Kit: A Study in Operating System Verification
IEEE Transactions on Software Engineering
Computational lambda-calculus and monads
Proceedings of the Fourth Annual Symposium on Logic in computer science
Category theory for computing science
Category theory for computing science
Notions of computation and monads
Information and Computation
The temporal logic of reactive and concurrent systems
The temporal logic of reactive and concurrent systems
Semantics of programming languages: structures and techniques
Semantics of programming languages: structures and techniques
The essence of functional programming
POPL '92 Proceedings of the 19th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Monad transformers and modular interpreters
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Semantic Lego
An Industrial Strength Theorem Prover for a Logic Based on Common Lisp
IEEE Transactions on Software Engineering
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
A semantic approach to secure information flow
Science of Computer Programming - Special issue on mathematics of program construction
Information flow inference for free
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
Specification and verification of the UCLA Unix security kernel
Communications of the ACM
Certification of programs for secure information flow
Communications of the ACM
A note on the confinement problem
Communications of the ACM
Information flow inference for ML
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The Craft of Programming
Denotational Semantics: The Scott-Strachey Approach to Programming Language Theory
Denotational Semantics: The Scott-Strachey Approach to Programming Language Theory
The Definition of Standard ML
The Theory and Practice of Concurrency
The Theory and Practice of Concurrency
Introduction to Functional Programming
Introduction to Functional Programming
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Proof of separability: A verification technique for a class of a security kernels
Proceedings of the 5th Colloquium on International Symposium on Programming
Monads for Functional Programming
Advanced Functional Programming, First International Spring School on Advanced Functional Programming Techniques-Tutorial Text
Metacomputation-Based Compiler Architecture
MPC '00 Proceedings of the 5th International Conference on Mathematics of Program Construction
PVS: A Prototype Verification System
CADE-11 Proceedings of the 11th International Conference on Automated Deduction: Automated Deduction
Formal Construction of the Mathematically Analyzed Separation Kernel
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
Design and verification of secure systems
SOSP '81 Proceedings of the eighth ACM symposium on Operating systems principles
A New Type System for Secure Information Flow
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A general theory of security properties
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Modular monadic semantics and compilation
Modular monadic semantics and compilation
Modular compilers and their correctness proofs
Modular compilers and their correctness proofs
Abstract non-interference: parameterizing non-interference by abstract interpretation
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Separation and information hiding
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A poor man's concurrency monad
Journal of Functional Programming
Journal of Functional Programming
Translating dependency into parametricity
Proceedings of the ninth ACM SIGPLAN international conference on Functional programming
Downgrading policies and relaxed noninterference
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A monadic analysis of information flow security with mutable state
Journal of Functional Programming
A principled approach to operating system construction in Haskell
Proceedings of the tenth ACM SIGPLAN international conference on Functional programming
Proceedings of the 13th ACM conference on Computer and communications security
Proof Methods for Corecursive Programs
Fundamenta Informaticae - Program Transformation: Theoretical Foundations and Basic Techniques. Part 1
Isabelle/HOL: a proof assistant for higher-order logic
Isabelle/HOL: a proof assistant for higher-order logic
Adjoining declassification and attack models by abstract interpretation
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Axiomatic constructor classes in Isabelle/HOLCF
TPHOLs'05 Proceedings of the 18th international conference on Theorem Proving in Higher Order Logics
AMAST'06 Proceedings of the 11th international conference on Algebraic Methodology and Software Technology
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
The SwitchWare active network architecture
IEEE Network: The Magazine of Global Internetworking
Asynchronous Exceptions as an Effect
MPC '08 Proceedings of the 9th international conference on Mathematics of Program Construction
DSL '09 Proceedings of the IFIP TC 2 Working Conference on Domain-Specific Languages
A coinductive calculus for asynchronous side-effecting processes
FCT'11 Proceedings of the 18th international conference on Fundamentals of computation theory
The confinement problem in the presence of faults
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
A coinductive calculus for asynchronous side-effecting processes
Information and Computation
| Hi-index | 0.00 |
This paper advocates a novel approach to the construction of secure software: controlling information flow and maintaining integrity via monadic encapsulation of effects. This approach is constructive, relying on properties of monads and monad transformers to build, verify, and extend secure software systems. We illustrate this approach by construction of abstract operating systems called separation kernels. Starting from a mathematical model of shared-state concurrency based on monads of resumptions and state, we outline the development by stepwise refinements of separation kernels supporting Unix-like system calls, interdomain communication, and a formally verified security policy (domain separation). Because monads may be easily and safely represented within any pure, higher-order, typed functional language, the resulting system models may be directly realized within a language such as Haskell.