Monad transformers and modular interpreters
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Science of Computer Programming - Special issue on mathematics of program construction
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Information flow inference for ML
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the sixth ACM SIGPLAN international conference on Functional programming
Translating dependency into parametricity
Proceedings of the ninth ACM SIGPLAN international conference on Functional programming
Enforcing security and safety models with an information flow analysis tool
Proceedings of the 2004 annual ACM SIGAda international conference on Ada: The engineering of correct and reliable software for real-time & distributed systems using Ada and related technologies
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Encoding Information Flow in Haskell
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Flexible dynamic information flow control in Haskell
Proceedings of the 4th ACM symposium on Haskell
SAILS: static analysis of information leakage with sample
Proceedings of the 27th Annual ACM Symposium on Applied Computing
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Addressing covert termination and timing channels in concurrent information flow systems
Proceedings of the 17th ACM SIGPLAN international conference on Functional programming
Dependent Type Theory for Verification of Information Flow and Access Control Policies
ACM Transactions on Programming Languages and Systems (TOPLAS)
Encoding secure information flow with restricted delegation and revocation in Haskell
Proceedings of the 1st annual workshop on Functional programming concepts in domain-specific languages
Hi-index | 5.23 |
This paper presents an embedded security sublanguage for enforcing information-flow policies in the standard Haskell programming language. The sublanguage provides useful information-flow control mechanisms including dynamic security lattices, run-time code privileges and declassification all without modifying the base language. This design avoids the redundant work of producing new languages, lowers the threshold for adopting security-typed languages, and also provides great flexibility and modularity for using security-policy frameworks. The embedded security sublanguage is designed using a standard combinator interface called arrows. Computations constructed in the sublanguage have static and explicit control-flow components, making it possible to implement information-flow control using static-analysis techniques at run time, while providing strong security guarantees. This paper presents a formal proof that our embedded sublanguage provides noninterference, a concrete Haskell implementation and an example application demonstrating the proposed techniques.