Constraining application behaviour by generating languages

Writing a platform for reactive applications which enforces operational constraints is difficult, and has been approached in various ways. In this experience report, we detail an approach using an embedded DSL which can be used to specify the structure and permissions of a program in a given application domain. Once the developer has specified which components an application will consist of, and which permissions each one needs, the specification itself evaluates to a new, tailored, language. The final implementation of the application is then written in this specialised environment where precisely the API calls associated with the permissions which have been granted, are made available. Our prototype platform targets the domain of mobile computing, and is implemented using Racket. It demonstrates resource access control (e.g., camera, address book, etc.) and tries to prevent leaking of private data. Racket is shown to be an extremely effective platform for designing new programming languages and their run-time libraries. We demonstrate that this approach allows reuse of an inter-component communication layer, is convenient for the application developer because it provides high-level building blocks to structure the application, and provides increased control to the platform owner, preventing certain classes of errors by the developer.

[1]  Damien Cassou,et al.  Toward a Tool-Based Development Methodology for Pervasive Computing Applications , 2012, IEEE Transactions on Software Engineering.

[2]  Jeff LaMarche,et al.  Beginning iPhone Development: Exploring the iPhone SDK , 2008 .

[3]  Artem Starostin,et al.  A framework for static detection of privacy leaks in android applications , 2012, SAC '12.

[4]  Michalis Faloutsos,et al.  Permission evolution in the Android ecosystem , 2012, ACSAC '12.

[5]  Matthew Flatt Submodules in racket: you want it when, again? , 2013, GPCE.

[6]  Rick Rogers,et al.  Android Application Development - Programming with the Google SDK , 2009 .

[7]  Jesse Feiler How to Do Everything: Facebook Applications , 2008 .

[8]  Hao Chen,et al.  Investigating User Privacy in Android Ad Libraries , 2012 .

[9]  Nikolai Tillmann,et al.  User-aware privacy control via extended static-information-flow analysis , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[10]  Matthias Felleisen,et al.  Correct blame for contracts: no more scapegoating , 2011, POPL '11.

[11]  Matthias Felleisen,et al.  DrScheme: a programming environment for Scheme , 2002, J. Funct. Program..

[12]  Michael Snoyman Developing Web Applications with Haskell and Yesod - Safety-Driven Web Development , 2012 .

[13]  Sam Tobin-Hochstadt,et al.  Advanced Macrology and the Implementation of Typed Scheme , 2007 .

[14]  Aruna Raja,et al.  Domain Specific Languages , 2010 .

[15]  Hao Chen,et al.  AndroidLeaks: Detecting Privacy Leaks In Android Applications. , 2011 .

[16]  Damien Cassou,et al.  Leveraging software architectures to guide and verify the development of sense/compute/control applications , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[17]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.

[18]  Richard N. Taylor,et al.  Software architecture: foundations, theory, and practice , 2009, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[19]  Xuxian Jiang,et al.  A Static Assurance Analysis of Android Applications , 2013 .

[20]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[21]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[22]  R. Nigel Horspool,et al.  TouchDevelop: Programming on the Go , 2013, Apress.

[23]  Robert Bruce Findler,et al.  Macros that Work Together - Compile-time bindings, partial expansion, and definition contexts , 2012, J. Funct. Program..

[24]  Sam Tobin-Hochstadt,et al.  Languages as libraries , 2011, PLDI '11.