Sequential programming is no longer adequate to tap the full potential of today’s computing systems. They require concurrent programming models because they contain multi-core processors and regularly access networked, distributed services. Message-passing concurrency with channel-based communication is a promising programming paradigm for these systems.As concurrent, distributed programs cannot be considered in isolation, enforcing access control and guaranteeing data integrity and confidentiality is of utmost importance. However, the complexity of such programs makes the statement and enforcement of consistent security policies challenging.The overall goal of this project is to establish a framework for stating and enforcing user-configurable security policies on object-oriented programs with messagepassing concurrency. This framework centralizes the concerns for access control and information flow and relies on static and dynamic analysis to enforce the respective policies. It also supports the gradual introduction of security policies into an existing code base.The framework will be based on hierarchical policies specified by session types and contracts, corresponding to a role hierarchy. The policies considered range from simple safety properties to noninterference assertions that manage secure information flow. The compilation of hierarchical policies into staged monitoring and its efficient realization is a central component of the framework. Practical applicability will be demonstrated with a browser-based implementation for the JavaScript language.

DFG-Verfahren Schwerpunktprogramme

Teilprojekt zu SPP 1496:  Reliably Secure Software Systems - Zuverlässig sichere Softwaresysteme