Challenges in Defining a Programming Language for Provably Correct Dynamic Analyses
نویسندگان
چکیده
Modern software systems are not only famous for being ubiquitous and large scale but also infamous for being inherently insecure. We argue that a large part of this problem is due to the fact that current programming languages do not provide adequate built-in support for addressing security concerns. In this work we outline the challenges involved in developing Codana, a novel programming language for defining provably correct dynamic analyses. Codana analyses form security monitors; they allow programmers to proactively protect their programs from security threats such as insecure information flows, buffer overflows and access-control violations. We plan to design Codana in such a way that program analyses will be simple to write, read and prove correct, easy to maintain and reuse, efficient to compile, easy to parallelize, and maximally amenable to static optimizations. This is difficult as, nevertheless, Codana must comprise sufficiently expressive language constructs to cover a large class of security-relevant dynamic analyses. For deployed programs, we envision Codana-based analyses to be the last line of defense against malicious attacks. It is hence paramount to provide correctness guarantees on Codana-based analyses as well as the related program instrumentation and static optimizations. A further challenge is effective but provably correct sharing: dynamic analyses can benefit from sharing information among another. We plan to encapsulate such shared information within Codana program fragments.
منابع مشابه
Provably Correct Code Generation: A Case Study
Provably correct compilation is an important aspect in development of high assurance software systems. In this paper we present an approach to provably correct compilation based on Horn logical semantics of programming languages and partial evaluation. We also show that continuation semantics can be expressed in the Horn logical framework, and introduce Definite Clause Semantics. We illustrate ...
متن کاملGenerating program analyzers
In this work the automatic generation of program analyzers from concise specifications is presented. It focuses on provably correct and complex interprocedural analyses for real world sized imperative programs. Thus, a powerful and flexible specification mechanism is required, enabling both correctness proofs and efficient implementations. The generation process relies on the theory of data flo...
متن کاملFeasibility study of presenting a dynamic stochastic model based on mixed integer second-order conic programming to solve optimal distribution network reconfiguration in the presence of resources and demand-side management
Nowadays, with the use of devices such as fossil distributed generation and renewable energy resources and energy storage systems that are operated at the level of distribution networks, the problem of optimal reconfiguration has faced major challenges, so any change in the power of this resources can have different results in reconfiguration. Similarly, load changes during the day can lead to ...
متن کاملTowards Provably Correct Code Generation via Horn Logical Continuation Semantics
Provably correct compilation is an important aspect in development of high assurance software systems. In this paper we explore approaches to provably correct code generation based on programming language semantics, particularly Horn logical semantics, and partial evaluation. We show that the definite clause grammar (DCG) notation can be used for specifying both the syntax and semantics of impe...
متن کاملTowards Provably Correct Code Gneration for a Hard Real-Time Programming Language
This paper sketches a hard real-time programming language featuring operators for expressing timeliness requirements in an abstract, implementation-independent way and presents parts of the design and veriication of a provably correct code generator for that language. The notion of implementation correctness used as an implicit speciication of the code generator pays attention to timeliness req...
متن کامل