Security Checking

We propose a type-based method based on overloading resolution to enforce security policies specified by finite state automatons. The novelty of our approach lies in viewing the transition function of a finite state automaton as an overloaded function. Given a program instrumented with run-time security checks, overloading resolution allows us to remove unnecessary run-time checks and to detect violations of the security policy. As a side product, we exhibit some interesting connections between overloading resolution and type specialization a la Hughes. Our security policy system is an instance of a generic type system framework based on Constraint Handling Rules (CHRs). CHRs provide us with great flexibility in modelling various security policies which go beyond properties expressible by finite-state automatons.

Available are


Martin Sulzmann
Last modified: Fri Aug 23 11:35:49 GMT-8 2002