ACM Computing Surveys (CSUR)
A model for verification of data security in operating systems
Communications of the ACM
Communications of the ACM
Reflections on an operating system design
Communications of the ACM
Communications of the ACM
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
Programming semantics for multiprogrammed computations
Communications of the ACM
Gypsy: A language for specification and implementation of verifiable programs
Proceedings of an ACM conference on Language design for reliable software
Protection in programmed systems.
Protection in programmed systems.
Subtypes vs. where clauses: constraining parametric polymorphism
Proceedings of the tenth annual conference on Object-oriented programming systems, languages, and applications
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Protection in programming-language translations
Secure Internet programming
A view-based access control model for CORBA
Secure Internet programming
Bracket capabilities for distributed systems security
ACSC '02 Proceedings of the twenty-fifth Australasian conference on Computer science - Volume 4
Opsis: a distributed object architecture based on bracket capabilities
CRPIT '02 Proceedings of the Fortieth International Conference on Tools Pacific: Objects for internet, mobile and embedded applications
Principles of proving concurrent programs in Gypsy
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Manageable access control for CORBA
Journal of Computer Security - Special issue on ESORICS 2000
A Report On The Development Of Gypsy
ACM '78 Proceedings of the 1978 annual conference
Data abstraction from a programming language viewpoint
Proceedings of the 1980 workshop on Data abstraction, databases and conceptual modeling
Logical Structure Specification and data type definition
ACM '79 Proceedings of the 1979 annual conference
Flexible enterprise access control with object-oriented view specification
ACSW Frontiers '03 Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Volume 21
An extension to the language-based access-control mechanism of Jones and Liskov
ACM SIGPLAN Notices
Ada packages and distributed systems
ACM SIGPLAN Notices
A case study in access control requirements for a Health Information System
ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
A type discipline for authorization policies
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special Issue ESOP'05
Programming languages and databases
VLDB '78 Proceedings of the fourth international conference on Very Large Data Bases - Volume 4
Context-aware role-based access control in pervasive computing systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Masked types for sound object initialization
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A Generative Programming Framework for Context-Aware CSCW Applications
ACM Transactions on Software Engineering and Methodology (TOSEM)
Discretionary capability confinement
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Language extensions for specifying program access control policies in programming languages
Journal of Systems and Software
| Hi-index | 48.22 |
Controlled sharing of information is needed and desirable for many applications and is supported in operating systems by access control mechanisms. This paper shows how to extend programming languages to provide controlled sharing. The extension permits expression of access constraints on shared data. Access constraints can apply both to simple objects, and to objects that are components of larger objects, such as bank account records in a bank's data base. The constraints are stated declaratively, and can be enforced by static checking similar to type checking. The approach can be used to extend any strongly-typed language, but is particularly suitable for extending languages that support the notion of abstract data types.