Functional pearl: two can keep a secret, if one of them uses Haskell
Abstract
For several decades, researchers from different communities have independently focused on protecting confidentiality of data. Two distinct technologies have emerged for such purposes: Mandatory Access Control (MAC) and Information-Flow Control (IFC)—the former belonging to operating systems (OS) research, while the latter to the programming languages community. These approaches restrict how data gets propagated within a system in order to avoid information leaks. In this scenario, Haskell plays a unique privileged role: it is able to protect confidentiality via libraries. This pearl presents a monadic API which statically protects confidentiality even in the presence of advanced features like exceptions, concurrency, and mutable data structures. Additionally, we present a mechanism to safely extend the library with new primitives, where library designers only need to indicate the read and write effects of new operations.
Document Details
- Document Type
- Pub Defense Publication
- Publication Date
- Aug 29, 2015
- Source ID
- 10.1145/2858949.2784756
Entities
People
- Alejandro Russo
Organizations
- Barbro Osher Pro Suecia Foundation
- Chalmers University of Technology
- Defense Advanced Research Projects Agency
- Swedish Research Council