Security Checking
We propose a type-based method based on overloading resolution to enforce security policies
specified by finite state automatons.
The novelty of our approach lies in viewing the transition function
of a finite state automaton as an overloaded function.
Given a program instrumented with run-time security checks,
overloading resolution allows us to remove unnecessary run-time
checks and to detect violations of the security policy.
As a side product, we exhibit some interesting connections between overloading resolution
and type specialization a la Hughes.
Our security policy system is an instance of a generic type system framework based on
Constraint Handling Rules (CHRs). CHRs provide us with great flexibility in modelling
various security policies which go beyond properties expressible by finite-state automatons.
Available are
- Our security paper .
- An extended security example
which runs under TIE .
- A rule generator can be downloaded from here .
Martin Sulzmann
Last modified: Fri Aug 23 11:35:49 GMT-8 2002