JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Proceedings of the sixth ACM SIGPLAN international conference on Functional programming
Programming languages for information security
Programming languages for information security
Security policies for downgrading
Proceedings of the 11th ACM conference on Computer and communications security
A monadic analysis of information flow security with mutable state
Journal of Functional Programming
Stack-based access control and secure information flow
Journal of Functional Programming
Achieving Information Flow Security through Precise Control of Effects
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Encoding Information Flow in Haskell
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Managing Policy Updates in Security-Typed Languages
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
A Library for Secure Multi-threaded Information Flow in Haskell
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Run-time principals in information-flow type systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Trust Management Approach for Flexible Policy Management in Security-Typed Languages
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
A library for light-weight information-flow security in haskell
Proceedings of the first ACM SIGPLAN symposium on Haskell
Toward an On-Demand Restricted Delegation Mechanism for Grids
GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
Secure Information Flow as a Safety Property
Formal Aspects in Security and Trust
Flow-sensitive semantics for dynamic information flow policies
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Paralocks: role-based information flow control and beyond
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Arrows for secure information flow
Theoretical Computer Science
Restricted delegation and revocation in language-based security: (position paper)
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Information flow enforcement in monadic libraries
Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
Flexible dynamic information flow control in Haskell
Proceedings of the 4th ACM symposium on Haskell
Proceedings of the 4th ACM symposium on Haskell
Flow locks: towards a core calculus for dynamic flow policies
ESOP'06 Proceedings of the 15th European conference on Programming Languages and Systems
Secure multi-execution in haskell
PSI'11 Proceedings of the 8th international conference on Perspectives of System Informatics
Abstractions for usable information flow control in Aeolus
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
A Language Based Security Approach for Securing Map-Reduce Computations in the Cloud
UCC '13 Proceedings of the 2013 IEEE/ACM 6th International Conference on Utility and Cloud Computing
Hi-index | 0.00 |
Distributed applications typically involve many components, each with unique security and privacy requirements. Such applications require fine-grained access control mechanisms that allow dynamic delegation and revocation of access rights. Embedding such domain-specific requirements in a functional language like Haskell puts all the expressiveness of the host language at the disposal of the domain user. Using a custom monad, we design and implement an embedded Haskell library that embraces the decentralized label model, allowing mutually-distrusting principals to express individual confidentiality and integrity policies. Our language includes first-class references, higher-order functions, declassification and endorsement of policies, and user authority in the presence of global unrestricted delegation. Then, building on previous work by the first author, we extend the language to enable fine-grained dynamic delegation and revocation of access rights. The resulting language generalizes, extends, and simplifies various libraries for expressing and reasoning about information flow.