A Library for Light-Weight Information-Flow Security in Haskell
Journal article, 2009

Protecting confidentiality of data has become increasingly important for computing systems. Information-flow techniques have been developed over the years to achieve that purpose, leading to special-purpose languages that guarantee information-flow security in programs. However, rather than producing a new language from scratch, information-flow security can also be provided as a library. This has been done previously in Haskell using the arrow framework. In this paper, we show that arrows are not necessary to design such libraries and that a less general notion, namely monads, is sufficient to achieve the same goals. We present a monadic library to provide information-flow security for Haskell programs. The library introduces mechanisms to protect confidentiality of data for pure computations, that we then easily, and modularly, extend to include dealing with side-effects. We also present combinators to dynamically enforce different declassification policies when release of information is required in a controlled manner. It is possible to enforce policies related to what, by whom, and when information is released or a combination of them. The well-known concept of monads together with the light-weight characteristic of our approach makes the library suitable to build applications where confidentiality of data is an issue.

model

Information-flow

Languages

Security

Declassification

Monad

Library

Author

Alejandro Russo

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

Koen Lindström Claessen

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

John Hughes

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

SIGPLAN Notices (ACM Special Interest Group on Programming Languages)

07308566 (ISSN)

Vol. 44 2 13-24

Subject Categories

Computer Science

More information

Created

10/7/2017