skip to main content
research-article

HLIO: mixing static and dynamic typing for information-flow control in Haskell

Published:29 August 2015Publication History
Skip Abstract Section

Abstract

Information-Flow Control (IFC) is a well-established approach for allowing untrusted code to manipulate sensitive data without disclosing it. IFC is typically enforced via type systems and static analyses or via dynamic execution monitors. The LIO Haskell library, originating in operating systems research, implements a purely dynamic monitor of the sensitivity level of a computation, particularly suitable when data sensitivity levels are only known at runtime. In this paper, we show how to give programmers the flexibility of deferring IFC checks to runtime (as in LIO), while also providing static guarantees---and the absence of runtime checks---for parts of their programs that can be statically verified (unlike LIO). We present the design and implementation of our approach, HLIO (Hybrid LIO), as an embedding in Haskell that uses a novel technique for deferring IFC checks based on singleton types and constraint polymorphism. We formalize HLIO, prove non-interference, and show how interesting IFC examples can be programmed. Although our motivation is IFC, our technique for deferring constraints goes well beyond and offers a methodology for programmer-controlled hybrid type checking in Haskell.

References

  1. A. Askarov and A. Sabelfeld. Tight enforcement of information-release policies for dynamic languages. In Proceedings of the 22nd IEEE Computer Security Foundations Symposium. IEEE Computer Society, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. T. H. Austin and C. Flanagan. Efficient purely-dynamic information flow analysis. In Proc. ACM Workshop on Programming Languages and Analysis for Security (PLAS), June 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. N. Broberg, B. van Delft, and D. Sands. Paragon for practical programming with information-flow control. In APLAS, volume 8301 of Lecture Notes in Computer Science, pages 217–232. Springer, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. P. Buiras and A. Russo. Lazy programs leak secrets. In Secure IT Systems - 18th Nordic Conference, NordSec 2013, Ilulissat, Greenland, October 18-21, 2013, Proceedings. Springer Verlag, 2013.Google ScholarGoogle Scholar
  5. P. Buiras, A. Levy, D. Stefan, A. Russo, and D. Mazières. A library for removing cache-based attacks in concurrent information flow systems. In Trustworthy Global Computing - 8th International Symposium, TGC 2013, 2013.Google ScholarGoogle Scholar
  6. P. Buiras, D. Stefan, and A. Russo. On flow-sensitive floating-label systems. In Proc. of 27th IEEE Computer Security Foundations Symp., July 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. P. Buiras, D. Vytiniotis, and A. Russo. HLIO: Mixing Static and Dynamic Typing for Information-Flow Control in Haskell (Extended version), 2015. URL http://www.cse.chalmers.se/ ~buiras/hlio/. T. Disney and C. Flanagan. Gradual information flow typing. In Workshop on Script-to-Program Evolution (STOP), 2011.Google ScholarGoogle Scholar
  8. R. A. Eisenberg and S. Weirich. Dependently typed programming with singletons. In Proceedings of the 2012 Haskell Symposium, Haskell ’12, pages 117–130, New York, NY, USA, 2012. ACM. ISBN 978-1-4503- 1574-6.. URL http://doi.acm.org/10.1145/2364506.2364522. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. R. A. Eisenberg, D. Vytiniotis, S. Peyton Jones, and S. Weirich. Closed type families with overlapping equations. In Proc. of the 41st ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, POPL ’14. ACM, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. L. Fennell and P. Thiemann. Gradual security typing with references. In Proceedings of the IEEE 26th Computer Security Foundations Symposium, CSF ’13. IEEE Computer Society, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. C. Flanagan. Hybrid type checking. In Proc. of the 33rd ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, POPL ’06. ACM, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. D. B. Giffin, A. Levy, D. Stefan, D. Terei, D. Mazières, J. Mitchell, and A. Russo. Hails: Protecting data privacy in untrusted web applications. In 10th Symposium on Operating Systems Design and Implementation (OSDI), pages 47–60. USENIX, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. S. T. Hochstadt and M. Felleisen. Interlanguage migration: from scripts to programs. In OOPSLA ’06: Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications. ACM, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. J. Hughes. Generalising monads to arrows. Science of Computer Programming, 37(1–3):67–111, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. M. Jaskelioff and A. Russo. Secure multi-execution in Haskell. In Perspectives of Systems Informatics - 8th International Andrei Ershov Memorial Conference, PSI, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. G. Le Guernic. Automaton-based confidentiality monitoring of concurrent programs. In Computer Security Foundations Symposium, 2007. CSF ’07. 20th IEEE. IEEE Computer Society, 2007.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. G. Le Guernic, A. Banerjee, T. Jensen, and D. A. Schmidt. Automatabased confidentiality monitoring. In Proc. of the 11th Asian Computing Science Conference on Advances in Computer Science: Secure Software and Related Issues, ASIAN’06. Springer-Verlag, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. P. Li and S. Zdancewic. Encoding Information Flow in Haskell. In CSFW’06: Proc. of the 19th IEEE Workshop on Computer Security Foundations. IEEE Computer Society, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. E. Meijer and P. Drayton. Static Typing Where Possible, Dynamic Typing When Needed. Revival of Dynamic Languages, 2005. URL \url{http://research.microsoft.com/\~emeijer/ Papers/RDL04Meijer.pdf}. S. Moore and S. Chong. Static analysis for efficient hybrid informationflow control. In Proc. of the 24th IEEE Computer Security Foundations Symposium. IEEE Press, June 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Trans. on Computer Systems, 9(4):410–442, October 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. A. Nanevski, G. Morrisett, and L. Birkedal. Polymorphism and Separation in Hoare Type Theory. In Proceedings of the Eleventh ACM SIGPLAN International Conference on Functional Programming, ICFP ’06, pages 62–73, New York, NY, USA, 2006. ACM. ISBN 1-59593-309-3.. URL http://doi.acm.org/10.1145/1159803.1159812. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. D. Orchard and T. Schrijvers. Haskell type constraints unleashed. In Lecture Notes in Computer Science, pages 56–71. Springer, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. . URL https://lirias.kuleuven.be/handle/123456789/259608.Google ScholarGoogle Scholar
  24. A. Rastogi, N. Swamy, C. Fournet, G. Bierman, and P. Vekris. Safe and efficient gradual typing for typescript. In In Proc. of the ACM Conference on Principles of Programming Languages (POPL) 2015, Jan. 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. A. Russo and A. Sabelfeld. Dynamic vs. static flow-sensitive security analysis. In Proc. of the 2010 23rd IEEE Computer Security Foundations Symp., CSF ’10, pages 186–199. IEEE Computer Society, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. A. Russo, K. Claessen, and J. Hughes. A library for light-weight information-flow security in Haskell. In Haskell ’08: Proc. of the first ACM SIGPLAN symposium on Haskell, pages 13–24, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1), January 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. A. Sabelfeld and A. Russo. From dynamic to static and back: Riding the roller coaster of information-flow control research. In Proc. Andrei Ershov International Conference on Perspectives of System Informatics, Lecture Notes in Computer Science (LNCS). Springer Verlag, June 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. P. Shroff, S. Smith, and M. Thober. Dynamic Dependency Monitoring to Secure Information Flow. In Proceedings of the 20th IEEE Computer Security Foundations Symposium, CSF ’07. IEEE Computer Society, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. J. G. Siek and W. Taha. Gradual typing for functional languages. In Proc. of Scheme and functional programming workshop. Technical Report. University of Chicago, 2006.Google ScholarGoogle Scholar
  31. V. Simonet. The Flow Caml system. Software release. Located at http: //cristal.inria.fr/~simonet/soft/flowcaml/, July 2003.Google ScholarGoogle Scholar
  32. A. Takikawa, T. S. Strickland, C. Dimoulas, S. Tobin-Hochstadt, and M. Felleisen. Gradual typing for first-class classes. In Proc. of the ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA ’12. ACM, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. D. Terei, S. Marlow, S. P. Jones, and D. Mazières. Safe Haskell. In Proceedings of the 5th Symposium on Haskell, September 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. T. Tsai, A. Russo, and J. Hughes. A library for secure multi-threaded information flow in Haskell. In Computer Security Foundations Symp., 2007. CSF ’07. 20th IEEE, pages 187–202, July 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. S. VanDeBogart, P. Efstathopoulos, E. Kohler, M. Krohn, C. Frey, D. Ziegler, F. Kaashoek, R. Morris, and D. Mazières. Labels and event processes in the Asbestos operating system. ACM Trans. on Computer Systems, 25(4):11:1–43, December 2007. A version appeared in Proc. of the 20th ACM Symp. on Operating System Principles, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. M. M. Vitousek, A. M. Kent, J. G. Siek, and J. Baker. Design and Evaluation of Gradual Typing for Python. In Proc. of the 10th ACM Symposium on Dynamic Languages, DLS ’14. ACM, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. D. Volpano, C. Irvine, and G. Smith. A sound type system for secure flow analysis. Journal of Computer Security, 4(2-3):167–187, Jan. 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. D. Vytiniotis, S. Peyton Jones, and J. P. Magalh˜aes. Equality proofs and deferred type errors: A compiler pearl. In Proceedings of the 17th ACM SIGPLAN International Conference on Functional Programming, ICFP ’12, pages 341–352, New York, NY, USA, 2012. ACM. ISBN 978- 1-4503-1054-3.. URL http://doi.acm.org/10.1145/2364527. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. 2364554.Google ScholarGoogle Scholar
  40. P. Wadler and R. B. Findler. Well-typed programs can’t be blamed. In Proc. of the 18th European Symposium on Programming Languages and Systems: Held As Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009, ESOP ’09. Springer-Verlag, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. B. A. Yorgey, S. Weirich, J. Cretin, S. Peyton Jones, D. Vytiniotis, and J. P. Magalh˜aes. Giving Haskell a Promotion. In Proceedings of the 8th ACM SIGPLAN Workshop on Types in Language Design and Implementation, TLDI ’12, pages 53–66, New York, NY, USA, 2012. ACM. ISBN 978- 1-4503-1120-5.. URL http://doi.acm.org/10.1145/2103786. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. 2103795.Google ScholarGoogle Scholar
  43. N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In Proc. of the 7th Symp. on Operating Systems Design and Implementation, pages 263–278, Seattle, WA, November 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. L. Zheng and A. C. Myers. Dynamic security labels and static information flow. International Journal of Information Security, 6(2–3), 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. HLIO: mixing static and dynamic typing for information-flow control in Haskell

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!