Functional pearl: Two can keep a secret, if one of them uses Haskell
Paper in proceedings, 2015

For several decades, researchers from different communities have independently focused on protecting confidentiality of data. Two distinct technologies have emerged for such purposes: Mandatory Access Control (MAC) and Information-Flow Control (IFC)—the former belonging to operating systems (OS) research, while the latter to the programming languages community. These approaches restrict how data gets propagated within a system in order to avoid information leaks. In this scenario, Haskell plays a unique privileged role: it is able to protect confidentiality via libraries. This pearl presents a monadic API which statically protects confidentiality even in the presence of advanced features like exceptions, concurrency, and mutable data structures. Additionally, we present a mechanism to safely extend the library with new primitives, where library designers only need to indicate the read and write effects of new operations.

library

security

mandatory access control

information-flow control

Author

Alejandro Russo

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

SIGPLAN Notices (ACM Special Interest Group on Programming Languages)

0362-1340 (ISSN)

Vol. 50 9 280-288

Areas of Advance

Information and Communication Technology

Subject Categories

Electrical Engineering, Electronic Engineering, Information Engineering

Computer Science

Computer Systems

DOI

10.1145/2784731.2784756

ISBN

978-1-4503-3669-7

More information

Created

10/7/2017