A Typed Lambda Calculus for Input Sanitation

Abstract

Programmers often wish to validate or sanitize user input. One common approach to this problem is the use of regular expressions. Unvalidated or insufficiently sanitized user input can cause security problems. Therefore, a compile-time guarantee that input sanitation algorithms are implemented and used correctly could ensure the absence of certain sorts of vulnerabilities. This thesis presents $\lcs$, a typed lambda calculus which captures the essential properties necessary to achieve such a guarantee.