Jeffrey S. Foster,et al.  Type qualifiers: lightweight specifications to improve software quality , 2002 .

[38]  Xavier Leroy,et al.  Security properties of typed applets , 1998, POPL '98.

[39]  James Noble,et al.  Featherweight generic confinement , 2006, Journal of Functional Programming.

[40]  Martin C. Rinard,et al.  ACM Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), November 2002 Ownership Types for Safe Programming: Preventing Data Races and Deadlocks , 2022 .

[41]  Jan Vitek,et al.  Confined types in Java , 2001, Softw. Pract. Exp..

[42]  Greg Nelson,et al.  Wrestling with rep exposure , 1998 .

[43]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.