Skip to main content
SpringerLink
Log in

Secure Multi-execution in Haskell

  • Conference paper
Perspectives of Systems Informatics (PSI 2011)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7162))

Abstract

Language-based information-flow security has emerged as a promising technology to guarantee confidentiality in on-line systems, where enforcement mechanisms are typically presented as run-time monitors, code transformations, or type-systems. Recently, an alternative technique, called secure multi-execution, has been proposed. The main idea behind this novel approach consists on running a program multiple times, once for each security level, using special rules for I/O operations. Compared to run-time monitors and type-systems, secure multi-execution does not require to inspect the full code of the application (only its I/O actions). In this paper, we propose the core of a library to provide non-interference through secure-multi execution. We present the code of the library as well as a running example for Haskell. To the best of our knowledge, this paper is the first work to consider secure-multi execution in a functional setting and provide this technology as a library.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Andrews, M.: Guest Editor’s Introduction: The State of Web Security. IEEE Security and Privacy 4(4), 14–15 (2006)

    Article  Google Scholar 

  2. Chong, S., Liu, J., Myers, A.C., Qi, X., Vikram, K., Zheng, L., Zheng, X.: Secure web applications via automatic partitioning. In: Proc. ACM Symp. on Operating System Principles, pp. 31–44 (October 2007)

    Google Scholar 

  3. Cohen, E.S.: Information transmission in computational systems. ACM SIGOPS Operating Systems Review 11(5), 133–139 (1977)

    Article  Google Scholar 

  4. Conti, J.J., Russo, A.: A taint mode for Python via a library. In: NordSec 2010. Selected paper by OWASP AppSec Research 2010 (2010)

    Google Scholar 

  5. Credit Research Foundation. Ratios and formulas in customer financial analysis (1999), http://www.crfonline.org/orc/cro/cro-16.html

  6. Del Tedesco, F., Russo, A., Sands, D.: Implementing erasure policies using taint analysis. In: Aura, T. (ed.) The 15th Nordic Conf. in Secure IT Systems. Springer, Heidelberg (2010)

    Google Scholar 

  7. Devriese, D., Piessens, F.: Noninterference through secure multi-execution. In: Proc. of the 2010 IEEE Symposium on Security and Privacy, SP 2010, pp. 109–124. IEEE Computer Society, Washington, DC (2010)

    Chapter  Google Scholar 

  8. Devriese, D., Piessens, F.: Information flow enforcement in monadic libraries. In: Proc. of the 7th ACM SIGPLAN Workshop on Types in Language Design and Implementation, TLDI 2011, pp. 59–72. ACM, New York (2011)

    Chapter  Google Scholar 

  9. Federal Aviation Administration (US). Review of Web Applications Security and Intrusion Detection in Air Traffic Control Systems. Note: thousands of vulnerabilities were discovered (June 2009), http://www.oig.dot.gov/sites/dot/files/pdfdocs/ATC_Web_Report.pdf

  10. Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symp. on Security and Privacy, pp. 11–20 (April 1982)

    Google Scholar 

  11. Heintze, N., Riecke, J.G.: The SLam calculus: programming with secrecy and integrity. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 365–377 (January 1998)

    Google Scholar 

  12. Jaskelioff, M.: Lifting of Operations in Modular Monadic Semantics. PhD thesis, University of Nottingham (2009)

    Google Scholar 

  13. Jaskelioff, M., Russo, A.: Secure multi-execution in Haskell. software release (2011), http://www.cse.chalmers.se/~russo/sme/

  14. Li, P., Zdancewic, S.: Encoding Information Flow in Haskell. In: CSFW 2006: Proc. of the 19th IEEE Workshop on Computer Security Foundations. IEEE Computer Society (2006)

    Google Scholar 

  15. Magazinius, J., Phung, P.H., Sands, D.: Safe wrappers and sane policies for self protecting JavaScript. In: Aura, T. (ed.) The 15th Nordic Conf. in Secure IT Systems. Springer, Heidelberg (2010)

    Google Scholar 

  16. Moggi, E.: An abstract view of programming languages. Technical Report ECS-LFCS-90-113, Edinburgh University, Edinburgh, Scotland (1989)

    Google Scholar 

  17. Moggi, E.: Computational lambda-calculus and monads. In: Proc., Fourth Annual Symposium on Logic in Computer Science, pp. 14–23. IEEE Computer Society (1989)

    Google Scholar 

  18. Morgenstern, J., Licata, D.R.: Security-typed programming within dependently typed programming. In: Proc. of the 15th ACM SIGPLAN Int. Conf. on Funct. Prog., ICFP 2010, pp. 169–180. ACM, New York (2010)

    Google Scholar 

  19. Myers, A.C.: JFlow: Practical mostly-static information flow control. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 228–241 (January 1999)

    Google Scholar 

  20. Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: Jif: Java information flow. Software release (July 2001), Located at http://www.cs.cornell.edu/jif

  21. Peyton Jones, S., Gordon, A., Finne, S.: Concurrent haskell. In: POPL 1996: Proc. of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 295–308. ACM, New York (1996)

    Chapter  Google Scholar 

  22. Peyton Jones, S.L., Wadler, P.: Imperative functional programming. In: Proc. of the ACM Conf. on Principles of Programming, pp. 71–84 (1993)

    Google Scholar 

  23. Phung, P.H., Sands, D., Chudnov, A.: Lightweight self-protecting javascript. In: Safavi-Naini, R., Varadharajan, V. (eds.) ACM Symposium on Information, Computer and Communications Security (ASIACCS 2009). ACM Press, Sydney (2009)

    Google Scholar 

  24. Pottier, F., Simonet, V.: Information flow inference for ML. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 319–330 (January 2002)

    Google Scholar 

  25. Russo, A., Claessen, K., Hughes, J.: A library for light-weight information-flow security in Haskell. In: Haskell 2008: Proc. of the 1st ACM SIGPLAN Symp. on Haskell. ACM (2008)

    Google Scholar 

  26. Russo, A., Hughes, J., Naumann, J.D.A., Sabelfeld, A.: Closing Internal Timing Channels by Transformation. In: Okada, M., Satoh, I. (eds.) ASIAN 2006. LNCS, vol. 4435, pp. 120–135. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  27. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  28. Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: Proc. IEEE Computer Security Foundations Workshop, pp. 255–269 (June 2005)

    Google Scholar 

  29. Simonet, V.: Flow caml in a nutshell. In: Hutton, G. (ed.) Proc. of the First APPSEM-II Workshop, pp. 152–165 (March 2003)

    Google Scholar 

  30. Simonet, V.: The Flow Caml system. Software release (July 2003), http://cristal.inria.fr/~simonet/soft/flowcaml

  31. Swierstra, W., Altenkirch, T.: Beauty in the beast. In: Proc. of the ACM SIGPLAN Workshop on Haskell, Haskell 2007, pp. 25–36. ACM, New York (2007)

    Chapter  Google Scholar 

  32. Tsai, T.C., Russo, A., Hughes, J.: A library for secure multi-threaded information flow in Haskell. In: Proc. of the 20th IEEE Computer Security Foundations Symposium (July 2007)

    Google Scholar 

  33. Zdancewic, S.: Programming Languages for Information Security. PhD thesis, Cornell University (July 2002)

    Google Scholar 

  34. Zdancewic, S., Zheng, L., Nystrom, N., Myers, A.C.: Untrusted hosts and confidentiality: Secure program partitioning. In: Proc. ACM Symp. on Operating System Principles (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CIFASIS-CONICET, Universidad Nacional de Rosario, Argentina

    Mauro Jaskelioff

  2. Dept. of Computer Science and Engineering, Chalmers University of Technology, Sweden

    Alejandro Russo

Authors
  1. Mauro Jaskelioff
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alejandro Russo
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, Carnegie Mellon University, 5000 Forbes Avenue, 15213-3891, Pittsburgh, PA, USA

    Edmund Clarke

  2. A.P. Ershov Institute of Informatics Systems Siberian Branch of the Russian Academy of Sciences, 6, Acad. Lavrentiev ave, Novosibirsk, 630090, Russia

    Irina Virbitskaite

  3. The University of Manchester, Oxford Road, M13 9PL, Manchester, UK

    Andrei Voronkov

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jaskelioff, M., Russo, A. (2012). Secure Multi-execution in Haskell. In: Clarke, E., Virbitskaite, I., Voronkov, A. (eds) Perspectives of Systems Informatics. PSI 2011. Lecture Notes in Computer Science, vol 7162. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29709-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29709-0_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29708-3

  • Online ISBN: 978-3-642-29709-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation