A Policy Semantics and a Programming Language for Securing Software
The work presented in this thesis contributes to the information flow
policy specification language Paralocks and the enforcement of Paralocks
policies in the programming language Paragon.
The thesis starts with a programming tutorial on Paragon. The tutorial
aims to make Paragon accessible for programmers without any familiarity
with information flow theory. We gradually introduce the Java programmer
to various information flow concepts using the Paragon programming lan-
guage. The tutorial also provides information and design patterns needed to
set up realistic software applications in Paragon.
Next we focus our attention on the design and implementation of Paragon.
We discuss how the Paralocks language is generalised to integrate more
tightly with Java’s object-oriented programming style, on which Paragon
is built. Combined with the dynamic nature of Paralocks policies, Paragon
promises to be a flexible and expressive programming language.
Finally we present an alternative semantics for Paralocks, based on the
declarative language Datalog. Compared to Paralocks’ original semantics,
the Datalog-inspired semantics provides a more natural and intuitive inter-
pretation for Paralocks policies. We show that the new semantics coincides
with the original semantics. It also allows us to adopt Datalog extensions
and algorithms into Paralocks and Paragon.
security policy language