Functional pearl: Two can keep a secret, if one of them uses Haskell
Paper i proceeding, 2015

For several decades, researchers from different communities have independently focused on protecting confidentiality of data. Two distinct technologies have emerged for such purposes: Mandatory Access Control (MAC) and Information-Flow Control (IFC)—the former belonging to operating systems (OS) research, while the latter to the programming languages community. These approaches restrict how data gets propagated within a system in order to avoid information leaks. In this scenario, Haskell plays a unique privileged role: it is able to protect confidentiality via libraries. This pearl presents a monadic API which statically protects confidentiality even in the presence of advanced features like exceptions, concurrency, and mutable data structures. Additionally, we present a mechanism to safely extend the library with new primitives, where library designers only need to indicate the read and write effects of new operations.

library

security

mandatory access control

information-flow control

Författare

Alejandro Russo

Chalmers, Data- och informationsteknik, Programvaruteknik

SIGPLAN Notices (ACM Special Interest Group on Programming Languages)

0362-1340 (ISSN)

Vol. 50 280-288

Styrkeområden

Informations- och kommunikationsteknik

Ämneskategorier

Elektroteknik och elektronik

Datavetenskap (datalogi)

Datorsystem

DOI

10.1145/2784731.2784756

ISBN

978-1-4503-3669-7