Towards a Secure Programming Language. An Access Control System for CommonLisp

Abstract

Computer security is becoming an increasingly important problem. Although, the problem is often described as one of network security, the core of the problem is the vulnerability of computer hosts. There are many underlying causes of computer vulnerability, but most of them are traceable to an underlying failure of language systems to enforce the semantics of object identify, extent and type. Compounding this failing is the inability of most programming languages to express constraints on information flow and access that would limit the damage due to a penetration. In this paper, we present an access control system for Lisp-like languages that allows precise specification of which actors are allowed to perform what operations on which types of objects. Making these controls non-bypassable in a language as dynamic as Common-lisp is a serious challenge; we present techniques based on use of the Meta-Object Protocol (MOP) that achieve this goal; furthermore, we outline how hardware support can provide stronger guarantees within this framework.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 25, 2009
Accession Number
ADA517052

Entities

People

  • Howard Elliot Shrobe

Organizations

  • Massachusetts Institute of Technology

Tags

Communities of Interest

  • Space

DTIC Thesaurus Topics

  • Applied Computer Science
  • Computer Access Control
  • Computer Programming
  • Computer Science
  • Computers
  • Control Systems
  • Entry Control Systems
  • Instructions
  • Language
  • Operating Systems
  • Programming Languages
  • Security
  • Semantics
  • Software Development
  • Standards
  • Vulnerability
  • Words (Language)

Fields of Study

  • Computer science

Readers

  • Computational Linguistics
  • Database Systems and Applications
  • Systems Analysis and Design

Technology Areas

  • Cyber