research-article

Functional pearl: two can keep a secret, if one of them uses Haskell

Author:

Alejandro RussoAuthors Info & Claims

ICFP 2015: Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming

Pages 280 - 288

https://doi.org/10.1145/2784731.2784756

Published: 29 August 2015 Publication History

Get Access

Abstract

For several decades, researchers from different communities have independently focused on protecting confidentiality of data. Two distinct technologies have emerged for such purposes: Mandatory Access Control (MAC) and Information-Flow Control (IFC)—the former belonging to operating systems (OS) research, while the latter to the programming languages community. These approaches restrict how data gets propagated within a system in order to avoid information leaks. In this scenario, Haskell plays a unique privileged role: it is able to protect confidentiality via libraries. This pearl presents a monadic API which statically protects confidentiality even in the presence of advanced features like exceptions, concurrency, and mutable data structures. Additionally, we present a mechanism to safely extend the library with new primitives, where library designers only need to indicate the read and write effects of new operations.

References

[1]

Information flow enforcement in monadic libraries. Proc. of the ACM SIGPLAN workshop on types in language design and implementation (TLDI ’11). ACM. Eisenberg, R. A., Vytiniotis, D., Peyton Jones, S., & Weirich, S. (2014).

Digital Library

Google Scholar

[2]

Closed type families with overlapping equations. Proc. of the ACM SIGPLAN-SIGACT symposium on principles of programming languages (POPL ’14). ACM. Goguen, J.A., & Meseguer, J. (1982). Security policies and security models. Proc of IEEE Symposium on security and privacy. IEEE Computer Society. Hedin, D., Birgisson, A., Bello, L., & Sabelfeld, A. (2014).

Digital Library

Google Scholar

[3]

JSFlow: Tracking information flow in JavaScript and its APIs. Proc. of the ACM symposium on applied computing (SAC ’14). ACM. Hritcu, C., Greenberg, M., Karel, B., Peirce, B. C., & Morrisett, G. (2013).

Digital Library

Google Scholar

[4]

All your IFCexception are belong to us. Proc. of the IEEE symposium on security and privacy. IEEE Computer Society. Lampson, B. W. (1973). A note on the confinement problem. Communications of the ACM, 16(10). Li, P., & Zdancewic, S. (2006). Encoding information flow in Haskell. Proc. of the IEEE Workshop on computer security foundations (CSFW ’06). IEEE Computer Society. Myers, A. C., & Liskov, B. (1998). Complete, safe information flow with decentralized labels. Proc. of the IEEE symposium on security and privacy. IEEE Computer Society. Myers, A. C., Zheng, L., Zdancewic, S., Chong, S., & Nystrom, N. (2001).

Digital Library

Google Scholar

[5]

Safe Haskell. Proc. of the ACM SIGPLAN Haskell symposium (HASKELL ’11). ACM. Tsai, T. C., Russo, A., & Hughes, J. 2007 (July). A library for secure multithreaded information flow in Haskell. Proc. IEEE computer security foundations symposium (CSF ’07).

Google Scholar

Cited By

View all

Lamba ATaylor MBeardsley VBambeck JBond MLin Z(2024)Cocoon: Static Information Flow Control in RustProceedings of the ACM on Programming Languages10.1145/36498178:OOPSLA1(166-193)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649817
Bond EHeimerdinger M(2023)Curbing the Vulnerable Parser: Graded Modal Guardrails for Secure Input Handling2023 IEEE Secure Development Conference (SecDev)10.1109/SecDev56634.2023.00027(126-132)Online publication date: 18-Oct-2023
https://doi.org/10.1109/SecDev56634.2023.00027
Guria SVazou NGuarnieri MParker JJhala RDillig I(2022)ANOSY: approximated knowledge synthesis with refinement types for declassificationProceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3519939.3523725(15-30)Online publication date: 9-Jun-2022
https://dl.acm.org/doi/10.1145/3519939.3523725
Show More Cited By

Index Terms

Functional pearl: two can keep a secret, if one of them uses Haskell
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language features
      2. Language types
        Functional languages

Recommendations

Functional pearl: two can keep a secret, if one of them uses Haskell
ICFP '15

For several decades, researchers from different communities have independently focused on protecting confidentiality of data. Two distinct technologies have emerged for such purposes: Mandatory Access Control (MAC) and Information-Flow Control (IFC)—...
Configuring role-based access control to enforce mandatory and discretionary access control policies

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
Encoding secure information flow with restricted delegation and revocation in Haskell
FPCDSL '13: Proceedings of the 1st annual workshop on Functional programming concepts in domain-specific languages

Distributed applications typically involve many components, each with unique security and privacy requirements. Such applications require fine-grained access control mechanisms that allow dynamic delegation and revocation of access rights. Embedding ...

Comments

Information & Contributors

Information

Published In

ICFP 2015: Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming

August 2015

436 pages

ISBN:9781450336697

DOI:10.1145/2784731

General Chair:
Kathleen Fisher
Tufts University, USA
,
Program Chair:
John Reppy
University of Chicago, USA

ACM SIGPLAN Notices Volume 50, Issue 9
ICFP '15
September 2015
436 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2858949
Editor:
Andy Gill
University of Kansas, Lawrence, KS
Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 August 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Barbro Osher Pro Suecia Foundation
Vetenskapsrådet
Defense Advanced Research Projects Agency

Conference

ICFP'15

Sponsor:

SIGPLAN

ICFP'15: 20th ACM SIGPLAN International Conference on Functional Programming

August 31 - September 2, 2015

BC, Vancouver, Canada

Acceptance Rates

Overall Acceptance Rate 333 of 1,064 submissions, 31%

Upcoming Conference

ICFP '25

Sponsor:
sigplan

ACM SIGPLAN International Conference on Functional Programming

October 12 - 18, 2025

Singapore , Singapore

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

24
Total Citations
View Citations
360
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)3

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lamba ATaylor MBeardsley VBambeck JBond MLin Z(2024)Cocoon: Static Information Flow Control in RustProceedings of the ACM on Programming Languages10.1145/36498178:OOPSLA1(166-193)Online publication date: 29-Apr-2024
https://dl.acm.org/doi/10.1145/3649817
Bond EHeimerdinger M(2023)Curbing the Vulnerable Parser: Graded Modal Guardrails for Secure Input Handling2023 IEEE Secure Development Conference (SecDev)10.1109/SecDev56634.2023.00027(126-132)Online publication date: 18-Oct-2023
https://doi.org/10.1109/SecDev56634.2023.00027
Guria SVazou NGuarnieri MParker JJhala RDillig I(2022)ANOSY: approximated knowledge synthesis with refinement types for declassificationProceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3519939.3523725(15-30)Online publication date: 9-Jun-2022
https://dl.acm.org/doi/10.1145/3519939.3523725
Renner JSanchez-Stern ABrown FLerner SStefan DFreund SYahav E(2021)Scooter & Sidecar: a domain-specific approach to writing secure database migrationsProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454072(710-724)Online publication date: 19-Jun-2021
https://dl.acm.org/doi/10.1145/3453483.3454072
Lobo-Vesga ERusso AGaboardi M(2021)A Programming Language for Data Privacy with Accuracy EstimationsACM Transactions on Programming Languages and Systems10.1145/345209643:2(1-42)Online publication date: 8-Jun-2021
https://dl.acm.org/doi/10.1145/3452096
Gregersen SBay JTimany ABirkedal L(2021)Mechanized logical relations for termination-insensitive noninterferenceProceedings of the ACM on Programming Languages10.1145/34342915:POPL(1-29)Online publication date: 4-Jan-2021
https://dl.acm.org/doi/10.1145/3434291
Gissurarson MMista AStoughton AVassena M(2020)Short Paper: Weak Runtime-Irrelevant Typing for SecurityProceedings of the 15th Workshop on Programming Languages and Analysis for Security10.1145/3411506.3417595(13-17)Online publication date: 13-Nov-2020
https://dl.acm.org/doi/10.1145/3411506.3417595
Valliappan NKrook RRusso AClaessen KSchrijvers T(2020)Towards secure IoT programming in HaskellProceedings of the 13th ACM SIGPLAN International Symposium on Haskell10.1145/3406088.3409027(136-150)Online publication date: 27-Aug-2020
https://dl.acm.org/doi/10.1145/3406088.3409027
Serrano ACorpa FSchrijvers T(2020)Describing microservices using modern Haskell (experience report)Proceedings of the 13th ACM SIGPLAN International Symposium on Haskell10.1145/3406088.3409018(1-8)Online publication date: 27-Aug-2020
https://dl.acm.org/doi/10.1145/3406088.3409018
Lobo-Vesga ERusso AGaboardi M(2020)A Programming Framework for Differential Privacy with Accuracy Concentration Bounds2020 IEEE Symposium on Security and Privacy (SP)10.1109/SP40000.2020.00086(411-428)Online publication date: May-2020
https://doi.org/10.1109/SP40000.2020.00086
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Functional pearl: two can keep a secret, if one of them uses Haskell

Configuring role-based access control to enforce mandatory and discretionary access control policies

Encoding secure information flow with restricted delegation and revocation in Haskell