Constraining application behaviour by generating languages

TL;DR

This paper presents a method using embedded domain-specific languages in Racket to specify, generate, and enforce operational constraints in mobile applications, enhancing security and developer control.

Contribution

Introducing a novel approach that uses embedded DSLs to generate tailored languages for constrained application development in mobile computing.

Findings

Effective resource access control demonstrated

Reusable inter-component communication layer created

Enhanced developer control and error prevention achieved

Abstract

Writing a platform for reactive applications which enforces operational constraints is difficult, and has been approached in various ways. In this experience report, we detail an approach using an embedded DSL which can be used to specify the structure and permissions of a program in a given application domain. Once the developer has specified which components an application will consist of, and which permissions each one needs, the specification itself evaluates to a new, tailored, language. The final implementation of the application is then written in this specialised environment where precisely the API calls associated with the permissions which have been granted, are made available. Our prototype platform targets the domain of mobile computing, and is implemented using Racket. It demonstrates resource access control (e.g., camera, address book, etc.) and tries to prevent leaking of private data. Racket is shown to be an extremely effective platform for designing new programming languages and their run-time libraries. We demonstrate that this approach allows reuse of an inter-component communication layer, is convenient for the application developer because it provides high-level building blocks to structure the application, and provides increased control to the platform owner, preventing certain classes of errors by the developer.