A Policy Semantics and a Programming Language for Securing Software

Licentiate thesis, 2014

The work presented in this thesis contributes to the information flow policy specification language Paralocks and the enforcement of Paralocks policies in the programming language Paragon. The thesis starts with a programming tutorial on Paragon. The tutorial aims to make Paragon accessible for programmers without any familiarity with information flow theory. We gradually introduce the Java programmer to various information flow concepts using the Paragon programming lan- guage. The tutorial also provides information and design patterns needed to set up realistic software applications in Paragon. Next we focus our attention on the design and implementation of Paragon. We discuss how the Paralocks language is generalised to integrate more tightly with Java’s object-oriented programming style, on which Paragon is built. Combined with the dynamic nature of Paralocks policies, Paragon promises to be a flexible and expressive programming language. Finally we present an alternative semantics for Paralocks, based on the declarative language Datalog. Compared to Paralocks’ original semantics, the Datalog-inspired semantics provides a more natural and intuitive inter- pretation for Paralocks policies. We show that the new semantics coincides with the original semantics. It also allows us to adopt Datalog extensions and algorithms into Paralocks and Paragon.