Flexible dynamic information flow control in Haskell

Authors:
Deian Stefan;Alejandro Russo;John C. Mitchell;David Mazières
Affiliations:
Stanford University, Stanford, CA, USA;Chalmers University of Technology, Gothenburg, Sweden;Stanford University, Stanford, CA, USA;Stanford University, Stanford, CA, USA
Venue:
Proceedings of the 4th ACM symposium on Haskell
Year:
2011

Citing 29
Cited 8

The theory and practice of first-class prompts

POPL '88 Proceedings of the 15th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A natural semantics for lazy evaluation

POPL '93 Proceedings of the 20th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A decentralized model for information flow control

Proceedings of the sixteenth ACM symposium on Operating systems principles
The SLam calculus: programming with secrecy and integrity

POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Security properties of typed applets

POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A core calculus of dependency

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Generalising monads to arrows

Science of Computer Programming - Special issue on mathematics of program construction
Probabilistic noninterference in a concurrent language

Journal of Computer Security
Formal Models for Computer Security

ACM Computing Surveys (CSUR)
Certification of programs for secure information flow

Communications of the ACM
A lattice model of secure information flow

Communications of the ACM
Protecting privacy using the decentralized label model

ACM Transactions on Software Engineering and Methodology (TOSEM)
Information flow inference for ML

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Translating dependency into parametricity

Proceedings of the ninth ACM SIGPLAN international conference on Functional programming
A monadic analysis of information flow security with mutable state

Journal of Functional Programming
Stack-based access control and secure information flow

Journal of Functional Programming
Achieving Information Flow Security through Precise Control of Effects

CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Labels and event processes in the asbestos operating system

Proceedings of the twentieth ACM symposium on Operating systems principles
On flow-sensitive security types

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Encoding Information Flow in Haskell

CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Noninterference in the Presence of Non-Opaque Pointers

CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Termination-Insensitive Noninterference Leaks More Than Just a Bit

ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Arrows for secure information flow

Theoretical Computer Science
Dynamic vs. Static Flow-Sensitive Security Analysis

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Security-typed programming within dependently typed programming

Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
Information flow enforcement in monadic libraries

Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
From dynamic to static and back: riding the roller coaster of information-flow control research

PSI'09 Proceedings of the 7th international Andrei Ershov Memorial conference on Perspectives of Systems Informatics
Parameterised notions of computation

MSFP'06 Proceedings of the 2006 international conference on Mathematically Structured Functional Programming
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Disjunction category labels

NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Safe haskell

Proceedings of the 2012 Haskell Symposium
Addressing covert termination and timing channels in concurrent information flow systems

Proceedings of the 17th ACM SIGPLAN international conference on Functional programming
Hails: protecting data privacy in untrusted web applications

OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Toward principled browser security

HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Testing noninterference, quickly

Proceedings of the 18th ACM SIGPLAN international conference on Functional programming
Encoding secure information flow with restricted delegation and revocation in Haskell

Proceedings of the 1st annual workshop on Functional programming concepts in domain-specific languages
A verified information-flow architecture

Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe a new, dynamic, floating-label approach to language-based information flow control, and present an implementation in Haskell. A labeled IO monad, LIO, keeps track of a current label and permits restricted access to IO functionality, while ensuring that the current label exceeds the labels of all data observed and restricts what can be modified. Unlike other language-based work, LIO also bounds the current label with a current clearance that provides a form of discretionary access control. In addition, programs may encapsulate and pass around the results of computations with different labels. We give precise semantics and prove confidentiality and integrity properties of the system.