Flexible dynamic information flow control in the presence of exceptions*

@article{Stefan2017FlexibleDI,
  title={Flexible dynamic information flow control in the presence of exceptions*},
  author={Deian Stefan and David Mazi{\`e}res and John C. Mitchell and Alejandro Russo},
  journal={Journal of Functional Programming},
  year={2017},
  volume={27}
}
Abstract We describe a language-based, dynamic information flow control (IFC) system called LIO. Our system presents a new design point for IFC, influenced by the challenge of implementing IFC as a Haskell library, as opposed to the more typical approach of modifying the language runtime system. In particular, we take a coarse-grained, floating-label approach, previously used by IFC Operating Systems, and associate a single, mutable label—the current label—with all the data in a computation's… 

HLIO: mixing static and dynamic typing for information-flow control in Haskell

TLDR
This paper presents the design and implementation of the approach, HLIO (Hybrid LIO), as an embedding in Haskell that uses a novel technique for deferring IFC checks based on singleton types and constraint polymorphism and offers a methodology for programmer-controlled hybrid type checking in Haskell.

Securing functional programs with floating-label information-flow control

TLDR
An extension to LIO which supports dynamic policies and can encode well-known label formats such as the DLM and DC labels is introduced and advanced type system features in Haskell are leveraged to give the programmer control over which parts of the program are dynamically checked and which parts are statically checked.

Permissive runtime information flow control in the presence of exceptions

TLDR
This paper presents an improvement and enhancement of the so-called permissive-upgrade strategy, which is widely used to tackle implicit leaks in dynamic information flow control, and improves the strategy’s permissiveness and generalize it.

IFC Inside: Retrofitting Languages with Dynamic Information Flow Control

TLDR
This work takes the ideas of coarse-grained dynamic IFC and provides the theoretical foundation for a language-based approach that can be applied to any programming language for which external effects can be controlled.

On Formalizing Information-Flow Control Libraries

TLDR
This paper presents a full-fledged, mechanically-verified model of MAC---a statically enforced IFC library, and proves that MAC is secure under a round-robin scheduler by simply instantiating the main scheduler-parametric theorem.

Compile-Time Security Certification of Imperative Programming Languages

TLDR
This paper introduces a dynamic labelling algorithm for security certification of imperative programming languages that follows a combination of mutable and immutable labelling referred to as hybrid labelling approach and compares the labelling precision realizable by the approach with the existing approaches in the literature.

Short Paper: Weak Runtime-Irrelevant Typing for Security

TLDR
WRIT, a plugin for the GHC Haskell compiler that relaxes the type checking process in the presence of runtime-irrelevant constraints, and presents a novel way to specify which types should be considered equivalent for the purpose of allowing the program to run.

Co-Inflow: Coarse-grained Information Flow Control for Java-like Languages

TLDR
The essence of Co-Inflow is captured in a middle-weight imperative calculus, and it is proven that it provides a termination- insensitive non-interference security guarantee.

A Dependently Typed Library for Static Information-Flow Control in Idris

TLDR
This work presents DepSec, a MAC inspired, dependently typed library for static information-flow control in Idris, and showcases how adding dependent types increases the expressiveness of state-of-the-art static information -flow control libraries and how DepSec matches a special-purpose dependent information- flow type system on a key example.

References

SHOWING 1-10 OF 93 REFERENCES

Flexible dynamic information flow control in Haskell

TLDR
A new, dynamic, floating-label approach to language-based information flow control, LIO, which keeps track of a current label and permits restricted access to IO functionality, while ensuring that the current label exceeds the labels of all data observed and restricts what can be modified.

IFC Inside: Retrofitting Languages with Dynamic Information Flow Control

TLDR
This work takes the ideas of coarse-grained dynamic IFC and provides the theoretical foundation for a language-based approach that can be applied to any programming language for which external effects can be controlled.

On Formalizing Information-Flow Control Libraries

TLDR
This paper presents a full-fledged, mechanically-verified model of MAC---a statically enforced IFC library, and proves that MAC is secure under a round-robin scheduler by simply instantiating the main scheduler-parametric theorem.

Information flow control for standard OS abstractions

TLDR
Flume is presented, a new DIFC model that applies at the granularity of operating system processes and standard OS abstractions (e.g., pipes and file descriptors), designed for simplicity of mechanism, to ease DIFC's use in existing applications, and to allow safe interaction between conventional and DIFC-aware processes.

A Library for Secure Multi-threaded Information Flow in Haskell

TLDR
This paper presents an extension to Li and Zdancewic's library that provides information-flow security in presence of reference manipulation and multithreaded programs and reveals that exploiting concurrency to leak secrets is feasible and dangerous in practice and how the extension helps avoiding that.

A library for light-weight information-flow security in haskell

TLDR
This paper presents a monadic library to provide information-flow security for Haskell programs and shows that arrows are not necessary to design such libraries and that a less general notion, namely monads, is sufficient to achieve the same goals.

Catch me if you can: permissive yet secure error handling

TLDR
This paper presents a general and permissive alternative to the rigid solution: the programmer is offered a choice for each type of error/exception whether to handle it or not, and extends naturally to a language with procedures and output, where the soundness of the mechanism is shown with respect to termination-insensitive noninterference.

Encoding information flow in Haskell

  • Peng LiS. Zdancewic
  • Computer Science
    19th IEEE Computer Security Foundations Workshop (CSFW'06)
  • 2006
TLDR
An embedded security sublanguage for enforcing information-flow policies in the standard Haskell programming language, designed using a standard combinator interface called arrows, which provides great flexibility and modularity for using security-policy frameworks.

Information flow enforcement in monadic libraries

TLDR
It is shown that information flow policies can be enforced on imperative-style monadic APIs in a modular and reasonably general way with only a minor impact on the interface provided to API users.

Laminar: practical fine-grained decentralized information flow control

TLDR
Laminar is described, the first system to implement decentralized information flow control using a single set of abstractions for OS resources and heap-allocated objects, and supports a more general class of multithreaded DIFC programs that can access heterogeneously labeled data.
...