User:Osrworkshops

The username Osrworkshops refers to "Online Science Resource Workshops", which is an idea I hope to develop related to sharing scientific ideas, in multi-modal fashion, on the web (including "Semantic" Web). Several meetings were held or are planned about this and related subjects, including several at the Morningside Heights Library near Columbia University in Manhattan.

Currently I am leading an OWASP project called "R/E", which is a new programming language based in part on E, one of the first "security" languages, that is, lanaguages to prioritize writing secure interface layers above less secure code libraries. E was originally written in Java and helped coders encapsulate calls to potentially sentitive operations provides as Java functions. R/E is more directly based on a Common Lisp implementation of E (Kevin Reid, 2005) which maintained the original Java/C-like syntax and continued to work with Java libraries, but used Lisp for underlying language implementation. R/E is written in a mixture of C++ and Common Lisp -- specifically, a new dialect called Clasp (Christian Shameister 2014), which is also written and C++ and designed especially for interfacing with native C/C++/Objective C code, and especially code using LLVM. An important goal of R/E is to encapsulate access to sensitive native libraries, much as E worked with Java code bases. In addition, R/E tries to update the E framework -- and particularly its use of "Capability Oriented Semantics" -- to more directly embrace modern distributed and web environments -- including "Web 3.0" and the "Semantic Web". This includes close language-level integration with Semantic Web data, using Semantic Web resources as potential guides for application security (including, for example, refercing personalized user preferences stored as Semantic Web data), and providing secure "rich client" front-ends to web content, or "hybrid applications", an important "Web 3.0" technology. The R/E project, for example, includes exploring theoretical and practical syntheses of Semantic Web and Capability-Oriented Semantic models. In particular, Capability-Oriented Semantics (which has a long history of being a central concern for Operating System, Central Processor, hardware, and similar low-level security designs) should be promoted as an important security paradigm for high-level languages as well. I will try to provide information and updates about R/E on my Contributions page.

My academic background at the doctoral level at University of Ottawa, Canada focused on cognitive linguistics and philosophy of science; my undergraduate degree was in mathematics and computer science. I am especially interested in the similarities, differences, and overlap between "formal" and "informal" semantics (and the idea that the Semantic Web bridges the two). This includes the relation between computer and natural language, and how analyses of natural language (and the cognitive/conceptual underpinnings of semantic and grammatical processes, such as categorization and building relational mental models) can shed light on effective programming language design, and vice-versa. A good programming language must balance formal predictability, practical expressiveness, and understandability. These qualities are manifested in formal languages differently than in natural language: it is counterproductive, for example, to consider making coding languages easier by mimicking natural language. However, natural linguistics can provide ideas for effective programming language design, especially in areas like type systems and parsing engines.

In my opinion, the Semantic Web opens an entirely new space to explore these interrelations and for language implementation itself, a fundamental rethinking of formal language grammars, semantics, and type system. This includes core representations better suited for security-related static analysis. I have done some academic work on expanded Lambda Calculii appropriate for Semantic Web and Capability-Oriented Semantic models, and the use of Category Theory to study transformations between them (for example, building Semantic Web representations for static analysis becomes a kind of functor between special classes of Lambda-Topological and Graph-Theoretic categories).

I am also interested in scientific computing, science education, and the cognitive foundations of scientific reasoning, including how these may vary across cultures (with potential application to more inclusive science and math education recognizing race, class, gender, and other parameters of social identity in non-reductive ways). In the specific area of code security I strongly believe in prioritizing respect for privacy, awareness of security threats, and sensitivity to the social and economic dimensions of information security, insofar as computer software becomes increasingly enmeshed in many people's everyday lives and acquires a degree of familiarity, habitualitity, and ubiquitousness that can diminish user's sensitivity to security risks. Concepts in scientific computing (like dimensional analysis and range checking) also have applications to security. More narrowly, I am interested in how languages and code which enforces or is affected by security policies can be produced as clearly and efficiently as possible, to ensure the widespread adoption of good security tools and designs.