Title :
Encoding information flow in Haskell
Author :
Li, Peng ; Zdancewic, Steve
Author_Institution :
Univ. of Pennsylvania, Philadelphia, PA
Abstract :
This paper presents an embedded security sublanguage for enforcing information-flow policies in the standard Haskell programming language. The sublanguage provides useful information-flow control mechanisms including dynamic security lattices, run-time code privileges and declassification, without modifying the base language. This design avoids the redundant work of producing new languages, lowers the threshold for adopting security-typed languages, and also provides great flexibility and modularity for using security-policy frameworks. The embedded security sublanguage is designed using a standard combinator interface called arrows. Computations constructed in the sublanguage have static and explicit control-flow components, making it possible to implement information-flow control using static-analysis techniques at run time, while providing strong security guarantees. This paper presents a concrete Haskell implementation and an example application demonstrating the proposed techniques
Keywords :
data flow analysis; functional languages; security of data; dynamic security lattices; embedded security sublanguage; explicit control-flow component; information flow control; information flow encoding; run time static analysis; run-time code declassification; run-time code privileges; security-policy frameworks; security-typed languages; standard Haskell programming language; static control-flow component; Computer languages; Computer security; Concrete; Costs; Data security; Encoding; Information security; Lattices; Programming profession; Runtime;
Conference_Titel :
Computer Security Foundations Workshop, 2006. 19th IEEE
Conference_Location :
Venice
Print_ISBN :
0-7695-2615-2
DOI :
10.1109/CSFW.2006.13
