research-article

Security type error diagnosis for higher-order, polymorphic languages

Authors:

Jeroen Weijers,

Stefan HoldermansAuthors Info & Claims

PEPM '13: Proceedings of the ACM SIGPLAN 2013 workshop on Partial evaluation and program manipulation

Pages 3 - 12

https://doi.org/10.1145/2426890.2426894

Published: 21 January 2013 Publication History

Abstract

We combine the type error slicing and heuristics based approaches to type error diagnostic improvement within the context of type based security analysis on a let-polymorphic call by value lambda calculus extended with lists, pairs and the security specific constructs declassify and protect. We define and motivate four classes of heuristics that help diagnose inconsistencies among the constraints, and show their effect on a selection of security incorrect programs.

References

[1]

M. Abadi, A. Banerjee, N. Heintze, and J. G. Riecke. A core calculus of dependency. In POPL'99: Proceedings of the 26th ACM SIGPLANSIGACT symposium on Principles of programming languages, pages 147--160, New York, NY, USA, 1999. ACM.

Digital Library

[2]

L. Damas and R. Milner. Principal type-schemes for functional programs. In POPL'82: Proceedings of the 9th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 207--212, New York, NY, USA, 1982. ACM.

Digital Library

[3]

B. A. Davey and H. A. Priestley. Introduction to lattices and order. Cambridge University Press, 1990.

[4]

Z. Deng and G. Smith. Type inference and informative error reporting for secure information flow. In Proceedings of the 44th annual Southeast regional conference, ACM-SE 44, pages 543--548, New York, NY, USA, 2006. ACM.

Digital Library

[5]

N. el Boustani and J. Hage. Corrective hints for type incorrect Generic Java programs. In J. Gallagher and J. Voigtlander, editors, Proceedings of the ACM SIGPLAN 2010 Workshop on Partial Evaluation and Program Manipulation (PEPM'10), pages 5--14. ACM Press, 2010.

Digital Library

[6]

N. el Boustani and J. Hage. Improving type error messages for generic java. Higher-Order and Symbolic Computation, 24(1):3--39, 2012. 10.1007/s10990-011-9070-3.

Digital Library

[7]

C. Haack and J. B.Wells. Type error slicing in implicitly typed higherorder languages. Sci. Comput. Program., 50(1-3):189--224, 2004.

Digital Library

[8]

J. Hage and B. Heeren. Heuristics for type error discovery and recovery. In Z. Horvath, V. Zsok, and A. Butterfield, editors, Implementation of Functional Languages -- IFL 2006, volume 4449, pages 199--216, Heidelberg, 2007. Springer Verlag.

Digital Library

[9]

B. Heeren, J. Hage, and S. D. Swierstra. Scripting the type inference process. In Eighth ACM Sigplan International Conference on Functional Programming, pages 3--13. ACM Press, 2003.

Digital Library

[10]

B. J. Heeren. Top quality type error messages (phd), September 2005.

[11]

N. Heintze and J. G. Riecke. The slam calculus: programming with secrecy and integrity. In POPL'98: Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 365--377, New York, NY, USA, 1998. ACM.

Digital Library

[12]

G. F. Johnson and J. A. Walz. A maximum-flow approach to anomaly isolation in unification-based incremental type inference. In POPL'86: Proceedings of the 13th ACM symposium on Principles of programming languages, pages 44--57, New York, 1986. ACM.

Digital Library

[13]

R. Johnson and D.Wagner. Finding user/kernel pointer bugs with type inference. In Proceedings of the 13th conference on USENIX Security Symposium-Volume 13, pages 9--9, 2004.

Digital Library

[14]

M. P. Jones. Qualified types: theory and practice. Cambridge University Press, New York, NY, USA, 1994.

Digital Library

[15]

Dave King, Trent Jaeger, Somesh Jha, and Sanjit A. Seshia. Effective blame for information-flow violations. In Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering, SIGSOFT'08/FSE-16, pages 250--260, New York, NY, USA, 2008. ACM.

Digital Library

[16]

B.S. Lerner, M. Flower, D. Grossman, and C. Chambers. Searching for type-error messages. In ACM SIGPLAN Notices, volume 42, pages 425--434. ACM, 2007.

Digital Library

[17]

J. M. Lucassen and D. K. Gifford. Polymorphic effect systems. In POPL '88: Proceedings of the 15th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 47--57, New York, NY, USA, 1988. ACM.

Digital Library

[18]

F. Nielson, H. R. Nielson, and C. Hankin. Principles of Program Analysis. Springer-Verlag, Berlin, 1999.

Digital Library

[19]

F. Pottier and V. Simonet. Information flow inference for ML. ACM Trans. Program. Lang. Syst., 25(1):117--158, 2003.

Digital Library

[20]

V. Rahli, J. B. Wells, and F. Kamareddine. A constraint system for a SML type error slicer. Technical ReportHW-MACS-TR-0079, Herriot Watt University, Edinburgh, Scotland, Aug 2010.

[21]

A. Russo, K. Claessen, and J. Hughes. A library for light-weight information-flow security in Haskell. In Haskell'08: Proceedings of the first ACM SIGPLAN symposium on Haskell, pages 13--24, New York, NY, USA, 2008. ACM.

Digital Library

[22]

A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21:2003, 2003.

Digital Library

[23]

P. J. Stuckey, M. Sulzmann, and J. Wazny. Interactive type debugging in haskell. In Proceedings of the 2003 ACM SIGPLAN workshop on Haskell, pages 72--83, New York, NY, USA, 2003. ACM.

Digital Library

[24]

D. Volpano, C. Irvine, and G. Smith. A sound type system for secure flow analysis. J. Comput. Secur., 4(2-3):167--187, 1996.

Digital Library

[25]

J. Weijers. Feedback-oriented security analysis (msc thesis), 2010. http://www.cs.uu.nl/people/jur/jweijers-msc.pdf.

Cited By

Zhang DMyers AVytiniotis DPeyton-Jones S(2017)SHErrLocACM Transactions on Programming Languages and Systems10.1145/312113739:4(1-47)Online publication date: 17-Aug-2017
https://dl.acm.org/doi/10.1145/3121137
Rahli VWells JPirie JKamareddine F(2017)SkalpelJournal of Symbolic Computation10.1016/j.jsc.2016.07.01380:P1(164-208)Online publication date: 1-May-2017
https://dl.acm.org/doi/10.1016/j.jsc.2016.07.013
Zhang DMyers A(2014)Toward general diagnosis of static errorsACM SIGPLAN Notices10.1145/2578855.253587049:1(569-581)Online publication date: 8-Jan-2014
https://dl.acm.org/doi/10.1145/2578855.2535870
Show More Cited By

Index Terms

Security type error diagnosis for higher-order, polymorphic languages
1. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language features
        Polymorphism
2. Theory of computation
  1. Semantics and reasoning

Recommendations

Security type error diagnosis for higher-order, polymorphic languages

We combine the type error slicing and heuristics based approaches to type error diagnostic improvement within the context of type based security analysis on a let-polymorphic call by value lambda calculus extended with lists, pairs and the security ...
Polyvariant flow analysis with higher-ranked polymorphic types and higher-order effect operators
ICFP '10

We present a type and effect system for flow analysis that makes essential use of higher-ranked polymorphism. We show that, for higher-order functions, the expressiveness of higher-ranked types enables us to improve on the precision of conventional let-...
Polyvariant flow analysis with higher-ranked polymorphic types and higher-order effect operators
ICFP '10: Proceedings of the 15th ACM SIGPLAN international conference on Functional programming

We present a type and effect system for flow analysis that makes essential use of higher-ranked polymorphism. We show that, for higher-order functions, the expressiveness of higher-ranked types enables us to improve on the precision of conventional let-...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PEPM '13: Proceedings of the ACM SIGPLAN 2013 workshop on Partial evaluation and program manipulation

January 2013

162 pages

ISBN:9781450318426

DOI:10.1145/2426890

Program Chairs:
Elvira Albert
Complutense University of Madrid, Spain
,
Shin-Cheng Mu
Academia Sinica, Taiwan

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

In-Cooperation

SIGACT: ACM Special Interest Group on Algorithms and Computation Theory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 January 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

POPL '13

Sponsor:

SIGPLAN

POPL '13: The 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

January 21, 2013

Rome, Italy

Acceptance Rates

PEPM '13 Paper Acceptance Rate 13 of 29 submissions, 45%;

Overall Acceptance Rate 66 of 120 submissions, 55%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
115
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhang DMyers AVytiniotis DPeyton-Jones S(2017)SHErrLocACM Transactions on Programming Languages and Systems10.1145/312113739:4(1-47)Online publication date: 17-Aug-2017
https://dl.acm.org/doi/10.1145/3121137
Rahli VWells JPirie JKamareddine F(2017)SkalpelJournal of Symbolic Computation10.1016/j.jsc.2016.07.01380:P1(164-208)Online publication date: 1-May-2017
https://dl.acm.org/doi/10.1016/j.jsc.2016.07.013
Zhang DMyers A(2014)Toward general diagnosis of static errorsACM SIGPLAN Notices10.1145/2578855.253587049:1(569-581)Online publication date: 8-Jan-2014
https://dl.acm.org/doi/10.1145/2578855.2535870
Zhang DMyers AJagannathan SSewell P(2014)Toward general diagnosis of static errorsProceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages10.1145/2535838.2535870(569-581)Online publication date: 11-Jan-2014
https://dl.acm.org/doi/10.1145/2535838.2535870

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten