Skip to Main content Skip to Navigation
Theses

Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages

Jean-Baptiste Arnaud 1
1 RMOD - Analyses and Languages Constructs for Object-Oriented Application Evolution
LIFL - Laboratoire d'Informatique Fondamentale de Lille, Inria Lille - Nord Europe
Abstract : Dynamically-typed object-oriented programming languages do not provide type information until runtime. Two of their main advantages are that they allow fast prototyping and integrating changes at runtime. The ability of dynamically-typed languages to support program changes at runtime and the lack of type information doom the classic security approaches to failure. Controlling references to single objects and to graphs of objects is essential to build secure systems. Existing approaches are commonly based on static type system and cannot be applied to dynamically-typed languages. This thesis argue that: In the context of dynamically-typed languages, reifying references, controlling behavior, and isolating state via such references, is a practical way to control references. This thesis makes five contributions: - We propose dynamic read-only objects (DRO) as one kind of adaptation of behavioral change at reference-level. - We generalize the DRO model to enable more generic behavioral changes. We extend the Pharo programming environment and language with Handles, that are first-class references with the ability to change the behavior of referenced objects. - We define Metahandle to offer flexibility and adaptability to controlled references. - We propose SHandle, an extension of the Handle model to isolate side effects at the level of references. - And finally, we formalize the Handles and SHandle models to represent and explain their semantics. As validation of our thesis we have implemented three approaches relevant to securing system using our model. In addition, as proof of concept we extended the Pharo virtual machine to support Handles, Metahandles and SHandles. Keyword: security, dynamically-typed languages, reflection, language design, first class reference, object-oriented programming.
Document type :
Theses
Complete list of metadatas

Cited literature [38 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-00808419
Contributor : Lse Lse <>
Submitted on : Friday, April 5, 2013 - 1:54:02 PM
Last modification on : Friday, October 23, 2020 - 4:45:47 PM
Long-term archiving on: : Monday, April 3, 2017 - 12:30:48 AM

File

Identifiers

  • HAL Id : tel-00808419, version 1

Collections

Citation

Jean-Baptiste Arnaud. Towards First Class References as a Security Infrastructure in Dynamically-Typed Languages. Programming Languages [cs.PL]. Université des Sciences et Technologie de Lille - Lille I, 2013. English. ⟨tel-00808419⟩

Share

Metrics

Record views

364

Files downloads

554