AURA

AURA, a programming language for authorization and audit. This paper presents AURA, a programming language for access control that treats ordinary programming constructs (e.g., integers and recursive functions) and authorization logic constructs (e.g., principals and access control policies) in a uniform way. AURA is based on polymorphic DCC and uses dependent types to permit assertions that refer directly to AURA values while keeping computation out of the assertion level to ensure tractability. The main technical results of this paper include fully mechanically verified proofs of the decidability and soundness for AURA’s type system, and a prototype typechecker and interpreter.

This software is also peer reviewed by journal TOMS.

Keywords for this software

access control
dependent types
audit
predicative polymorphism
type systems
authorization logic
binders
general recursion
cofinite quantification
formal proofs
denotational semantics
metatheory
locally nameless
termination
security typed programming
Agda
noninterference

References in zbMATH (referenced in 6 articles , 1 standard article )

Showing results 1 to 6 of 6.

Sorted by year (citations)

Casinghino, Chris; Sjöberg, Vilhelm; Weirich, Stephanie: Combining proofs and programs in a dependently typed language (2014)
Amir-Mohammadian, Sepehr; Fallah, Mehran S.: Noninterference in a predicative polymorphic calculus for access control (2013)
Charguéraud, Arthur: The locally nameless representation (2012)
Morgenstern, Jamie; Licata, Daniel R.: Security-typed programming within dependently typed programming (2010)
Abadi, Martín: Logic in access control (tutorial notes) (2009)
Jia, Limin; Vaughan, Jeffrey A.; Mazurak, Karl; Zhao, Jianzhou; Zarko, Luke; Schorr, Joseph; Zdancewic, Steve: AURA: a programming language for authorization and audit (2008)