Encoding information flow in Haskell

Author

Li, Peng ; Zdancewic, Steve

Author_Institution

Univ. of Pennsylvania, Philadelphia, PA

fYear

0

fDate

0-0 0

Lastpage

16

Abstract

This paper presents an embedded security sublanguage for enforcing information-flow policies in the standard Haskell programming language. The sublanguage provides useful information-flow control mechanisms including dynamic security lattices, run-time code privileges and declassification, without modifying the base language. This design avoids the redundant work of producing new languages, lowers the threshold for adopting security-typed languages, and also provides great flexibility and modularity for using security-policy frameworks. The embedded security sublanguage is designed using a standard combinator interface called arrows. Computations constructed in the sublanguage have static and explicit control-flow components, making it possible to implement information-flow control using static-analysis techniques at run time, while providing strong security guarantees. This paper presents a concrete Haskell implementation and an example application demonstrating the proposed techniques

Keywords

data flow analysis; functional languages; security of data; dynamic security lattices; embedded security sublanguage; explicit control-flow component; information flow control; information flow encoding; run time static analysis; run-time code declassification; run-time code privileges; security-policy frameworks; security-typed languages; standard Haskell programming language; static control-flow component; Computer languages; Computer security; Concrete; Costs; Data security; Encoding; Information security; Lattices; Programming profession; Runtime;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations Workshop, 2006. 19th IEEE

Conference_Location

Venice

ISSN

1063-6900

Print_ISBN

0-7695-2615-2

Type

conf

DOI

10.1109/CSFW.2006.13

Filename

1648705