Vaughan, Jeffrey A
Email Address
ORCID
Disciplines
Search Results
Now showing 1 - 4 of 4
Publication Aura: Programming with Authorization and Audit(2009-12-22) Vaughan, Jeffrey AStandard programming models do not provide direct ways of managing secret or untrusted data. This is a problem because programmers must use ad hoc methods to ensure that secrets are not leaked and, conversely, that tainted data is not used to make critical decisions. This dissertation advocates integrating cryptography and language-based analyses in order to build programming environments for declarative information security, in which high-level specifications of confidentiality and integrity constraints are automatically enforced in hostile execution environments. This dissertation describes Aura, a family of programing languages which integrate functional programming, access control via authorization logic, automatic audit logging, and confidentially via encryption. Aura's programming model marries an expressive, principled way to specify security policies with a practical policy-enforcement methodology that is well suited for auditing access grants and protecting secrets. Aura security policies are expressed as propositions in an authorization logic. Such logics are suitable for discussing delegation, permission, and other security-relevant concepts. Aura's (dependent) type system cleanly integrates standard data types, like integers, with proofs of authorization-logic propositions; this lets programs manipulate authorization proofs just like ordinary values. In addition, security-relevant implementation details---like the creation of audit trails or the cryptographic representation of language constructs---can be handled automatically with little or no programmer intervention.Publication AURA: Preliminary Technical Results(2008-04-17) Jia, Limin; Vaughan, Jeffrey A; Mazurak, Karl; Zhao, Jianzhou; Zarko, Luke; Schorr, Joseph; Zdancewic, Stephan AThis paper presents AURA, a programming language for access control that treats ordinary programming constructs (e.g., integers and recursive functions) and authorization logic constructs (e.g., principals and access control policies) in a uniform way. AURA is based on polymorphic DCC and uses dependent types to permit assertions that refer directly to AURA values while keeping computation out of the assertion level to ensure tractability. The main technical results of this paper include fully mechanically verified proofs of the decidability and soundness for AURA's type system, and a prototype typechecker and interpreter.Publication Evidence-Based Audit, Technical Appendix(2008-04-27) Vaughan, Jeffrey A; Jia, Limin; Mazurak, Karl; Zdancewic, Stephan AAuthorization logics provide a principled and flexible approach to specifying access control policies. One of their compelling benefits is that a proof in the logic is evidence that an access-control decision has been made in accordance with policy. Using such proofs for auditing reduces the trusted computing base and enables the ability to detect flaws in complex authorization policies. Moreover, the proof structure is itself useful, because proof normalization can yield information about the relevance of policy statements. Untrusted, but well-typed, applications that access resources through an appropriate interface must obey the access control policy and create proofs useful for audit. This paper presents AURA0, an authorization logic based on a dependently-typed variant of DCC and proves the metatheoretic properties of subject-reduction and normalization. It shows the utility of proof-based auditing in a number of examples and discusses several pragmatic issues that must be addressed in this context.Publication A Review of Three Techniques for Formally Representing Variable Binding(2006-12-19) Vaughan, Jeffrey AThis paper compares three models for formal reasoning about programming languages with binding. Higher order abstract syntax (HOAS) uses meta-level binding to represent object-level binding [PE88]. Nominal Logic couples a concrete representation of bound variables with a formal apparatus for safely manipulating bound variables [Pit03]. The locally named binding representation places bound and free variables in different syntactic sorts [MP99]. This paper surveys each binding model, and compares it to the others and to Gordon and Melham’s axiomatization of the untyped lambda calculus [GM97]. Comparisons are made based on expressive power, transparency to human readers, and suitability for mechanized reasoning of each binding model. Each system excels in one area; HOAS is most expressive, Nominal Logic most transparent, and locally named most mechanizable.