Behavioural type and effect systems regulate properties such as adherence to object and communication protocols, dynamic security
policies, avoidance of race conditions, and many others. Typically, each system is based on some specific syntax of constraints,
and is checked with an ad hoc solver. Instead, weadvocate types refined with first-order logic formulas as a basis for behavioural
type systems, and general purpose automated theorem provers as an effective means of checking programs. To illustrate this
approach, we define a triple of security-related type systems: for role-based access control, for stack inspection, and for
history-based access control. The three are all instances of a refined state monad. Our semantics allows a precise comparison
of the similarities and differences of these mechanisms. In our examples, the benefit of behavioural type-checking is to rule
out the possibility of unexpected security exceptions, a common problem with code-based access control.
Published in 2010.