A Library for Light-Weight Information-Flow Security in Haskell
Paper i proceeding, 2008

Protecting confidentiality of data has become increasingly important for computing systems. Information-flow techniques have been developed over the years to achieve that purpose, leading to special-purpose languages that guarantee information-flow security in programs. However, rather than producing a new language from scratch, information-flow security can also be provided as a library. This has been done previously in Haskell using the arrow framework. In this paper, we show that arrows are not necessary to design such libraries and that a less general notion, namely monads, is sufficient to achieve the same goals. We present a monadic library to provide information-flow security for Haskell programs. The library introduces mechanisms to protect confidentiality of data for pure computations, that we then easily, and modularly, extend to include dealing with side-effects. We also present combinators to dynamically enforce different declassification policies when release of information is required in a controlled manner. It is possible to enforce policies related to what, by whom, when information is released or a combination of them. The well-known concept of monads together with the light-weight characteristic of our approach makes the library suitable to build applications where confidentiality of data is an issue.

Declassification

Monad

Library

Information-flow

Security

Författare

Alejandro Russo

Chalmers, Data- och informationsteknik, Datavetenskap

Koen Lindström Claessen

Chalmers, Data- och informationsteknik, Datavetenskap

John Hughes

Chalmers, Data- och informationsteknik, Datavetenskap

1st ACM SIGPLAN Haskell Symposium, Haskell'08; Victoria, BC; Canada; 25 September 2008 through 25 September 2008

13-24

Ämneskategorier

Programvaruteknik

Datavetenskap (datalogi)

DOI

10.1145/1411286.1411289

Mer information

Senast uppdaterat

2022-02-01