Morris, J.H. Protection in programming languages. Comm. ACM 16, 1 (Jan. 1973), 15-21.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....of the object too. In CLU, operations do not belong to the object but instead belong to a type. This gives them special privileges with respect to their type s objects that no other parts of the program have, namely, they can see the reps of these objects. This view was first described by Morris [14]. The CLU view works better for operations that manipulate several objects of the type simultaneously because an operation can see the reps of several objects at once. Examples of such operations are adding two integers or forming the union of two sets. The Smalltalk view does not support such ....

Morris, J. H. "Protection in Programming Languages". Comm. of the ACM 16 , 1 (January 1973).

....these two techniques, in particular by extending the former with a flexible, generic treatment of many cryptographic operations. We also establish an equivalence between the two techniques. 1. INTRODUCTION Concepts and methods from programming languages have long been useful in security (e.g. [30]) In recent years, they have played a significant role in understanding security protocols. They have given rise to programming calculi for these protocols (e.g. 5, 6, 7, 12, 13, 16, 17, 19, 26, 28, 34] They have also suggested several approaches for reasoning about protocols, leading to ....

J. H. Morris, Jr. Protection in programming languages. Communications of the ACM, 16(1):15--21, Jan. 1973.

....the work cited above on static typing for secrecy and authenticity in spi calculus. Lillibridge and Harper [personal communication, July 2000] have independently developed a typed seal calculus that is closely related to our cryptographic # calculus. Their work mainly focuses on encoding sealing [18] primitives in terms of other mechanisms such as exceptions and references (and vice versa) rather than establishing techniques for reasoning about secrecy properties of programs using sealing. 8 Future Work Recursive Functions and Recursive Types It can be shown (from Theorem 10 and the ....

James H. Morris Jr. Protection in programming languages. Communications of the ACM, 16(1):15--21, 1973.

....the work cited above on static typing for secrecy and authenticity in spi calculus. Lillibridge and Harper [personal communication, July 2000] have independently developed a typed seal calculus that is closely related to our cryptographic # calculus. Their work mainly focuses on encoding sealing [18] primitives in terms of other mechanisms such as exceptions and references (and vice versa) rather than establishing techniques for reasoning about secrecy properties of programs using sealing. 8 Future Work Recursive Functions and Recursive Types It can be shown (from Theorem 10 and the ....

J. H. Morris Jr. Protection in programming languages. Communications of the ACM, 16(1):15--21, 1973.

....information hiding used in our previous (OO) examples always involved hiding generic functions (especially for storage tables) This allows one to change data structures at will, and also to enforce representation invariants. It thus gives information hiding, but does not prevent impersonation [Morris 73] since a client can always create a subclass of a given class and override all the methods that it would otherwise inherit. To see this, consider the following code, which declares an object that inherits from Grayscale rep (of Section 2.2.1) If the specifications of the methods initialize, ....

James H. Morris, Jr. Protection in Programming Languages. Communications of the ACM, 16(1):15-21, January, 1973.

....to nd any fully abstract model of the polymorphic calculus. Indeed, this was a hard problem even for the simply typed calculus (with recursion) 14, pp. 212 215] 5 Related Work The history of abstraction is as long as the history of programming languages. More than 27 years ago, Morris [18] informally presented the idea of protecting type abstractions by sealing values of the abstract types. Our encoding of polymorphism into cryptography in Section 4 can be regarded as a formalization of his idea. Parametricity was rst formalized by Reynolds [24] and further popularized by Wadler ....

....cryptography so far, it is natural to wonder what public key cryptography corresponds to in term of the type theory. A possible answer to this question might involve bounded quanti cation [9] Conventional upper bounded quanti cation corresponds roughly to digital signatures or trademarks [18]. If a package exports an abstract type , then clients of the package can read values without help from the package, but only authorized code inside the package can create elements of . Conversely, a lower bounded abstract type roughly corresponds to a public key for encrypting ....

James H. Morris Jr. Protection in programming languages. Communications of the ACM, 16(1):15-21, 1973.

....constructs. Recent work on Java [GJS96] has popularized the idea that languages are relevant to security, but the relation between languages and security is much older. In particular, objects and types have long been used for protection against incompetence and malice, at least since the 1970s [Mor73, LS76, JL78]. In the realm of distributed systems, programming languages (or their libraries) have sometimes provided abstractions for communication on secure channels of the kind implemented with cryptography [Bir85, WABL94, vDABW96, WRW96, Sun97b] Security depends not only on the design of clear and ....

....Andy Gordon, and Raymie Stata. Drew Dean, Mark Lillibridge, and Dan Wallach helped by explaining various Java subtleties. Mike Burrows, Cedric Fournet, Mark Lillibridge, John Mitchell, and Dan Wallach suggested improvements to a draft. The title is derived from that of a paper by Jim Morris [Mor73]. 15 16 ....

James H. Morris, Jr. Protection in programming languages. Communications of the ACM, 16(1):15--21, January 1973.

....because the function f might be unde nable. Neither does this imply that the encoding is not fully abstract, because the test for the function f might also be unde nable. 5 Related Work The history of abstraction is as long as the history of programming languages. More than 27 years ago, Morris [15] informally presented the idea of protecting type abstractions by sealing values of the abstract types. Our encoding of polymorphism into cryptography in Section 4 can be regarded as a formalization of his idea. Parametricity was rst formalized by Reynolds [19] and further popularized by Wadler ....

....cryptography so far, it is natural to wonder what public key cryptography corresponds to in term of the type theory. A possible answer to this question might involve bounded quanti cation [8] Conventional upper bounded quanti cation corresponds roughly to digital signatures or trademarks [15]. If a package exports an abstract type , then clients of the package can read values without help from the package, but only authorized code inside the package can create elements of . Conversely, a lower bounded abstract type roughly corresponds to a public key for encrypting ....

James H. Morris Jr. Protection in programming languages. Communications of the ACM, 16(1):15-21, 1973.

....the origins and the destinations of messages is a common problem in distributed systems. When security matters, the solutions to the problem rely on sophisticated mechanisms such as authentication protocols, digital signatures, and encryption [25] From the perspective of programming languages [28], we may rephrase the problem and its solutions in the following general terms: First, we have a language with a primitive notion of principal and related operations. A principal may represent a location (e.g. an IP address) or an entity that owns that location (e.g. a user) A typical ....

James H. Morris, Jr. Protection in programming languages. Communications of the ACM, 16(1):15-21, January 1973.

....e.g. if control falls off the end of one entry point, it does not return to the caller but instead continues in the entry point that follows textually within the multi entry procedure. An interesting paper that appeared in early 1973 was Jim Morris paper on protection in programming languages [Morris, 1973a] This paper contains an example of an abstract data type implemented by a lambda expression that returns a list of operations to be used to access and manipulate the new object. The paper also describes how encapsulation can be enforced dynamically by means of a key that is needed to access the ....

....a module (e.g. a procedure or a cluster) and inter module type checking; the interaction of type checking with separate compilation is discussed in Section 3.11. Originally we thought we would need to do runtime checking [Liskov, 1973c] and we planned to base our technique on that of Morris [Morris, 1973a] By early l974, we realized that we could do compile time checking most of the time [Liskov, 1974a] this issue is discussed further in Section 3.7. We preferred compile time checking to runtime checking because it enabled better runtime performance and allowed us to find errors early. We based ....

Morris, James H., Jr., Protection in Programming Languages, Communications of the ACM, 16:1, January 1973, 15-21.

....languages, there were quite a few that allowed procedures or functions as data objects (including Lisp [McC60] Pal [AE68] Gedanken [Rey70] and Algol68 [Tan76] but most of these languages did not approach the problem of program modularity directly, making an evaluation difficult. Morris [Mor73] used Gedanken to describe linguistic mechanisms which can be used to protect one subprogram from another s malfunctioning . After mentioning the procedure as a means for abstraction, he claimed that in order to exploit this device to its fullest extent it is useful to make procedures ....

James H. Morris Jr. Protection in Programming Languages. Communications of the ACM, 16(1):15--21, January 1973.

....write complex monitors if a user could bypass the manager and blithely get to the resource. The standard solution is to introduce a class mechanism to implement protected data. In an applicative language, data may be protected by making it local to a procedure (closure) This idea was exploited in [19], but has been unjustly neglected. We revive it and show how it gives an elegant solution to this problem. We will demonstrate our solution by writing the kernel and some modules for a multiprocessing system. The kernel is very small. Many functions which one would normally expect to find inside ....

J.H. Morris. Protection in programming languages. Comm. ACM, 16:15--21, 1973.

....procedure will be used synonomously with the word function. 3 1.1 The language Napier88 Before presenting an example, it is expedient to make a few comments about the language Napier88 which is used in the examples throughout this paper. In line with the principle of data type completeness [10], all Napier88 data types share the same civil rights. These are: the right to be declared, the right to be passed to and be the result of a procedure, and the right to the full spectrum of persistence. Since much of this paper is concerned with binding mechanisms, it is prudent to spend some time ....

Morris, J. H. "Protection in programming languages", CACM, vol 16, 1, pp. 15-21, 1973.

....simplicity though generality He argues that languages are too complex and that complexity is due, at least in part, to languages being too restrictive. The PISA [atk86b] languages are designed using three principles attributed to Landin [lan66] Strachey [stra67] Tennant [ten77] and Morrison [mor73]. The Principle of Correspondence: the use of names should be consistent within a system. In particular there should be a one to one correspondence between the method of introducing names in declarations and parameter lists The Principle of Abstraction: all major syntactic categories should have ....

....) and instances ( data ) is in contrast with the traditional separation of code and data. 1.2.1 Uniform Treatment of Program and Data In many programming languages such as Algol 60 and Pascal [wir73] procedures may only be declared, passed as parameters or executed. As Zilles [zil73] and Morris [mor73] point out, in order to exploit the device to its full potential it is necessary to promote procedures to full first class data objects. That is, to give them the same civil rights as any other data object in the language such as being assignable, the result of expressions, procedures and blocks ....

Morris J.H. Protection in programming languages. Comm. ACM 16,1 pp 15-21 (1973).

....information hiding used in our previous (OO) examples always involved hiding generic functions (especially for storage tables) This allows one to change data structures at will, and also to enforce representation invariants. It thus gives information hiding, but does not prevent impersonation [Morris 73] since a client can always create a subclass of a given class and override all the methods that it would otherwise inherit. To see this, consider the following code, which declares an object that inherits from Grayscale obj (of Section 2.2.1) If the specifications of the methods initialize, ....

James H. Morris, Jr. Protection in Programming Languages. Communications of the ACM, 16(1):15-21, January, 1973.

....any, computation needed at run time to resolve a variable reference, i.e. to determine the variable binding (location) denoted by the reference. Consequently, static scoping facilitates efficient implementation. Yet, static scoping does not allow variables to be shared across independent scopes [14]. Facilities such as module and object systems that support cross references of variables among lexical scopes thus must be added as special features. They provide the necessary scoping information to assist the evaluator (compiler or interpreter) in resolving variable references. In this paper we ....

J. H. Morris Jr. Protection in programming languages. CACM, 16(8):15--21, 1973.

No context found.

Morris, J.H. Protection in programming languages. Comm. ACM 16, 1 (Jan. 1973), 15-21.

No context found.

Morris, J.H. Protection in programming languages. Comm. ACM 16, 1 (Jan. 1973), 15-21.

No context found.

J. H. Morris. "Protection in Programming Languages" CACM 16(1) p. 15--21, 1973. http://www.erights.org/history/morris73.pdf.

No context found.

James H. Morris Jr. Protection in programming languages. Communications of the ACM, 16(1):15--21, 1973.

No context found.

James H. Morris Jr. Protection in programming languages. Communications of the ACM, 16(1):15--21, 1973.

No context found.

James H. Morris Jr. Protection in programming languages. Communications of the ACM, 16(1):15--21, 1973.

No context found.

James H. Morris, "Protection in Programming Languages", CACM 16(1):15-21, 1973.

No context found.

Morris, J. H. (1973). Protection in Programming Languages. Communications of the ACM 16(1). pp. 15-21. A Network-Centric Design for Relationship-Based Rights Management 113

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC