Roles, stacks, histories: A triple for Hoare

Johannes Borgström, Andrew D. Gordon, Riccardo Pucella

Research output: Contribution to journalArticlepeer-review


Behavioral type and effect systems regulate properties such as adherence to object and communication protocols, dynamic security policies, avoidance of race conditions, and many others. Typically, each system is based on some specific syntax of constraints, and is checked with an ad hoc solver. Instead, we advocate types refined with first-order logic formulas as a basis for behavioral type systems, and general purpose automated theorem provers as an effective means of checking programs. To illustrate this approach, we define a triple of security-related type systems: for role-based access control, for stack inspection, and for history-based access control. The three are all instances of a refined state monad. Our semantics allows a precise comparison of the similarities and differences of these mechanisms. In our examples, the benefit of behavioral type-checking is to rule out the possibility of unexpected security exceptions, a common problem with code-based access control.
Original languageEnglish
Pages (from-to)159-207
Number of pages49
JournalJournal of Functional Programming
Issue number2
Publication statusPublished - 2011


Dive into the research topics of 'Roles, stacks, histories: A triple for Hoare'. Together they form a unique fingerprint.

Cite this