Search papers, labs, and topics across Lattice.
This paper introduces PurPL, an object-oriented programming language that employs a typestate system to ensure sensitive data is used in compliance with its intended purposes. By allowing the state of data types to dynamically change at runtime, PurPL provides compile-time guarantees that enhance data usage verification, addressing a significant gap in existing literature. Experimental results demonstrate the effectiveness of PurPL's type checker across various programming scenarios involving sensitive data management.
PurPL's typestate system ensures that sensitive data is only used for its intended purposes, dynamically adapting to changes in compliance requirements.
Real-world applications often require verification that sensitive data is being used for their intended purpose. However, existing literature offers limited results regarding compile-time guarantees in this domain. In this paper, we explore the use of typestate to reason about the purpose of data. In typestate, types have a state, which can transition to other states in the style of automata. In our approach, the state of the type of sensitive data is defined as the set of purposes for which the data can be used. This set can grow or shrink at runtime as purposes can be added or removed during execution. In this paper, we have developed PurPL, an object-oriented programming language that features a typestate system that is capable of reasoning about purposes and data usage compliance according to them. We give an overview of PurPL through examples and present a formal type system. We have also implemented PurPL's type checker, and we report on our experiments with type checking various programming scenarios that handle sensitive data.