History Effects and Verification

  • Christian Skalka
  • Scott Smith
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3302)


This paper shows how type effect systems can be combined with model-checking techniques to produce powerful, automatically verifiable program logics for higher-order programs. The properties verified are based on the ordered sequence of events that occur during program execution — an event history. Our type and effect systems automatically infer conservative approximations of the event histories arising at run- time, and model-checking techniques are used to verify logical properties of these histories.

Our language model is based on the λ -calculus. Technical results include a powerful type inference algorithm for a polymorphic type effect system, and a method for applying known model-checking techniques to the history effects inferred by the type inference algorithm, allowing static enforcement of history- and stack-based security mechanisms.


Operational Semantic Program Execution Label Transition System Type Inference Type Safety 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Fournet, C.: Access control based on execution history. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium (NDSS 2003) (February 2003)Google Scholar
  2. 2.
    Amtoft, T., Nielson, F., Nielson, H.R.: Type and Effect Systems. Imperial College Press, London (1999)Google Scholar
  3. 3.
    Ball, T., Rajamani, S.K.: Bebop: A symbolic model checker for boolean programs. In: SPIN, pp. 113–130 (2000)Google Scholar
  4. 4.
    Besson, F., Jensen, T., Le Métayer, D., Thorn, T.: Model checking security properties of control flow graphs. J. Computer Security 9, 217–250 (2001)CrossRefGoogle Scholar
  5. 5.
    Besson, F., de Grenier de Latour, T., Jensen, T.: Secure calling contexts for stack inspection. In: Proceedings of the Fourth ACM SIGPLAN Conference on Principles and Practice of Declarative Programming (PPDP 2002), pp. 76–87. ACM Press, New York (2002)Google Scholar
  6. 6.
    Burkart, O., Caucal, D., Moller, F., Steffen, B.: Verification on infinite structures. In: Smolka, S., Bergstra, J., Pons, A. (eds.) Handbook on Process Algebra. North-Holland, Amsterdam (2001)Google Scholar
  7. 7.
    Chen, H., Wagner, D.: MOPS: an infrastructure for examining security properties of software. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, November 18–22, pp. 235–244 (2002)Google Scholar
  8. 8.
    Colcombet, T., Fradet, P.: Enforcing trace properties by program transformation. In: 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 54–66 (2000)Google Scholar
  9. 9.
    Edjlali, G., Acharya, A., Chaudhary, V.: History-based access control for mobile code. In: ACM Conference on Computer and Communications Security, pp. 38–48 (1998)Google Scholar
  10. 10.
    Eifrig, J., Smith, S., Trifonov, V.: Type inference for recursively constrained types and its application to OOP, vol. 1 (1995),
  11. 11.
    Esparza, J.: On the decidability of model checking for several mu-calculi and Petri nets. In: Tison, S. (ed.) CAAP 1994. LNCS, vol. 787. Springer, Heidelberg (1994)Google Scholar
  12. 12.
    Esparza, J., Kucera, A., Schwoon, S.: Model-checking LTL with regular valuations for pushdown systems. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, p. 316. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Igarashi, A., Kobayashi, N.: Resource usage analysis. In: Conference Record of POPL 2002: The 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Portland, Oregon, January 2002, pp. 331–342 (2002)Google Scholar
  14. 14.
    Jensen, T., Le Métayer, D., Thorn, T.: Verification of control flow based security properties. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy (1999)Google Scholar
  15. 15.
    Stuckey, P.J., Marriott, K., Sulzmann, M.: Resource usage verification. In: Ohori, A. (ed.) APLAS 2003. LNCS, vol. 2895, pp. 212–229. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Kobayashi, N.: Time regions and effects for resource usage analysis. In: Proceedings of ACM SIGPLAN International Workshop on Types in Languages Design and Implementation (TLDI 2003) (2003)Google Scholar
  17. 17.
    Kozen, D.: Results on the propositional mu-calculus. Theoretical Computer Science 27, 333–354 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Mandelbaum, Y., Walker, D., Harper, R.: An effective theory of type refinements. In: Proceedings of the the Eighth ACM SIGPLAN International Conference on Functional Programming (ICFP 2003), Uppsala, Sweden (August 2003)Google Scholar
  19. 19.
    Pottier, F., Skalka, C., Smith, S.: A systematic approach to static access control. In: Sands, D. (ed.) ESOP 2001 and ETAPS 2001. LNCS, vol. 2028, pp. 30–45. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Schneider, F.B.: Enforceable security policies. Information and System Security 3(1), 30–50 (2000)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Skalka, C., Smith, S.: Static enforcement of security with types. In: Proceedings of the the Fifth ACM SIGPLAN International Conference on Functional Programming (ICFP 2000), Montréal, Canada, September 2000, pp. 34–45 (2000)Google Scholar
  22. 22.
    Skalka, C., Smith, S.: History types and verification (2004) (extended manuscript) ,
  23. 23.
    Steffen, B., Burkart, O.: Model checking for context-free processes. In: Cleaveland, W.R. (ed.) CONCUR 1992. LNCS, vol. 630, pp. 123–137. Springer, Heidelberg (1992)CrossRefGoogle Scholar
  24. 24.
    Stone, C.: Singleton types and singleton kinds. Technical Report CMU-CS-00-153, Carnegie Mellon University (2000)Google Scholar
  25. 25.
    Talpin, J.-P., Jouvelot, P.: The type and effect discipline. In: Seventh Annual IEEE Symposium on Logic in Computer Science, Santa Cruz, California, pp. 162–173. IEEE Computer Society Press, Los Alamitos (1992)Google Scholar
  26. 26.
    Walker, D.: A type system for expressive security policies. In: Conference Record of POPL 2000: The 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Boston, Massachusetts, January 2000, pp. 254–267 (2000)Google Scholar
  27. 27.
    Wallach, D.S., Felten, E.: Understanding Java stack inspection. In: Proceedings of the 1998 IEEE Symposium on Security and Privacy (May 1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Christian Skalka
    • 1
  • Scott Smith
    • 2
  1. 1.The University of VermontUSA
  2. 2.The Johns Hopkins UniversityUSA

Personalised recommendations