Achieving Information Flow Security through Precise Control of Effects

Authors:
William L. Harrison;James Hook
Affiliations:
University of Missouri;Portland State University
Venue:
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Year:
2005

Citing 0
Cited 10

Programming monads operationally with Unimo

Proceedings of the eleventh ACM SIGPLAN international conference on Functional programming
A library for light-weight information-flow security in haskell

Proceedings of the first ACM SIGPLAN symposium on Haskell
Making monads first-class with template haskell

Proceedings of the first ACM SIGPLAN symposium on Haskell
Model-Driven Engineering from Modular Monadic Semantics: Implementation Techniques Targeting Hardware and Software

DSL '09 Proceedings of the IFIP TC 2 Working Conference on Domain-Specific Languages
Flexible dynamic information flow control in Haskell

Proceedings of the 4th ACM symposium on Haskell
Monad factory: type-indexed monads

TFP'10 Proceedings of the 11th international conference on Trends in functional programming
The essence of multitasking

AMAST'06 Proceedings of the 11th international conference on Algebraic Methodology and Software Technology
Proof abstraction for imperative languages

APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems
Safe haskell

Proceedings of the 2012 Haskell Symposium
Encoding secure information flow with restricted delegation and revocation in Haskell

Proceedings of the 1st annual workshop on Functional programming concepts in domain-specific languages

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper advocates a novel approach to the construction of secure software: controlling information flow and maintaining integrity via monadic encapsulation of effects. This approach is constructive, relying on properties of monads and monad transformers to build, verify, and extend secure software systems. We illustrate this approach by construction of abstract operating systems called separation kernels. Starting from a mathematicalmodel of shared-state concurrency based on monads of resumptions and state, we outline the development by stepwise refinements of separation kernels supporting Unix-like system calls, interdomain communication, and a formally verified security policy (domain separation). Because monads may be easily and safely represented within any pure, higher-order, typed functional language, the resulting system models may be directly realized within a language such as Haskell.