Programming Language Design - Issues in Web Programming and Security

Licentiate thesis, 2006

This thesis consists of two separate parts. Both concern programming language design, the first in the domain of web programming and the other for security. The first part consists of two papers, both discussing various aspects of how to extend the general purpose programming language Haskell to make it serve as a specialized scripting language for writing dynamic web pages. The first paper in this area concerns one specific theoretic aspect of this extension, namely how to extend Haskell with regular expression pattern matching. We discuss syntax, typing and semantics for regular expression patterns, and show an implementation of the system in Haskell. In the second paper we give an overview of Haskell Server Pages, an extension of Haskell for writing dynamic web pages. Then we go on to discuss how to implement the runtime system of this language by using on-request compilation and dynamic loading of pages into a running server application. The second part of the thesis concerns security, and in particular language-based information flow security. We show a calculus, based on $\lambda$-calculus with references, that allows dynamic changes to the flow policies of a program during execution. We also give a type system for the calculus that tracks valid flows, and a semantics. To prove that our type system is sound, we define a non-interference-like semantic security property and prove that it is implied by the type system using a bisimulation-style proof. Our aim with the calculus is to provide a core calculus that can be used to explain properties of other systems. To establish it as such, we also show how to encode various other similar systems in our calculus.