compiler/io.github.aplcornell.viaduct.security/SecurityLattice

SecurityLattice

class SecurityLattice<T : Lattice<T>>(val confidentialityComponent: T, val integrityComponent: T) : Lattice<SecurityLattice<T>> , TrustLattice<SecurityLattice<T>> , PrettyPrintable

A lattice for information flow security. This is a product lattice with confidentiality and integrity components. Information flows from less restrictive contexts to more restrictive ones.

Elements of T are interpreted as principals.

meet and join talk about information flow.

and and or talk about trust.

Constructors

Link copied to clipboard
fun <T : Lattice<T>> SecurityLattice(principal: T)

Returns an element with confidentialityComponent and integrityComponent equal to principal.

Link copied to clipboard
fun <T : Lattice<T>> SecurityLattice(confidentialityComponent: T, integrityComponent: T)

Types

Link copied to clipboard
class Bounds<T : Lattice<T>>(bounds: BoundedLattice<T>) : BoundedLattice<SecurityLattice<T>> , BoundedTrustLattice<SecurityLattice<T>>

Provides bounds for a SecurityLattice given bounds for T.

Functions

Link copied to clipboard
open infix override fun and(that: SecurityLattice<T>): SecurityLattice<T>

The least powerful principal that can act for both this and that. This denotes a conjunction of authority.

Link copied to clipboard
fun confidentiality(bounds: BoundedLattice<T>): SecurityLattice<T>

Returns an element that represents the confidentiality component.

Link copied to clipboard
fun integrity(bounds: BoundedLattice<T>): SecurityLattice<T>

Returns an element that represents the integrity component.

Link copied to clipboard
open infix override fun join(that: SecurityLattice<T>): SecurityLattice<T>

The least upper bound of this and that.

Link copied to clipboard
open infix override fun meet(that: SecurityLattice<T>): SecurityLattice<T>

The greatest lower bound of this and that.

Link copied to clipboard
open infix override fun or(that: SecurityLattice<T>): SecurityLattice<T>

The most powerful principal both this and that can act for. This denotes a disjunction of authority.

Link copied to clipboard
fun swap(): SecurityLattice<T>

Switches the confidentiality and integrity components.

Link copied to clipboard
open override fun toDocument(): Document
Link copied to clipboard
open override fun toString(): String

Properties

Link copied to clipboard
val confidentialityComponent: T

The confidentiality component in the underlying lattice.

Link copied to clipboard
val integrityComponent: T

The integrity component in the underlying lattice.

Extensions

Link copied to clipboard
Link copied to clipboard
fun <C : HeytingAlgebra<C>, V, T> Term<C, V>.confidentialityFlowsTo(that: Term<C, V>, bounds: BoundedLattice<C>, failWith: (SecurityLattice<C>, SecurityLattice<C>) -> T): Iterable<Constraint<C, V, T>>
Link copied to clipboard
fun <C : HeytingAlgebra<C>, V, T> Term<C, V>.flowsTo(that: Term<C, V>, bounds: BoundedLattice<C>, failWith: (SecurityLattice<C>, SecurityLattice<C>) -> T): Iterable<Constraint<C, V, T>>

Returns a constraint that represents [this] flowsTo [that].

Link copied to clipboard
Link copied to clipboard
fun <C : HeytingAlgebra<C>, V, T> Term<C, V>.integrityFlowsTo(that: Term<C, V>, bounds: BoundedLattice<C>, failWith: (SecurityLattice<C>, SecurityLattice<C>) -> T): Iterable<Constraint<C, V, T>>