Security-typed languages provide effective ways to statically enforce security policies, such as confidentiality. Downsides that make a security typing discipline hard to adopt are the annotation overhead and the rigidity of the typing discipline itself. Those problems can be approached using both optional typing and gradual typing. Prior work have focused on the gradual security typing approach. In this work we start to explore the design space of optional security typing since there are different interpretations of what optional security typing means. We describe two interpretations that produce type systems with different levels of strictness regarding the security analysis. This suggests that programmers may benefit from being given the possibility to choose depending on the desired flexibility.
Program Display Configuration
Sun 17 Jul
Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Viennachange