Dependent Types for Safe and Secure Web Programming

Fowler, S. and Brady, E. (2013) Dependent Types for Safe and Secure Web Programming. In: Proceedings of the 25th symposium on Implementation and Application of Functional Languages (IFL '13), Nijmegen, The Netherlands, 28-30 Aug 2013, pp. 49-60. ISBN 9781450329880 (doi:10.1145/2620678.2620683)

Full text not currently available from Enlighten.

Abstract

Dependently-typed languages allow precise types to be used during development, facilitating static reasoning about program behaviour. However, with the use of more specific types comes the disadvantage that it becomes increasingly difficult to write programs that are accepted by a type checker, meaning additional proofs may have to be specified manually. Embedded domain-specific languages (EDSLs) can help address this problem by introducing a layer of abstraction over more precise underlying types, allowing domain-specific code to be written in a verified high-level language without imposing additional proof obligations on an application developer. In this paper, we apply this technique to web programming. Using the dependently typed programming language Idris, we show how to use EDSLs to enforce resource usage protocols associated with common web operations such as CGI, database access and session handling. We also introduce an EDSL which uses dependent types to facilitate the creation and handling of web forms, reducing the scope for programmer error and possible security implications.

Item Type:Conference Proceedings
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Fowler, Dr Simon
Authors: Fowler, S., and Brady, E.
College/School:College of Science and Engineering > School of Computing Science
ISBN:9781450329880

University Staff: Request a correction | Enlighten Editors: Update this record