MAC, A Verified Static Information-Flow Control Library
The programming language Haskell plays a unique, privileged role in
information-flow control (IFC) research: it is able to enforce
information security via libraries.
Many state-of-the-art IFC libraries (e.g., LIO and HLIO) support a variety
of advanced features like mutable data structures, exceptions,
and mutable references and
concurrency, whose subtle interaction makes verification of security guarantees
In this work, we focus on MAC, a statically-enforced IFC library
In MAC, like other IFC libraries, computations have a well-established
algebraic structure for computations (i.e., monads) responsable to manipulate
labeled values---values coming from an abstract data type which
associates a sensitivity label to a piece of information.
In this work, we enrich labeled values with a functor structure
and provide an applicative functor operator which encourages a
more functional programming style and simplifies code.
Furthermore, we present a full-fledged, mechanically-verified model of
Specifically, we show progress-insensitive noninterference for our sequential
calculus and pinpoint sufficient requirements on the scheduler to prove
progress-sensitive noninterference for our concurrent calculus.
For that, we study the security guarantees of MAC using term erasure,
a proof technique that ensures that the same public output should be produced if
secrets are erased before or after program execution.
As another contribution, we extend term erasure with two-steps
erasure, a flexible novel technique that greatly simplifies the
noninterference proof and helps to prove many advanced features of