Abstract
We describe a new, dynamic, floating-label approach to language-based information flow control, and present an implementation in Haskell. A labeled IO monad, LIO, keeps track of a current label and permits restricted access to IO functionality, while ensuring that the current label exceeds the labels of all data observed and restricts what can be modified. Unlike other language-based work, LIO also bounds the current label with a current clearance that provides a form of discretionary access control. In addition, programs may encapsulate and pass around the results of computations with different labels. We give precise semantics and prove confidentiality and integrity properties of the system.
Supplemental Material
- M. Abadi, A. Banerjee, N. Heintze, and J. Riecke. A Core Calculus of Dependency. In Proc. ACM Symp. on Principles of Programming Languages, pages 147--160, Jan. 1999. Google Scholar
Digital Library
- A. Askarov, S. Hunt, A. Sabelfeld, and D. Sands. Terminationinsensitive noninterference leaks more than just a bit. In Proc. of the 13th European Symp. on Research in Computer Security, pages 333--348. Springer-Verlag, 2008. Google Scholar
Digital Library
- R. Atkey. Parameterised notions of computation. In Workshop on mathematically structured functional programming, ed. Conor McBride and Tarmo Uustalu. Electronic Workshops in Computing, British Computer Society, pages 31--45, 2006. Google Scholar
Digital Library
- A. Banerjee and D. Naumann. Stack-based access control and secure information flow. Journal of Functional Programming, 15(02):131--177, 2005. Google Scholar
Digital Library
- D. E. Bell and L. L. Padula. Secure computer system: Unified exposition and multics interpretation. Technical Report MTR-2997, Rev. 1, MITRE Corp., Bedford, MA, March 1976.Google Scholar
Cross Ref
- K. J. Biba. Integrity considerations for secure computer systems. ESDTR-76--372, 1977.Google Scholar
- T. chung Tsai, A. Russo, and J. Hughes. A library for secure multithreaded information flow in Haskell, July 2007.Google Scholar
- K. Crary, A. Kliger, and F. Pfenning. A monadic analysis of information flow security with mutable state. Journal of Functional Programming, 15:249--291, March 2005. Google Scholar
Digital Library
- D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236--243, May 1976. Google Scholar
Digital Library
- D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Communications of the ACM, 20(7):504--513, 1977. Google Scholar
Digital Library
- Trusted Computer System Evaluation Criteria (Orange Book). Department of Defense, DoD 5200.28-STD edition, December 1985.Google Scholar
- D. Devriese and F. Piessens. Information flow enforcement in monadic libraries. In Proc. of the 7th ACM SIGPLAN Workshop on Types in Language Design and Implementation, New York, NY, USA, 2011. ACM. Google Scholar
Digital Library
- P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazieres, F. Kaashoek, and R. Morris. Labels and event processes in the Asbestos operating system, October 2005.Google Scholar
- M. Felleisen. The theory and practice of first-class prompts. In Proc. of the 15th ACM SIGPLAN-SIGACT Symp. on Principles of programming languages, pages 180--190. ACM, 1988. Google Scholar
Digital Library
- J. Goguen and J. Meseguer. Security policies and security models, April 1982.Google Scholar
- W. L. Harrison. Achieving information flow security through precise control of effects. In In 18th IEEE Computer Security Foundations Workshop, pages 16--30. IEEE Computer Society, 2005. Google Scholar
Digital Library
- D. Hedin and D. Sands. Noninterference in the presence of nonopaque pointers. In Proc. of the 19th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, 2006. Google Scholar
Digital Library
- N. Heintze and J. G. Riecke. The SLam calculus: programming with secrecy and integrity. In Proc. ACM Symp. on Principles of Programming Languages, pages 365--377, Jan. 1998. Google Scholar
Digital Library
- J. Hughes. Generalising monads to arrows. Science of Computer Programming, 37(1-3):67--111, 2000. Google Scholar
Digital Library
- S. Hunt and D. Sands. On flow-sensitive security types. In Conference record of the 33rd ACM SIGPLAN-SIGACT Symp. on Principles of programming languages, POPL '06, pages 79--90. ACM, 2006. Google Scholar
Digital Library
- M. Krohn, A. Yip, M. Brodsky, N. Cliffer, M. F. Kaashoek, E. Kohler, and R. Morris. Information flow control for standard OS abstractions, October 2007.Google Scholar
- C. E. Landwehr. Formal models for computer security. Computing Survels, 13(3):247--278, September 1981. Google Scholar
Digital Library
- J. Launchbury. A natural semantics for lazy evaluation. In Proc. of the 20th ACM SIGPLAN-SIGACT Symp. on Principles of programming languages, pages 144--154. ACM, 1993. Google Scholar
Digital Library
- X. Leroy and F. Rouaix. Security properties of typed applets. In Proc. of the 25th ACM SIGPLAN-SIGACT Symp. on Principles of programming languages, pages 391--403. ACM, 1998. Google Scholar
Digital Library
- P. Li and S. Zdancewic. Encoding Information Flow in Haskell. In CSFW '06: Proc. of the 19th IEEE Workshop on Computer Security Foundations. IEEE Computer Society, 2006. Google Scholar
Digital Library
- P. Li and S. Zdancewic. Arrows for secure information flow. Theoretical Computer Science, 411(19):1974--1994, 2010. Google Scholar
Digital Library
- J. Morgenstern and D. R. Licata. Security-typed programming within dependently typed programming. In Proc. of the 15th ACM SIGPLAN International Conference on Functional Programming, ICFP '10. ACM, 2010. Google Scholar
Digital Library
- A. C. Myers and B. Liskov. A decentralized model for information flow control. In Proc. of the 16th ACM Symp. on Operating Systems Principles, pages 129--142, 1997. Google Scholar
Digital Library
- A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Trans. on Computer Systems, 9(4):410--442, October 2000. Google Scholar
Digital Library
- F. Pottier and V. Simonet. Information flow inference for ML. In Proc. ACM Symp. on Principles of Programming Languages, pages 319--330, Jan. 2002. Google Scholar
Digital Library
- A. Russo and A. Sabelfeld. Dynamic vs. static flow-sensitive security analysis. In Proc. of the 2010 23rd IEEE Computer Security Foundations Symp., CSF '10, pages 186--199. IEEE Computer Society, 2010. Google Scholar
Digital Library
- A. Russo, K. Claessen, and J. Hughes. A library for light-weight information-flow security in Haskell, 2008.Google Scholar
- A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1), January 2003. Google Scholar
Digital Library
- A. Sabelfeld and A. Russo. From dynamic to static and back: Riding the roller coaster of information-flow control research. In Proc. Andrei Ershov International Conference on Perspectives of System Informatics, June 2009. Google Scholar
Digital Library
- V. Simonet. The Flow Caml system. Software release. Located at http://cristal.inria.fr/~simonet/soft/flowcaml/, July 2003.Google Scholar
- S. Tse and S. Zdancewic. Translating dependency into parametricity. In Proc. of the Ninth ACM SIGPLAN International Conference on Functional Programming. ACM, 2004. Google Scholar
Digital Library
- S. VanDeBogart, P. Efstathopoulos, E. Kohler, M. Krohn, C. Frey, D. Ziegler, F. Kaashoek, R. Morris, and D.Mazi`eres. Labels and event processes in the Asbestos operating system. ACM Trans. on Computer Systems, 25(4):11:1--43, December 2007. A version appeared in Proc. of the 20th ACM Symp. on Operating System Principles, 2005. Google Scholar
Digital Library
- D. Volpano and G. Smith. Probabilistic noninterference in a concurrent language. J. Computer Security, 7(2--3), Nov. 1999. Google Scholar
Digital Library
- N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazieres. Making information flow explicit in HiStar, November 2006.Google Scholar
- N. Zeldovich, S. Boyd-Wickizer, and D. Mazieres. Securing distributed systems with information flow control, April 2008.Google Scholar
Index Terms
Flexible dynamic information flow control in Haskell
Recommendations
A library for light-weight information-flow security in haskell
Haskell '08: Proceedings of the first ACM SIGPLAN symposium on HaskellProtecting confidentiality of data has become increasingly important for computing systems. Information-flow techniques have been developed over the years to achieve that purpose, leading to special-purpose languages that guarantee information-flow ...
Flexible dynamic information flow control in Haskell
Haskell '11: Proceedings of the 4th ACM symposium on HaskellWe describe a new, dynamic, floating-label approach to language-based information flow control, and present an implementation in Haskell. A labeled IO monad, LIO, keeps track of a current label and permits restricted access to IO functionality, while ...
Encoding secure information flow with restricted delegation and revocation in Haskell
FPCDSL '13: Proceedings of the 1st annual workshop on Functional programming concepts in domain-specific languagesDistributed applications typically involve many components, each with unique security and privacy requirements. Such applications require fine-grained access control mechanisms that allow dynamic delegation and revocation of access rights. Embedding ...







Comments