[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/1929553.1929564acmconferencesArticle/Chapter ViewAbstractPublication PagespoplConference Proceedingsconference-collections
research-article

Information flow enforcement in monadic libraries

Published: 25 January 2011 Publication History

Abstract

In various scenarios, there is a need to expose a certain API to client programs which are not fully trusted. In cases where the client programs need access to sensitive data, confidentiality can be enforced using an information flow policy. This is a general and powerful type of policy that has been widely studied and implemented.
Previous work has shown how information flow policy enforcement can be implemented in a lightweight fashion in the form of a library. However, these approaches all suffer from a number of limitations. Often, the policy and its enforcement are not cleanly separated from the underlying API, and the user of the API is exposed to a strongly and unnaturally modified interface. Some of the approaches are limited to functional APIs and have difficulty handling imperative features like I/O and mutable state variables. In addition, this previous work uses classic static information flow enforcement techniques, and does not consider more recent dynamic information flow enforcement techniques.
In this paper, we show that information flow policies can be enforced on imperative-style monadic APIs in a modular and reasonably general way with only a minor impact on the interface provided to API users. The main idea of this paper is that we implement the policy enforcement in a monad transformer while the underlying monadic API remains unaware and unmodifoed. The policy is specified through the lifting of underlying monad operations.
We show the generality of our approach by presenting implementations of three important information flow enforcement techniques, including a purely dynamic, a purely static and a hybrid technique. Two of the techniques require the use of a generalisation of the Monad type class, but impact on the API interface stays limited. We show that our technique lends itself to formal reasoning by sketching a proof that our implementation of the static technique is faithful to the original presentation. Finally, we discuss fundamental limitations of our approach and how it fits in general information flow enforcement theory.

References

[1]
R. Atkey. Parameterised notions of computation. Journal of Functional Programming, 19(3--4):335--376, 2009.
[2]
T. Austin and C. Flanagan. Efficient purely-dynamic information flow analysis. In PLAS Workshop, pages 113--124. ACM, 2009.
[3]
K. Crary, A. Kliger, and F. Pfenning. A monadic analysis of information flow security with mutable state. Journal of functional programming, 15(02):249--291, 2005.
[4]
D. Devriese and F. Piessens. Non-interference through secure multi-execution. In IEEE Symposium on Security and Privacy, 2010.
[5]
I. Dupree. Ghc ticket 1537 - do notation translation. http://hackage.haskell.org/trac/ghc/ticket/1537, 2007. Fixed in GHC 6.8.3.
[6]
GHC Team. GHC manual - rebindable syntax and the implicit Prelude import. http://haskell.org/ghc/docs/6.12.2/html/users_guide/syntax-extns.html#rebindable-syntax, 2010.
[7]
J. Hughes. Generalising monads to arrows. Science of computer programming, 37(1--3):67--111, 2000.
[8]
O. Kiselyov. Genuine shift/reset in haskell. Mailing list message, December 2007.
[9]
E. Kmett. Parameterized monads in haskell. The Comonad.Reader, 2007. URL http://comonad.com/reader/2007/parameterized-monads-in-haskell/.
[10]
J. Launchbury, P. Jones, and L. Simon. Lazy functional state threads. In PLDI, page 35. ACM, 1994.
[11]
G. Le Guernic. Confidentiality Enforcement Using Dynamic Information Flow Analyses. PhD thesis, Kansas State University, 2007.
[12]
G. Le Guernic, A. Banerjee, T. Jensen, and D. Schmidt. Automata-based confidentiality monitoring. In ASIAN, pages 75--89, 2006.
[13]
P. Li and S. Zdancewic. Encoding information flow in haskell. In 19th IEEE Computer Security Foundations Workshop, 2006, page 12, 2006.
[14]
J. Ligatti, L. Bauer, and D. Walker. Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security, 4(1):2--16, 2005.
[15]
A. Myers. JFlow: Practical mostly-static information flow control. In POPL, pages 228--241. ACM, 1999.
[16]
F. Pottier and V. Simonet. Information flow inference for ML. TOPLAS, 25(1):117--158, 2003.
[17]
R. Pucella and J. Tov. Haskell session types with (almost) no class. ACM SIGPLAN Notices, 44(2):25--36, 2009.
[18]
A. Russo and A. Sabelfeld. Dynamic vs. static flow-sensitive security analysis. In Computer Security Foundations, 2010.
[19]
A. Russo, K. Claessen, and J. Hughes. A library for light-weight information-flow security in haskell. In Haskell Symposium, pages 13--24. ACM, 2008.
[20]
A. Sabelfeld and A. Myers. Language-based information-flow security. IEEE Journal on selected areas in communications, 21(1):5--19, 2003.
[21]
A. Sabelfeld and A. Russo. From dynamic to static and back: Riding the roller coaster of information-flow control research. In Perspectives of System Informatics, 2009.
[22]
T.-C. Tsai, A. Russo, and J. Hughes. A library for secure multi-threaded information flow in Haskell. In CSF, pages 187--202, 2007.
[23]
D. Volpano and G. Smith. Eliminating covert flows with minimum typings. In CSFW, pages 156--168, 1997.
[24]
D. Volpano, C. Irvine, and G. Smith. A sound type system for secure flow analysis. Journal of computer security, 4(2/3):167--188, 1996.

Cited By

View all
  • (2022)ANOSY: approximated knowledge synthesis with refinement types for declassificationProceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3519939.3523725(15-30)Online publication date: 9-Jun-2022
  • (2021)Scooter & Sidecar: a domain-specific approach to writing secure database migrationsProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454072(710-724)Online publication date: 19-Jun-2021
  • (2020)Liquid information flow controlProceedings of the ACM on Programming Languages10.1145/34089874:ICFP(1-30)Online publication date: 3-Aug-2020
  • Show More Cited By

Index Terms

  1. Information flow enforcement in monadic libraries

      Recommendations

      Comments

      Please enable JavaScript to view thecomments powered by Disqus.

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      TLDI '11: Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
      January 2011
      94 pages
      ISBN:9781450304849
      DOI:10.1145/1929553
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      In-Cooperation

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 25 January 2011

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. information flow enforcement
      2. monad transformers
      3. monads
      4. parameterised monads

      Qualifiers

      • Research-article

      Conference

      POPL '11
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 11 of 26 submissions, 42%

      Upcoming Conference

      POPL '25

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)2
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 22 Dec 2024

      Other Metrics

      Citations

      Cited By

      View all
      • (2022)ANOSY: approximated knowledge synthesis with refinement types for declassificationProceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3519939.3523725(15-30)Online publication date: 9-Jun-2022
      • (2021)Scooter & Sidecar: a domain-specific approach to writing secure database migrationsProceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation10.1145/3453483.3454072(710-724)Online publication date: 19-Jun-2021
      • (2020)Liquid information flow controlProceedings of the ACM on Programming Languages10.1145/34089874:ICFP(1-30)Online publication date: 3-Aug-2020
      • (2019)Optimising Faceted Secure Multi-Execution2019 IEEE 32nd Computer Security Foundations Symposium (CSF)10.1109/CSF.2019.00008(1-115)Online publication date: Jun-2019
      • (2018)Faceted Secure Multi ExecutionProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243806(1617-1634)Online publication date: 15-Oct-2018
      • (2017)Securing Concurrent Lazy Programs Against Information Leakage2017 IEEE 30th Computer Security Foundations Symposium (CSF)10.1109/CSF.2017.39(37-52)Online publication date: Aug-2017
      • (2016)Faceted Dynamic Information Flow via Control and Data MonadsProceedings of the 5th International Conference on Principles of Security and Trust - Volume 963510.5555/3089491.3089493(3-23)Online publication date: 2-Apr-2016
      • (2016)Supermonads: one notion to bind them allACM SIGPLAN Notices10.1145/3241625.297601251:12(158-169)Online publication date: 8-Sep-2016
      • (2016)On Formalizing Information-Flow Control LibrariesProceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security10.1145/2993600.2993608(15-28)Online publication date: 24-Oct-2016
      • (2016)Supermonads: one notion to bind them allProceedings of the 9th International Symposium on Haskell10.1145/2976002.2976012(158-169)Online publication date: 8-Sep-2016
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media