Cited By
View all- Consel CIssarny VDustdar S(2018)Assistive computingProceedings of the 40th International Conference on Software Engineering: Software Engineering in Society10.1145/3183428.3183431(23-32)Online publication date: 27-May-2018
Frameworks compiled from declarations: a language-independent approach
Abstract
Programming frameworks are an accepted fixture in the object-oriented world, motivated by the need for code reuse, developer guidance and restriction. A new trend is emerging where frameworks require domain experts to provide declarations using a domain-specific language, influencing the structure and behaviour of the resulting application. These mechanisms address concerns such as user privacy. Although many popular open platforms such as Android are based on declaration-driven frameworks, current implementations provide ad hoc and narrow solutions to concerns raised by their openness to non-certified developers. Most widely used frameworks fail to address serious privacy leaks and provide the user with little insight into application behaviour. To address these shortcomings, we show that declaration-driven frameworks can limit privacy leaks, as well as guide developers, independently from the underlying programming paradigm. To do so, we identify concepts that underlie declaration-driven frameworks and apply them systematically to an object-oriented language, Java and a dynamic functional language, Racket. The resulting programming framework generators are used to develop a prototype mobile application, illustrating how we mitigate a common class of privacy leaks. Finally, we explore the possible design choices and propose development principles for developing domain-specific language compilers to produce frameworks, applicable across a spectrum of programming paradigms. Copyright © 2016 John Wiley & Sons, Ltd.
References
[1]
Taylor RN, Medvidovic N, Dashofy EM. Software Architecture: Foundations, Theory, and Practice. Wiley Publishing: Hoboken, NJ, 2009.
[2]
Fayad M, Schmidt DC. Object-oriented application frameworks. Communications of the ACM 1997; Volume 40 Issue 10: pp.32-38.
[3]
Rogers R, Lombardo J, Mednieks Z, Meike B. Android Application Development: Programming with the Google SDK. O'Reilly: Beijing, China, 2009.
[4]
Snoyman M. Developing Web Applications with Haskell and Yesod. O'Reilly: Sebastopol, CA, 2012.
[5]
Cassou D, Bruneau J, Consel C, Balland E. Toward a tool-based development methodology for pervasive computing applications. IEEE Transactions on Software Engineering 2012; Volume 38 Issue 6: pp.1445-1463.
[6]
Fowler M. Domain-specific Languages. Pearson Education: London, UK, 2010.
[7]
<familyNamePrefix>van</familyNamePrefix>Deursen A, Klint P, Visser J. Domain-specific languages: an annotated bibliography. ACM SIGPLAN Notices 2000; Volume 35 Issue 6: pp.26-36.
[8]
Raymond ES. The Art of UNIX Programming. Pearson Education: London, UK, 2003.
[9]
Spinellis D. Notable design patterns for domain-specific languages. Journal of Systems and Software 2001; Volume 56 Issue 1: pp.91-99.
[10]
Mernik M, Heering J, Sloane AM. When and how to develop domain-specific languages. ACM Computing Surveys 2005; Volume 37 Issue 4: pp.316-344.
[11]
Dalheimer MK. Programming with QT: Writing Portable GUI Applications on Unix and Win32. O'Reilly Media: Sebastopol, CA, 2010.
[12]
Gatti S. A step-wise approach for integrating QoS throughout software development process. Ph.D. Thesis, 2014.
[13]
Enard Q. Development of dependable applications: a design-driven approach. Ph.D. Thesis, 2013.
[14]
Bruneau J, Consel C. Diasim: a simulator for pervasive computing applications. Software: Practice and Experience 2013; Volume 43 Issue 8: pp.885-909.
[15]
Balland E, Consel C. Open platforms: new challenges for software engineering. In Programming Support Innovations for Emerging Distributed Applications, <bookSeriesTitle>PSI EtA '10</bookSeriesTitle>. ACM: New York, NY, USA 2010; pp.3:1-3:4.
[16]
Mark D, LaMarche J. Beginning iPhone Development: Exploring the iPhone SDK. Apress: New York, NY, 2009.
[17]
Feiler J. How to do Everything: Facebook Applications 1st¿edn. McGraw-Hill, Inc.: New York, NY, USA, 2008.
[18]
Wei X, Gomez L, Neamtiu I, Faloutsos M. Permission evolution in the Android ecosystem. In Proceedings of the 28th Annual Computer Security Applications Conference, <bookSeriesTitle>ACSAC '12</bookSeriesTitle>. ACM: New York, NY, USA 2012; pp.31-40.
[19]
Bartel A, Klein J, Le¿Traon Y, Monperrus M. Automatically securing permission-based software by reducing the attack surface: an application to Android. In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, <bookSeriesTitle>ASE 2012</bookSeriesTitle>. ACM: New York, NY, USA 2012; pp.274-277.
[20]
Cassou D, Balland E, Consel C, Lawall J. Leveraging software architectures to guide and verify the development of sense/compute/control applications. In Proceedings of the 33rd International Conference on Software Engineering, <bookSeriesTitle>ICSE '11</bookSeriesTitle>. ACM: New York, NY, USA 2011; pp.431-440.
[21]
Chrome developers. Developing Chrome extensions: declare permissions, 2015. Available from: "https://developer.chrome.com/extensions/declare_permissions" {Accessed: February 2015}.
[22]
Stevens R, Gibler C, Crussell J, Erickson J, Chen H. Investigating user privacy in Android ad libraries. In Workshop on Mobile Security Technologies MoST, 2012.
[23]
Agarwal Y, Hall M. ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing. In Proceeding of the 11th Annual International Conference on Mobile Systems, Applications, and Services, <bookSeriesTitle>MobiSys '13</bookSeriesTitle>. ACM: New York, NY, USA 2013; pp.97-110.
[24]
Tobin-Hochstadt S, Flatt M. Advanced macrology and the implementation of Typed Scheme. In Proceedings of the 8th Workshop on Scheme and Functional Programming. ACM Press: Freiburg, Germany 2007; pp.1-14.
[25]
Cameron N, Noble J. Encoding ownership types in Java. In Objects, Models, Components, Patterns. Springer: Berlin, Germany 2010; pp.271-290.
[26]
Dupuy L, Sauzéon H, Consel C. Perceived needs for assistive technologies in older adults and their caregivers. In womENcourage 2015. ACM: Uppsala, Sweden, 2015.
[27]
Flatt M, PLT. Reference: Racket. Technical Report PLT-TR-2010-1, PLT Design Inc., 2010 ¿ "http://racket-lang.org/tr1/", Version 6.2.1.
[28]
Tobin-Hochstadt S, St-Amour V, Culpepper R, Flatt M, Felleisen M. Languages as libraries. In ACM SIGPLAN Notices. ACM: New York, NY 2011; pp.132-141.
[29]
Flatt M. Submodules in Racket: you want it when, again ? In Proceedings of the 12th International Conference on Generative Programming: Concepts & Experiences, <bookSeriesTitle>GPCE '13</bookSeriesTitle>. ACM: New York, NY, USA 2013; pp.13-22.
[30]
Siek JG, Taha W. Gradual typing for functional languages. In Scheme and Functional Programming Workshop. ACM Press: Portland, OR 2006; pp.81-92.
[31]
Xiao X, Tillmann N, Fähndrich M, de¿Halleux J, Moskal M. User-aware privacy control via extended static information-flow analysis. In Ase, Goedicke M, Menzies T, Saeki M ¿eds.ACM: New York, NY 2012; pp.80-89.
[32]
Horspool RN, Tillmann N. TouchDevelop: programming on the go 3rd'edn., <bookSeriesTitle>The Expert's Voice</bookSeriesTitle>. Apress: New York, NY, 2013. Available at "https://www.touchdevelop.com/docs/book".
[33]
Enck W, Gilbert P, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN. TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones. Communications of the ACM 2014; Volume 57 Issue 3: pp.99-106.
[34]
Elish KO, Yao DD, Ryder BG, Jiang X. A static assurance analysis of Android applications. Virginia Polytechnic Institute and State University, Tech. Rep, 2013.
[35]
Mann C, Starostin A. A framework for static detection of privacy leaks in Android applications. In Proceedings of the 27th Annual ACM Symposium on Applied Computing. ACM: New York, NY 2012; pp.1457-1462.
[36]
Fritz C, Arzt S, Rasthofer S, Bodden E, Bartel A, Klein J, le¿Traon Y, Octeau D, McDaniel P. Highly precise taint analysis for Android applications. Technical Report TUD-CS-2013-0113, EC SPRIDE, 2013.
[37]
Gibler C, Crussel J, Erickson J, Chen H. Androidleaks: detecting privacy leaks in Android applications. Technical Report UC Davis, 2011.
[38]
Mirzaei N, Malek S, Păsăreanu CS, Esfahani N, Mahmood R. Testing Android apps through symbolic execution. SIGSOFT Software Engineering Notes 2012; Volume 37 Issue 6: pp.1-5.
[39]
Park H, Malik A, Salcic Z. Compiling and verifying SC-SystemJ programs for safety-critical reactive systems. Computer Languages, Systems & Structures 2015; Volume 44, Part C: pp.251-282.
[40]
Ben-Ari M. Principles of the Spin Model Checker 1st¿edn. Springer Science & Business Media: Berlin, Germany, 2008.
[41]
Lu L, Li Z, Wu Z, Lee W, Jiang G. CHEX: statically vetting Android apps for component hijacking vulnerabilities. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, <bookSeriesTitle>CCS '12</bookSeriesTitle>. ACM: New York, NY, USA 2012; pp.229-240.
[42]
Chin E, Felt AP, Greenwood K, Wagner D. Analyzing inter-application communication in Android. In Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, <bookSeriesTitle>MobiSys '11</bookSeriesTitle>. ACM: New York, NY, USA 2011; pp.239-252.
[43]
Elish KO, Shu X, Yao D, Ryder BG, Jiang X. Profiling user-trigger dependence for Android malware detection. Computers & Security 2015; Volume 49: pp.255-273.
[44]
Saltzer JH, Schroeder MD. The protection of information in computer systems. Proceedings of the IEEE 1975; Volume 63 Issue 9: pp.1278-1308.
[45]
Biederman EW. Multiple instances of the global Linux namespaces. In Proceedings of the Linux Symposium, vol.¿1: Ottowa, Ontario, Canada 2006; pp.101-112. Available from: "https://www.kernel.org/doc/ols/".
[46]
The LKD. SECure COMPuting with filters, 2015. Online, Available from: "https://www.kernel.org/doc/ Documentation/prctl/seccomp_filter.txt" {Accessed: August 2015}.
[47]
Kim T, Zeldovich N. Practical and effective sandboxing for non-root users. In Usenix Annual Technical Conference. USENIX: San Jose, CA 2013; pp.139-144.
[48]
Hardy N. KeyKOS architecture. SIGOPS Operating Systems Review 1985; Volume 19 Issue 4: pp.8-25.
[49]
Shapiro JS, Smith JM, Farber DJ. EROS: a fast capability system. In Proceedings of the Seventeenth ACM Symposium on Operating Systems Principles, <bookSeriesTitle>SOSP '99</bookSeriesTitle>. ACM: New York, NY, USA 1999; pp.170-185.
[50]
Shapiro JS, Doerrie MS, Northup E, Sridhar S, Miller M. Towards a verified, general-purpose operating system kernel. In Proceedings of the NICTA Formal Methods Workshop on Operating Systems Verification, Klein G ¿ed., <bookSeriesTitle>NICTA Technical Report 0401005T-1</bookSeriesTitle>. National ICT Australia 2004; pp.1-18.
[51]
Watson RNM, Anderson J, Laurie B, Kennaway K. Capsicum: practical capabilities for UNIX. In Proceedings of the USENIX Security Symposium. USENIX: Washington, DC 2010; pp.29-46.
[52]
Levy HM. Capability-based Computer Systems. Butterworth-Heinemann: Newton, MA, USA, 1984.
[53]
Choi K, Chang BM. A lightweight approach to component-level exception mechanism for robust Android apps. Computer Languages, Systems & Structures 2015; Volume 44, Part C: pp.283-298.
[54]
Miller MS. Robust composition: towards a unified approach to access control and concurrency control. Ph.D. Thesis, Baltimore, Maryland, USA, 2006.
[55]
Rees JA. A security kernel based on the lambda-calculus. Ph.D. Thesis, Cambridge, MA, USA, 1995.
[56]
Liu Y, Milanova A. Static analysis for inference of explicit information flow. In Proceedings of the 8th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, <bookSeriesTitle>PASTE '08</bookSeriesTitle>. ACM: New York, NY, USA 2008; pp.50-56.
[57]
Nair SK, Simpson PND, Crispo B, Tanenbaum AS. A virtual machine based information flow control system for policy enforcement. Electronic Notes in Theoretical Computer Science 2008; Volume 197 Issue 1: pp.3-16. Proceedings of the First International Workshop on Run Time Enforcement for Mobile and Distributed Systems REM 2007.
[58]
Mobility + Security Group Universityof E. AppGuarden, 2015. Available from: "http://groups.inf.ed.ac.uk/security/appguarden/Home.html" {Accessed: February 2015}.
[59]
Shivers OG. Control-flow analysis of higher-order languages. Ph.D. Thesis, Carnegie Mellon University, Pittsburgh, PA, USA, 1991.
[60]
Earl C, Sergey I, Might M, Van¿Horn D. Introspective pushdown analysis of higher-order programs. In Proceedings of the 17th ACM SIGPLAN International Conference on Functional Programming, <bookSeriesTitle>ICFP '12</bookSeriesTitle>. ACM: New York, NY, USA 2012; pp.177-188.
Recommendations
Orchestrating masses of sensors: a design-driven development Approach
GPCE '15This paper proposes a design-driven development approach that is dedicated to the domain of orchestration of masses of sensors. The developer declares what an application does using a domain-specific language (DSL). Our compiler processes domain-...
Orchestrating masses of sensors: a design-driven development Approach
GPCE 2015: Proceedings of the 2015 ACM SIGPLAN International Conference on Generative Programming: Concepts and ExperiencesThis paper proposes a design-driven development approach that is dedicated to the domain of orchestration of masses of sensors. The developer declares what an application does using a domain-specific language (DSL). Our compiler processes domain-...
XAspects: an extensible system for domain-specific aspect languages
OOPSLA '03: Companion of the 18th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applicationsCurrent general aspect-oriented programming solutions fall short of helping the problem of separation of concerns for several concern domains. Because of this limitation good solutions for these concern domains do not get used and the opportunity to ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Publisher
John Wiley & Sons, Inc.
United States
Publication History
Published: 01 May 2017
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 31 Dec 2024
Other Metrics
Citations
Cited By
View all- Consel CIssarny VDustdar S(2018)Assistive computingProceedings of the 40th International Conference on Software Engineering: Software Engineering in Society10.1145/3183428.3183431(23-32)Online publication date: 27-May-2018