A Library for Light-Weight Information-Flow Security in Haskell
Paper in proceeding, 2008

Protecting confidentiality of data has become increasingly important for computing systems. Information-flow techniques have been developed over the years to achieve that purpose, leading to special-purpose languages that guarantee information-flow security in programs. However, rather than producing a new language from scratch, information-flow security can also be provided as a library. This has been done previously in Haskell using the arrow framework. In this paper, we show that arrows are not necessary to design such libraries and that a less general notion, namely monads, is sufficient to achieve the same goals. We present a monadic library to provide information-flow security for Haskell programs. The library introduces mechanisms to protect confidentiality of data for pure computations, that we then easily, and modularly, extend to include dealing with side-effects. We also present combinators to dynamically enforce different declassification policies when release of information is required in a controlled manner. It is possible to enforce policies related to what, by whom, when information is released or a combination of them. The well-known concept of monads together with the light-weight characteristic of our approach makes the library suitable to build applications where confidentiality of data is an issue.

Declassification

Monad

Library

Information-flow

Security

Author

Alejandro Russo

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

Koen Lindström Claessen

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

John Hughes

Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)

1st ACM SIGPLAN Haskell Symposium, Haskell'08; Victoria, BC; Canada; 25 September 2008 through 25 September 2008

13-24

Subject Categories

Software Engineering

Computer Science

DOI

10.1145/1411286.1411289

More information

Latest update

2/1/2022 1