Jifclipse: development tools for security-typed languages

ACM Workshop on Programming Languages and Analysis for Security Pub Date : 2007-06-14 DOI:10.1145/1255329.1255331

Boniface Hicks, Dave King, P. Mcdaniel

{"title":"Jifclipse: development tools for security-typed languages","authors":"Boniface Hicks, Dave King, P. Mcdaniel","doi":"10.1145/1255329.1255331","DOIUrl":null,"url":null,"abstract":"Security-typed languages such as Jif require the programmer to label variables with information flow security policies as part of application development. The compiler then flags errors wherever information leaks may occur. Resolving these information leaks is a critical task in security-typed language application development. Unfortunately, because information flows can be quite subtle, simple error messages tend to be insufficient for finding and resolving the source of information leaks; more sophisticated development tools are needed for this task. To this end we provide a set of principles to guide the development of such tools. Furthermore, we implement a subset of these principles in an integrated development environment (IDE) for Jif, called Jifclipse, which is built on the Eclipse extensible development platform. Our plug-in provides a Jif programmer with additional tools to view hidden information generated by a Jif compilation, to suggest fixes for errors, and to get more specific information behind an error message. Better development tools are essential for making security-typed application development practical; Jifclipse is a first step in this process","PeriodicalId":119000,"journal":{"name":"ACM Workshop on Programming Languages and Analysis for Security","volume":"209 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Programming Languages and Analysis for Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1255329.1255331","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

Abstract

Security-typed languages such as Jif require the programmer to label variables with information flow security policies as part of application development. The compiler then flags errors wherever information leaks may occur. Resolving these information leaks is a critical task in security-typed language application development. Unfortunately, because information flows can be quite subtle, simple error messages tend to be insufficient for finding and resolving the source of information leaks; more sophisticated development tools are needed for this task. To this end we provide a set of principles to guide the development of such tools. Furthermore, we implement a subset of these principles in an integrated development environment (IDE) for Jif, called Jifclipse, which is built on the Eclipse extensible development platform. Our plug-in provides a Jif programmer with additional tools to view hidden information generated by a Jif compilation, to suggest fixes for errors, and to get more specific information behind an error message. Better development tools are essential for making security-typed application development practical; Jifclipse is a first step in this process

查看原文本刊更多论文

Jifclipse:用于安全类型语言的开发工具

安全类型语言(如Jif)要求程序员在应用程序开发中使用信息流安全策略标记变量。然后，编译器在可能发生信息泄漏的地方标记错误。解决这些信息泄漏是安全类型语言应用程序开发中的一项关键任务。不幸的是，由于信息流可能非常微妙，简单的错误消息往往不足以查找和解决信息泄漏的来源;这项任务需要更复杂的开发工具。为此，我们提供了一组原则来指导此类工具的开发。此外，我们在Jif的集成开发环境(称为Jifclipse)中实现了这些原则的子集，该环境构建在Eclipse可扩展开发平台上。我们的插件为Jif程序员提供了额外的工具，以查看由Jif编译生成的隐藏信息，建议修复错误，并在错误消息背后获取更具体的信息。更好的开发工具对于实现安全类型的应用程序开发至关重要;Jifclipse是这个过程的第一步

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Workshop on Programming Languages and Analysis for Security

自引率

0.00%

发文量