Flexible dynamic information flow control in Haskell

Flexible dynamic information flow control in Haskell
Delan Stefan, Alejandro Russo, John C. Mitchell, David Mazières

Citation
Delan Stefan, Alejandro Russo, John C. Mitchell, David Mazières. "Flexible dynamic information flow control in Haskell". Proceedings of the 4th ACM symposium on Haskell, 2011.

Abstract
We describe a new, dynamic, floating-label approach to language-based information flow control, and present an implementation in Haskell. A labeled IO monad, LIO, keeps track of a current label and permits restricted access to IO functionality, while ensuring that the current label exceeds the labels of all data observed and restricts what can be modified. Unlike other language-based work, LIO also bounds the current label with a current clearance that provides a form of discretionary access control. In addition, programs may encapsulate and pass around the results of computations with different labels. We give precise semantics and prove confidentiality and integrity properties of the system.

Electronic downloads

http://dl.acm.org/citation.cfm?doid=2096148.2034688

Citation formats

HTML

Delan Stefan, Alejandro Russo, John C. Mitchell, David
MaziÃ¨res. <a
href="http://www.truststc.org/pubs/889.html"
>Flexible dynamic information flow control in
Haskell</a>, Proceedings of the 4th ACM symposium on
Haskell, 2011.

Plain text

Delan Stefan, Alejandro Russo, John C. Mitchell, David
MaziÃ¨res. "Flexible dynamic information
flow control in Haskell". Proceedings of the 4th ACM
symposium on Haskell, 2011.

BibTeX

@inproceedings{StefanRussoMitchellMazires11_FlexibleDynamicInformationFlowControlInHaskell,
    author = {Delan Stefan and Alejandro Russo and John C.
              Mitchell and David MaziÃ¨res},
    title = {Flexible dynamic information flow control in
              Haskell},
    booktitle = {Proceedings of the 4th ACM symposium on Haskell},
    year = {2011},
    abstract = {We describe a new, dynamic, floating-label
              approach to language-based information flow
              control, and present an implementation in Haskell.
              A labeled IO monad, LIO, keeps track of a current
              label and permits restricted access to IO
              functionality, while ensuring that the current
              label exceeds the labels of all data observed and
              restricts what can be modified. Unlike other
              language-based work, LIO also bounds the current
              label with a current clearance that provides a
              form of discretionary access control. In addition,
              programs may encapsulate and pass around the
              results of computations with different labels. We
              give precise semantics and prove confidentiality
              and integrity properties of the system.},
    URL = {http://www.truststc.org/pubs/889.html}
}

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.