A number of security systems for programming languages have recently appeared, including systems for enforcing some form of access control . The Java JDK 1.2 security architecture is one such system that is widely studied and used. While the architecture has many appealing features, access control checks are all implemented via dynamic method calls. This is a highly non-declarative form of specification which is hard to read, and which leads to additional run-time overhead. In this paper, we present a novel security type system that enforces the same security guarantees as Java Stack Inspection, but via a static type system with no additional run-time checks. The system allows security properties of programs to be clearly expressed within the types themselves. We also define and prove correct an inference algorithm for security types, meaning that the system has the potential to be layered on top of the existing Java architecture, without requiring new syntax.
A polymorphic, constraint-based type inference algorithm for an object-oriented language is defined. A generalized form of type, polymorphic recursively constrained types, are inferred. These types are expressive enough for typing objects, since they generalize recursive types and F-bounded polymorphism. The well-known tradeoff between inheritance and subtyping is mitigated by the type inference mechanism. Soundness and completeness of type inference are established.
Important strides toward developing expressive yet semantically sound type systems for object-oriented programming languages have recently been made by Cook, Bruce, Mitchell, and others. This paper focusses on how the theoretical work using F-bounded quantification may be brought more into the realm of actual language implementations while preserving rigorous soundness properties. We simultaneously address three of the more significant problems: adding a notion of global state, proving type-checking is decidable, and integrating the more widely implemented view that subclasses correspond to subtypes with the F-bounded view.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.