Security type error diagnosis for higher-order, polymorphic languages

We combine the type error slicing and heuristics based approaches to type error diagnostic improvement within the context of type based security analysis on a let-polymorphic call by value lambda calculus extended with lists, pairs and the security specific constructs declassify and protect. We define and motivate four classes of heuristics that help diagnose inconsistencies among the constraints, and show their effect on a selection of security incorrect programs.

[1]  Jurriaan Hage,et al.  Improving type error messages for generic Java , 2011, High. Order Symb. Comput..

[2]  Dan Grossman,et al.  Searching for type-error messages , 2007, PLDI '07.

[3]  Geoffrey Smith,et al.  Type inference and informative error reporting for secure information flow , 2006, ACM-SE 44.

[4]  Jurriaan Hage,et al.  Strategies for Solving Constraints in Type and Effect Systems , 2009, Electron. Notes Theor. Comput. Sci..

[5]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[6]  Koen Claessen,et al.  A library for light-weight information-flow security in haskell , 2008, Haskell '08.

[7]  Martín Abadi Access Control in a Core Calculus of Dependency , 2007, Electron. Notes Theor. Comput. Sci..

[8]  David A. Wagner,et al.  Finding User/Kernel Pointer Bugs with Type Inference , 2004, USENIX Security Symposium.

[9]  Bastiaan Heeren,et al.  Top quality type error Messages , 2005 .

[10]  Jurriaan Hage,et al.  A generic usage analysis with subeffect qualifiers , 2007, ICFP '07.

[11]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[12]  Somesh Jha,et al.  Effective blame for information-flow violations , 2008, SIGSOFT '08/FSE-16.

[13]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[14]  Access control in a core calculus of dependency , 2006, ICFP '06.

[15]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[16]  Mark P. Jones Qualified Types: Theory and Practice , 1994 .

[17]  Jurriaan Hage,et al.  Improving type error messages for generic java , 2009, PEPM '09.

[18]  Peter J. Stuckey,et al.  Interactive type debugging in Haskell , 2003, Haskell '03.

[19]  Christian Haack,et al.  Type error slicing in implicitly typed higher-order languages , 2004, Sci. Comput. Program..

[20]  Gregory F. Johnson,et al.  A maximum-flow approach to anomaly isolation in unification-based incremental type inference , 1986, POPL '86.

[21]  Jurriaan Hage,et al.  Corrective hints for type incorrect generic Java programs , 2010, PEPM '10.

[22]  David K. Gifford,et al.  Polymorphic effect systems , 1988, POPL '88.

[23]  Jurriaan Hage,et al.  Security type error diagnosis for higher-order, polymorphic languages , 2014, Sci. Comput. Program..

[24]  Christian Haack,et al.  Type error slicing in implicitly typed higher-order languages , 2003, Sci. Comput. Program..

[25]  J. Ferrante,et al.  Proceedings of the 15th ACM SIGPLAN-SIGACT symposium on Principles of programming languages , 1988 .

[26]  Robin Milner,et al.  Principal type-schemes for functional programs , 1982, POPL '82.

[27]  Jurriaan Hage,et al.  Scripting the type inference process , 2003, ICFP '03.

[28]  Fairouz Kamareddine,et al.  A constraint system for a SML type error slicer , 2010 .

[29]  Brian A. Davey,et al.  An Introduction to Lattices and Order , 1989 .

[30]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[31]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[32]  Jurriaan Hage,et al.  Heuristics for Type Error Discovery and Recovery , 2006, IFL.