The MAC library implements Mandatory Access Control concepts in Haskell. It leverages Haskell type-system to restrict how data gets propagated within programs and ensures that sensitive data cannot be leaked by malicious or buggy code. The library enables untrusted code, i.e., code written by someone else, to securely manipulate sensitive data while preserving its confidentiality.
The library provides secure versions of advance programming languages features like references, exceptions, and concurrency. This package is the accompanying code for the paper Functional Pearl: Two can keep a secret, if one of them uses Haskell.
- New module FlexibleLb.hs - Extended API for labeled values: functor structure (fmap), relabeling operation (relabel), and applicative operator (<<*>>). - Theory supporting this changes is described in the article "Flexible Manipulation of Labeled Values for Information-Flow Control Libraries" by Vassena et al.