This package presents a static library to enforce
Information-Flow Control (IFC) in Haskell.
IFC allows untrusted code to manipulate sensitive
data (i.e., secret information), while preserving its confidentiality.
To illustrate the use case scenario for SecLib, let us consider two Haskell
programmers , Alice and Bob, who do not trust each other. Image that Alice
wishes to use Bob's code to check the strength of Alice's sensitive passwords.
Clearly, Alice is concern that the passwords could be leaked if they are run
with Bob's code. How could Alice be sure that Bob's code will preserve the
confidentiality of Alice's password? One option is to do code review---a very
time consuming approach. Instead, Alice demands that Bob's code uses the
security monads provided by this library (i.e., Sec and SecIO). Now, Alice
only requires, by using the type-system, that Bob's code is written using such
monads. Importantly, Alice needs to use Safe Haskell to compile Bob's
untrusted code using the flags -XSafe. This package provides the files
Alice.hs and Bob.hs. The former calls into functions provided by the
latter and the library guarantees that secrets are not unintentionally or
maliciously leaked.
The library is a modern and simplified version (updated to exploit the last
GHC type-system features) of the work presented in
A Library for Light-weight Information-Flow Security in Haskell by
Alejandro Russo, Koen Claessen and
John Hughes. In Proc. of the ACM SIGPLAN 2008 Haskell Symposium. With respect
to the version 1.0.0.0, this version has less side-effectful features (e.g.,
no secure file handlers and sockets) as well as declassification combinators. However,
it presents a simpler and more intuitive interface which can be easily
extended to cover a rich-set of side-effects.
