Information and Computation - Semantics of Data Types
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Handbook of logic in computer science (vol. 2)
Authentication in the Taos operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
REFEREE: trust management for Web applications
Selected papers from the sixth international conference on World Wide Web
Cayenne—a language with dependent types
ICFP '98 Proceedings of the third ACM SIGPLAN international conference on Functional programming
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dependent types in practical programming
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Information flow inference for ML
ACM Transactions on Programming Languages and Systems (TOPLAS)
Monads for Functional Programming
Advanced Functional Programming, First International Spring School on Advanced Functional Programming Techniques-Tutorial Text
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An Audit Logic for Accountability
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
A language-based approach to functionally correct imperative programming
Proceedings of the tenth ACM SIGPLAN international conference on Functional programming
Simple unification-based type inference for GADTs
Proceedings of the eleventh ACM SIGPLAN international conference on Functional programming
Polymorphism and separation in hoare type theory
Proceedings of the eleventh ACM SIGPLAN international conference on Functional programming
Access control in a core calculus of dependency
Proceedings of the eleventh ACM SIGPLAN international conference on Functional programming
Secure information flow with random assignment and encryption
Proceedings of the fourth ACM workshop on Formal methods in security
Towards a mechanized metatheory of standard ML
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
System F with type equality coercions
TLDI '07 Proceedings of the 2007 ACM SIGPLAN international workshop on Types in languages design and implementation
Access Control in a Core Calculus of Dependency
Electronic Notes in Theoretical Computer Science (ENTCS)
A Cryptographic Decentralized Label Model
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
A Type Discipline for Authorization in Distributed Systems
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
On the computational soundness of cryptographically masked flows
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An Authorization Logic With Explicit Time
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Fable: A Language for Enforcing User-defined Security Policies
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
A type discipline for authorization policies
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
A type system for computationally secure information flow
FCT'05 Proceedings of the 15th international conference on Fundamentals of Computation Theory
Device-enabled authorization in the grey system
ISC'05 Proceedings of the 8th international conference on Information Security
Encoding information flow in Aura
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Encoding information flow in AURA
ACM SIGPLAN Notices
Distributed programming with distributed authorization
Proceedings of the 5th ACM SIGPLAN workshop on Types in language design and implementation
Type-preserving compilation of end-to-end verification of security enforcement
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Reliable evidence: auditability by typing
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
PCAL: language support for proof-carrying authorization systems
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Security-typed programming within dependently typed programming
Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
Refinement types for secure implementations
ACM Transactions on Programming Languages and Systems (TOPLAS)
A type system for access control views in object-oriented languages
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
AuraConf: a unified approach to authorization and confidentiality
Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
Secure distributed programming with value-dependent types
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Self-certification: bootstrapping certified typecheckers in F* with Coq
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
TLDI '12 Proceedings of the 8th ACM SIGPLAN workshop on Types in language design and implementation
Secure information flow for distributed systems
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Provenance as dependency analysis
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
Privacy-aware proof-carrying authorization
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Enforcing stateful authorization and information flow policies in fine
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
G2C: cryptographic protocols from goal-driven specifications
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
A core calculus for provenance
POST'12 Proceedings of the First international conference on Principles of Security and Trust
DKAL*: constructing executable specifications of authorization protocols
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Dependent Type Theory for Verification of Information Flow and Access Control Policies
ACM Transactions on Programming Languages and Systems (TOPLAS)
A multivalued language with a dependent type system
Proceedings of the 2013 ACM SIGPLAN workshop on Dependently-typed programming
Belief semantics of authorization logic
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Noninterference in a predicative polymorphic calculus for access control
Computer Languages, Systems and Structures
Combining proofs and programs in a dependently typed language
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Stateful authorization logic --Proof theory and a case study
Journal of Computer Security - STM'10
A core calculus for provenance
Journal of Computer Security - Security and Trust Principles
| Hi-index | 0.00 |
This paper presents AURA, a programming language for access control that treats ordinary programming constructs (e.g., integers and recursive functions) and authorization logic constructs (e.g., principals and access control policies) in a uniform way. AURA is based on polymorphic DCC and uses dependent types to permit assertions that refer directly to AURA values while keeping computation out of the assertion level to ensure tractability. The main technical results of this paper include fully mechanically verified proofs of the decidability and soundness for AURA's type system, and a prototype typechecker and interpreter.