Abstract
Though Haskell is predominantly type-safe, implementations contain a few loopholes through which code can bypass typing and module encapsulation. This paper presents Safe Haskell, a language extension that closes these loopholes. Safe Haskell makes it possible to confine and safely execute untrusted, possibly malicious code. By strictly enforcing types, Safe Haskell allows a variety of different policies from API sandboxing to information-flow control to be implemented easily as monads. Safe Haskell is aimed to be as unobtrusive as possible. It enforces properties that programmers tend to meet already by convention. We describe the design of Safe Haskell and an implementation (currently shipping with GHC) that infers safety for code that lies in a safe subset of the language. We use Safe Haskell to implement an online Haskell interpreter that can securely execute arbitrary untrusted code with no overhead. The use of Safe Haskell greatly simplifies this task and allows the use of a large body of existing code and tools.
- L. Cardelli, J. Donahue, L. Glassman, M. Jordan, B. Kalsow, and G. Nelson. Modula-3 report (revised). In Technical Report. Systems Research Center, Digitical Equipment Corporation, 1989.Google Scholar
- D. Crockford. Adsafe: Making JavaScript safe for advertising. http://adsafe.org/, 2008.Google Scholar
- C. Done. TryHaskell: An interactive tutorial in your browser. http://tryhaskell.org/, 2012.Google Scholar
- ECMA. ECMA-262: ECMAScript Language Specification. Fifth Edition, 2009.Google Scholar
- ECMA. Ses: Secure EcmaScript Language Specification. http://wiki.ecmascript.org/doku.php?id=ses:ses, 2009.Google Scholar
- Facebook. Fbjs (Facebook JavaScript). http://developers.facebook.com/docs/fbjs/, 2012.Google Scholar
- M. Finifter, A. Mettler, N. Sastry, and D.Wagner. Verifiable functional purity in Java. In Computer and Communications Security. ACM, 2008. Google Scholar
Digital Library
- GHC Bug Tracker. Newtypes and type families combine to produce inconsistent fc(x) axiom sets. http://hackage.haskell.org/trac/ghc/ticket/1496, 2007.Google Scholar
- W. Harrison. Achieving information flow security through precise control of effects. In Computer Security Foundations Workshop. IEEE Computer Society, 2005. Google Scholar
Digital Library
- I. Jones. The Haskell cabal, a common architecture for building applications and libraries. In Trends in Functional Programming Symposium, 2005.Google Scholar
- R. Lämmel and S. Peyton Jones. Scrap your boilerplate: a practical design pattern for generic programming. In Types in Languages Design and Implementation Workshop. ACM SIGPLAN, 2003. Google Scholar
Digital Library
- P. Li and S. Zdancewic. Encoding information flow in Haskell. In Computer Security Foundations Workshop. IEEE Computer Society, 2006. Google Scholar
Digital Library
- S. Marlow (editor). Haskell 2010 language report. 2010.Google Scholar
- A. Mettler, D. Wagner, and T. Close. Joe-e: A security-oriented subset of Java. In Network and Distributed System Security Symposium. Internet Society, 2010.Google Scholar
- M. Miller. Robust composition: Towards a unified approach to access control and concurrency control. In Ph.D. Dissertation. Johns Hopkins University, 2006. Google Scholar
Digital Library
- M. Miller, K.-P. Yee, and J. Shapiro. Capability myths demolished. In Technical Report. Johns Hopkins University, 2003.Google Scholar
- M. S. Miller, M. Samuel, B. Laurie, I. Awad, and M. Stay. Caja: Safe active content in sanitized JavaScript. http://code.google.com/p/google-caja/, 2008.Google Scholar
- A. Russo, K. Claessen, and J. Hughes. A library for light-weight information flow security in Haskell. In Haskell Symposium. ACM SIGPLAN, 2008. Google Scholar
Digital Library
- D. Stefan, A. Russo, J. C. Mitchell, and D. Mazières. Flexible dynamic information flow control in Haskell. In Haskell Symposium. ACM SIGPLAN, 2011. Google Scholar
Digital Library
- M. Steigler and M. Miller. How Emily tamed the Caml. In Technical Report HPL-2006-116. HP Laboratories, 2006.Google Scholar
- D. Stewart. Lambdabot. http://hackage.haskell.org/package/lambdabot, 2012.Google Scholar
- M. Stiegler. Emily: A high performance language for enabling secure cooperation. In Creating, Connecting and Collaborating through Computing Conference. IEEE Computer Society, 2007. Google Scholar
Digital Library
- A. Taly, Ú. Erlingsson, J. C. Mitchell, M. S. Miller, and J. Nagra. Automated analysis of security-critical javascript APIs. In Security and Privacy Symposium. IEEE Computer Society, 2011. Google Scholar
Digital Library
- D. Terei and GHC Team. Hackager: A Hackage testing tool. http://hackage.haskell.org/trac/ghc/wiki/HackageTesting, 2012.Google Scholar
- T.-c. Tsai, A. Russo, and J. Hughes. A library for secure multi-threaded information flow in Haskell. In Computer Security Foundations Symposium. IEEE Computer Society, 2007. Google Scholar
Digital Library
- S. Tse and S. Zdancewic. Translating dependency into parametricity. In International Conference on Functional Programming. ACM SIGPLAN, 2004. Google Scholar
Digital Library
- D. Wallach. A new approach to mobile code security. In Ph.D. Dissertation. Princeton University, 1999. Google Scholar
Digital Library
- S. Weirich, D. Vytiniotis, S. Peyton Jones, and S. Zdancewic. Generative type abstraction and type-level computation. In Principles of Programming Languages Symposium. ACM SIGNPLAN, 2011. Google Scholar
Digital Library
Index Terms
Safe haskell
Recommendations
Safe haskell
Haskell '12: Proceedings of the 2012 Haskell SymposiumThough Haskell is predominantly type-safe, implementations contain a few loopholes through which code can bypass typing and module encapsulation. This paper presents Safe Haskell, a language extension that closes these loopholes. Safe Haskell makes it ...
The Intel labs Haskell research compiler
Haskell '13The Glasgow Haskell Compiler (GHC) is a well supported optimizing compiler for the Haskell programming language, along with its own extensions to the language and libraries. Haskell's lazy semantics imposes a runtime model which is in general difficult ...
The Intel labs Haskell research compiler
Haskell '13: Proceedings of the 2013 ACM SIGPLAN symposium on HaskellThe Glasgow Haskell Compiler (GHC) is a well supported optimizing compiler for the Haskell programming language, along with its own extensions to the language and libraries. Haskell's lazy semantics imposes a runtime model which is in general difficult ...







Comments