History Effects and Verification

Skalka, Christian; Smith, Scott F.

doi:10.1007/978-3-540-30477-7_8

Cited by 58 publications

(95 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Skalka and Wang [39] introduced a trust but verify framework which is an access control system for web services, but they do not provide temporal reasoning for the verification of policies. By recording the sequence of program events in temporal order, Skalka and Smith [40] are able to verify the policies such as whether the events were happened in a reasonable order, but the mechanism does not support decoupling the model and the implementation. Other approaches [41,42] either do not have a formal model supporting them or are tightly coupled with implementations.…”

Section: Related Workmentioning

confidence: 99%

Tisa: A Language Design and Modular Verification Technique for Temporal Policies in Web Services

Rajan

Tao

Shaner

et al. 2009

Programming Languages and Systems

View full text Add to dashboard Cite

Abstract. Web services are distributed software components, that are decoupled from each other using interfaces with specified functional behaviors. However, such behavioral specifications are insufficient to demonstrate compliance with certain temporal non-functional policies. An example is demonstrating that a patient's health-related query sent to a health care service is answered only by a doctor (and not by a secretary). Demonstrating compliance with such policies is important for satisfying governmental privacy regulations. It is often necessary to expose the internals of the web service implementation for demonstrating such compliance, which may compromise modularity. In this work, we provide a language design that enables such demonstrations, while hiding majority of the service's source code. The key idea is to use greybox specifications to allow service providers to selectively hide and expose parts of their implementation. The overall problem of showing compliance is then reduced to two subproblems: whether the desired properties are satisfied by the service's greybox specification, and whether this greybox specification is satisfied by the service's implementation. We specify policies using LTL and solve the first problem by model checking. We solve the second problem by refinement techniques.

show abstract

Section: Related Workmentioning

confidence: 99%

Tisa: A Language Design and Modular Verification Technique for Temporal Policies in Web Services

Rajan

Tao

Shaner

et al. 2009

Programming Languages and Systems

View full text Add to dashboard Cite

show abstract

“…Resource usage analysis and similar analyses have recently been studied extensively, and a variety of methods from type systems to model checking have been proposed [5,6,7,11,1,17,24]. However, only a few of them deal with concurrent languages.…”

Section: Related Workmentioning

confidence: 99%

Resource Usage Analysis for the Pi-Calculus

Kobayashi¹,

Suenaga²,

Wischik³

2006

Logical Methods in Computer Science

View full text Add to dashboard Cite

Abstract. We propose a type-based resource usage analysis for the π-calculus extended with resource creation/access primitives. The goal of the resource usage analysis is to statically check that a program accesses resources such as files and memory in a valid manner. Our type system is an extension of previous behavioral type systems for the π-calculus. It can guarantee the safety property that no invalid access is performed, as well as the property that necessary accesses (such as the close operation for a file) are eventually performed unless the program diverges. A sound type inference algorithm for the type system is also developed to free the programmer from the burden of writing complex type annotations. Based on our algorithm, we have implemented a prototype resource usage analyzer for the π-calculus. To the authors' knowledge, this is the first type-based resource usage analysis that deals with an expressive concurrent language like the π-calculus.

show abstract

“…In addition to narrowly focused systems for verification of specific properties such as memory safety or stack inspection security, recent research has explored security paradigms for enforcing general classes of properties. One such paradigm comprises the class of properties of program event traces that can be expressed in temporal logics [35,32,23,5,20]. This paper establishes a foundation for automated verification of higher order programs in this paradigm, using type and effect analysis.…”

Section: Introductionmentioning

confidence: 99%

“…In [4], an analysis adapted from the one presented in this paper is used to enforce secure service composition. The history-based access control model of [1] can be implemented with event traces and checks [35], as can be the policies realizable in that model, e.g. sophisticated Chinese Wall policies [1].…”

Section: Introductionmentioning

confidence: 99%

“…sophisticated Chinese Wall policies [1]. Stack-based security policies are also amenable to this form of analysis, as shown in [35,36] and this paper. In short, the combination of a primitive notion of program events with a temporal program logic for asserting properties of event traces yields a powerful and general tool for enforcing program properties.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Types and trace effects of higher order programs

2007

Self Cite

View full text Add to dashboard Cite

Abstract. This paper shows how type effect systems can be combined with model-checking techniques to produce powerful, automatically verifiable program logics for higher order programs. The properties verified are based on the ordered sequence of events that occur during program execution, so called event traces. Our type and effect systems infer conservative approximations of the event traces arising at run-time, and model-checking techniques are used to verify logical properties of these histories. Our language model is based on the λ-calculus. Technical results include a type inference algorithm for a polymorphic type effect system, and a method for applying known model-checking techniques to the trace effects inferred by the type inference algorithm, allowing static enforcement of history-and stack-based security mechanisms. A type safety result is proven for both unification and subtyping constraint versions of the type system, ensuring that statically well-typed programs do not contain trace event checks that can fail at run-time.

show abstract

History Effects and Verification

Cited by 58 publications

References 32 publications

Tisa: A Language Design and Modular Verification Technique for Temporal Policies in Web Services

Tisa: A Language Design and Modular Verification Technique for Temporal Policies in Web Services

Resource Usage Analysis for the Pi-Calculus

Types and trace effects of higher order programs

Contact Info

Product

Resources

About