A simple library for static information-flow security in Haskell

Latest on Hackage:

This package is not currently in any snapshots. If you're interested in using it, we recommend adding it to Stackage Nightly. Doing so will make builds more reliable, and allow to host generated Haddocks.

BSD3 licensed by Alejandro Russo
Maintained by

This package presents a static library to enforce Information-Flow Control (IFC) in Haskell. IFC allows untrusted code to manipulate sensitive data (i.e., secret information), while preserving its confidentiality.

To illustrate the use case scenario for SecLib, let us consider two Haskell programmers , Alice and Bob, who do not trust each other. Image that Alice wishes to use Bob's code to check the strength of Alice's sensitive passwords. Clearly, Alice is concern that the passwords could be leaked if they are run with Bob's code. How could Alice be sure that Bob's code will preserve the confidentiality of Alice's password? One option is to do code review---a very time consuming approach. Instead, Alice demands that Bob's code uses the security monads provided by this library (i.e., Sec and SecIO). Now, Alice only requires, by using the type-system, that Bob's code is written using such monads. Importantly, Alice needs to use Safe Haskell to compile Bob's untrusted code using the flags -XSafe. This package provides the files Alice.hs and Bob.hs. The former calls into functions provided by the latter and the library guarantees that secrets are not unintentionally or maliciously leaked.

The library is a modern and simplified version (updated to exploit the last GHC type-system features) of the work presented in A Library for Light-weight Information-Flow Security in Haskell by Alejandro Russo, Koen Claessen and John Hughes. In Proc. of the ACM SIGPLAN 2008 Haskell Symposium. With respect to the version, this version has less side-effectful features (e.g., no secure file handlers and sockets) as well as declassification combinators. However, it presents a simpler and more intuitive interface which can be easily extended to cover a rich-set of side-effects.

Depends on 1 package:
Used by 1 package:
comments powered byDisqus