Fable swMATH ID: 23081 Software Authors: Swamy N, Corcoran BJ, Hicks M Description: Fable: A Language for Enforcing User-defined Security Policies. This paper presents Fable, a core formalism for a programming language in which programmers may specify security policies and reason that these policies are properly enforced. In Fable, security policies can be expressed by associating security labels with the data or actions they protect. Programmers define the semantics of labels in a separate part of the program called the enforcement policy. Fable prevents a policy from being circumvented by allowing labeled terms to be manipulated only within the enforcement policy; application code must treat labeled values abstractly. Together, these features facilitate straightforward proofs that programs implementing a particular policy achieve their high-level security goals. Fable is flexible enough to implement a wide variety of security policies, including access control, information flow, provenance, and security automata. We have implemented Fable as part of the Links web programming language; we call the resulting language SELinks. We report on our experience using SELinks to build two substantial applications, a wiki and an on-line store, equipped with a combination of access control and provenance policies. To our knowledge, no existing framework enables the enforcement of such a wide variety of security policies with an equally high level of assurance. Homepage: https://dl.acm.org/citation.cfm?id=1398040 Related Software: F*; Jif; AURA; Laminar; Merlin; SGX; Privtrans; Moat; EROS; VC3; JFlow; LLVM; MS SQL Server; SeLINQ; GWT; Ruby; MySQL; PostgreSQL; Flow Caml; Pixy Cited in: 6 Documents all top 5 Cited by 21 Authors 1 Amir-Mohammadian, Sepehr 1 Bhargavan, Karthikeyan 1 Caires, Luís 1 Chen, Juan 1 Costa Seco, João 1 Fallah, Mehran S. 1 Ferrão, Lúcio 1 Fournet, Cédric 1 Harris, William R. 1 Hedin, Daniel 1 Jha, Somesh 1 Li, Xiaowei 1 Pérez, Jorge A. 1 Reps, Thomas W. 1 Sabelfeld, Andrei 1 Schoepe, Daniel 1 Seshia, Sanjit Arunkumar 1 Strub, Pierre-Yves 1 Swamy, Nikhil 1 Vieira, Hugo Torres 1 Yang, Jean Cited in 4 Serials 1 ACM Computing Surveys 1 Formal Methods in System Design 1 Journal of Functional Programming 1 Computer Languages, Systems & Structures Cited in 1 Field 6 Computer science (68-XX) Citations by Year