AURA a security-oriented language for access control that treats ordinary programming constructs (e.g., integers and recursive functions) and authorization logic constructs (e.g., principals and access control policies) in a uniform way.

AURA's authorization logic is based on polymorphic DCC and uses dependent types to permit assertions that refer directly to AURA values while keeping computation out of the assertion level to ensure tractability.

Download:

auratheory-0.1a.tar.gz: Coq proofs of soundness for the Core AURA type system.

aura-0.1a.tar.gz: A Core AURA intepreter written in F#.

Papers:

AURA: A Programming Language for Authorization and Audit

Limin Jia, Jeffrey A. Vaughan, Karl Mazurak, Jianzhou Zhao, Luke Zarko, Joseph Schorr, and Steve Zdancewic.

In Proc. of the 13th ACM SIGPLAN International Conference on Functional Programming (ICFP), Victoria, British Columbia, Canada, September 2008.

Limin Jia, Jeffrey A. Vaughan, Karl Mazurak, Jianzhou Zhao, Luke Zarko, Joseph Schorr, and Steve Zdancewic. In Proc. of the 13th ACM SIGPLAN International Conference on Functional Programming (ICFP), Victoria, British Columbia, Canada, September 2008. AURA:Preliminary Technical Results .

Limin Jia, Jeffrey A. Vaughan, Karl Mazurak, Jianzhou Zhao, Luke Zarko, Joseph Schorr, and Steve Zdancewic.

Technical Report MS-CIS-08-10, University of Pennsylvania, 2008.

. Limin Jia, Jeffrey A. Vaughan, Karl Mazurak, Jianzhou Zhao, Luke Zarko, Joseph Schorr, and Steve Zdancewic. Technical Report MS-CIS-08-10, University of Pennsylvania, 2008. Evidence-based Audit

Jeffrey A. Vaughan, Limin Jia, Karl Mazurak, and Steve Zdancewic.

In Proc. of 21st IEEE Computer Security Foundations Symposium (CSF), pages 177-191. IEEE Computer Society Press, 2008.

Jeffrey A. Vaughan, Limin Jia, Karl Mazurak, and Steve Zdancewic. In Proc. of 21st IEEE Computer Security Foundations Symposium (CSF), pages 177-191. IEEE Computer Society Press, 2008. Evidence-based Audit, Technical Appendix.

Jeffrey C. Vaughan, Limin Jia, Karl Mazurak, and Steve Zdancewic.

Technical Report MS-CIS-08-09, University of Pennsylvania, 2008.

People:

Steve Zdancewic, Associate Professor

Limin Jia, Post Doc.

Karl Mazurak, Ph.D. Student

Jeff Vaughan, Ph.D. Student

Jianzhou Zhao, Ph.D. Student

Luke Zarko, Undergraduate Student

Alumni:

Peng Li, Ph.D. Student

Joey Schorr, Masters Student

