Information Flow Analysis for a Dynamically Typed Functional Language with Staged Metaprogramming
نویسندگان
چکیده
Web applications written in JavaScript are regularly used for dealing with sensitive or personal data. Consequently, reasoning about their security properties has become an important problem, which is made very difficult by the highly dynamic nature of the language, particularly its support for runtime code generation. As a first step towards dealing with this, we propose to investigate security analyses for languages with more principled forms of dynamic code generation. To this end, we present a static information flow analysis for a dynamically typed functional language with prototypebased inheritance and staged metaprogramming. We prove its soundness, implement it and test it on various examples designed to show its relevance to proving security properties, such as noninterference, in JavaScript. To our knowledge, this is the first fully static information flow analysis for a language with staged metaprogramming, and the first formal soundness proof of a CFA-based information flow analysis for a functional programming language. Keywords-noninterference; staged metaprogramming; CFA; information flow; dynamically typed languages; JavaScript; static analysis
منابع مشابه
Run-time Manipulation of Programs in a Statically-Typed Language
This article is an extended abstract of a doctoral dissertation on metaprogramming and programming language design. A metaprogramming model is studied and implemented in a statically–typed pure object– oriented programming language Zero. The object model of language is based on closures which enables metaprogramming model to achieve a high degree of dynamic manipulation, normally only found in ...
متن کاملDesign by Contract for Python
The idea of design by contract (DBC), realized in the statically typed object-oriented programming language Eiffel, can be viewed as a systematic approach to specifying and implementing object-oriented software systems. We believe that a statically typed programming language is not suitable in the analysis and design phase of a prototyping-oriented software life cycle. For this purpose, dynamic...
متن کاملReflexive Metaprogramming in Ruby Tutorial Presentation
Ruby is an interpreted, dynamically typed, object-oriented application programming language [10]. It has been in existence for more than a decade, but in the past three years interest in the Ruby language and the programming styles it enables [2] has exploded in the practitioner community [8, 9]. Much of the explosive growth in interest has been because of the advent of the Ruby on Rails Web ap...
متن کاملDynamic Security Labels and Noninterference
This paper explores information flow control in systems in which the security classes of data can vary dynamically. Information flow policies provide the means to express strong security requirements for data confidentiality and integrity. Recent work on security-typed programming languages has shown that information flow can be analyzed statically, ensuring that programs will respect the restr...
متن کاملDependently Typed Meta-programming
Dependent types and multi stage programming have both been used, separately, as implementation techniques for programming languages. Each technique has its own advantages — with dependent types, we can verify aspects of interpreters and compilers such as type safety and stack invariants. Multi stage programming, on the other hand, can give the implementor access to underlying compiler technolog...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1302.3178 شماره
صفحات -
تاریخ انتشار 2012