Integrity of intention (a theory of types for security APIs)

The task of a security API is to allow users to process data and key material according to the designer's intentions, and to prevent any malicious sequence of commands from violating these intentions. Security APIs do this by attaching metadata to keys and data – type information – to record acceptable usage policy, which is checked by individual API commands in order to approve or deny a particular manipulation. But what actually is type information? This paper proposes a conceptual framework for understanding cryptographic type, and how it maintains the integrity of the designer's intentions in an API. We describe four core conceptual components of type: form, use, role and domain. We compare our model to real-life security APIs, and argue that designing new systems within the bounds of the model improves safety, eliminating many common security issues.