Flexible dynamic information flow control in Haskell

We describe a new, dynamic, floating-label approach to language-based information flow control, and present an implementation in Haskell. A labeled IO monad, LIO, keeps track of a current label and permits restricted access to IO functionality, while ensuring that the current label exceeds the labels of all data observed and restricts what can be modified. Unlike other language-based work, LIO also bounds the current label with a current clearance that provides a form of discretionary access control. In addition, programs may encapsulate and pass around the results of computations with different labels. We give precise semantics and prove confidentiality and integrity properties of the system.

[1]  John Hughes,et al.  Generalising monads to arrows , 2000, Sci. Comput. Program..

[2]  William L. Harrison,et al.  Achieving information flow security through precise control of effects , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[3]  David Sands,et al.  On flow-sensitive security types , 2006, POPL '06.

[4]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[5]  François Pottier,et al.  Information flow inference for ML , 2002, POPL '02.

[6]  Daniel R. Licata,et al.  Security-typed programming within dependently typed programming , 2010, ICFP '10.

[7]  Dennis Volpano,et al.  Probabilistic noninterference in a concurrent language , 1999 .

[8]  Robert Atkey,et al.  Parameterised notions of computation , 2006, J. Funct. Program..

[9]  Silas Boyd-Wickizer,et al.  Securing Distributed Systems with Information Flow Control , 2008, NSDI.

[10]  Frank Pfenning,et al.  A monadic analysis of information flow security with mutable state , 2005, J. Funct. Program..

[11]  Peng Li,et al.  Arrows for secure information flow , 2010, Theor. Comput. Sci..

[12]  Alejandro Russo,et al.  Dynamic vs. Static Flow-Sensitive Security Analysis , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[13]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[14]  Steve Vandebogart,et al.  Labels and event processes in the Asbestos operating system , 2005, TOCS.

[15]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[16]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[17]  Anindya Banerjee,et al.  Stack-based access control and secure information flow , 2005, J. Funct. Program..

[18]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[19]  David Sands,et al.  Termination-Insensitive Noninterference Leaks More Than Just a Bit , 2008, ESORICS.

[20]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[21]  Koen Claessen,et al.  A library for light-weight information-flow security in haskell , 2008, Haskell '08.

[22]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[23]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[24]  Alejandro Russo,et al.  A Library for Secure Multi-threaded Information Flow in Haskell , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[25]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[26]  John Launchbury,et al.  A natural semantics for lazy evaluation , 1993, POPL '93.

[27]  Peng Li,et al.  Encoding information flow in Haskell , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[28]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[29]  Xavier Leroy,et al.  Security properties of typed applets , 1998, POPL '98.

[30]  Steve Zdancewic,et al.  Translating dependency into parametricity , 2004, ICFP '04.

[31]  Alejandro Russo,et al.  From Dynamic to Static and Back: Riding the Roller Coaster of Information-Flow Control Research , 2009, Ershov Memorial Conference.

[32]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[33]  Dominique Devriese,et al.  Information flow enforcement in monadic libraries , 2011, TLDI '11.

[34]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[35]  David Sands,et al.  Noninterference in the presence of non-opaque pointers , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[36]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[37]  Matthias Felleisen,et al.  The theory and practice of first-class prompts , 1988, POPL '88.