Abstract: An environment is described which enables the generation, analysis, and use of secure browser extensions. Each browser extension includes an extension body and a policy expressed in a logic-based specification language. The policy specifies the access control and dataflow privileges associated with the extension body in a fine-grained manner by leveraging the structure and content of resources that are accessible to the browser extension. A suite of analysis tools for testing the safety of the browser extension includes a visualization module identifies features of a resource that are accessible to the policy. A static analysis module uses a static analysis technique to determine whether the extension body satisfies the policy. The environment also includes a conversion module for converting the browser extension, once deemed safe, into a form for use by a particular type of browser. The browser can execute that extension without performing runtime safety checks.

Abstract: Described is a source program code language that facilitates the association of security proofs obtained from a solver (e.g., a Z3 theorem prover) with the program code. The code may include affine types, dependent types and/or refinement types. A derefinement procedure replaces each refinement type with a dependent pair type corresponding to the proof. A target code type checker verifies the target code with respect to the security policies. If verified as complying with security policy, a verified program corresponding to the translated program may then be installed and run.

Abstract: An environment is described which enables the generation, analysis, and use of secure browser extensions. Each browser extension includes an extension body and a policy expressed in a logic-based specification language. The policy specifies the access control and dataflow privileges associated with the extension body in a fine-grained manner by leveraging the structure and content of resources that are accessible to the browser extension. A suite of analysis tools for testing the safety of the browser extension includes a visualization module identifies features of a resource that are accessible to the policy. A static analysis module uses a static analysis technique to determine whether the extension body satisfies the policy. The environment also includes a conversion module for converting the browser extension, once deemed safe, into a form for use by a particular type of browser. The browser can execute that extension without performing runtime safety checks.

Abstract: Described is a source program code language that facilitates the association of security proofs obtained from a solver (e.g., a Z3 theorem prover) with the program code. The code may include affine types, dependent types and/or refinement types. A derefinement procedure replaces each refinement type with a dependent pair type corresponding to the proof. A target code type checker verifies the target code with respect to the security policies. If verified as complying with security policy, a verified program corresponding to the translated program may then be installed and run.

Abstract: A method for determining whether to provide a requested service includes steps of receiving a current request for at least one secure service; searching a cache for a stored decision on whether to provide the at least one secure service, wherein the stored decision was made responsive to a prior request that is equivalent to the current request; using the stored decision when the stored decision is found; and performing a security check to determine whether a requested secure service can be granted, if the stored decision is not found. According to other embodiments, the method can be implemented as a computer readable medium including program instructions for performing the method or as an information processing system comprising a processor and memory for performing the method.