Abstract
Language-based information-flow security has emerged as a promising technology to guarantee confidentiality in on-line systems, where enforcement mechanisms are typically presented as run-time monitors, code transformations, or type-systems. Recently, an alternative technique, called secure multi-execution, has been proposed. The main idea behind this novel approach consists on running a program multiple times, once for each security level, using special rules for I/O operations. Compared to run-time monitors and type-systems, secure multi-execution does not require to inspect the full code of the application (only its I/O actions). In this paper, we propose the core of a library to provide non-interference through secure-multi execution. We present the code of the library as well as a running example for Haskell. To the best of our knowledge, this paper is the first work to consider secure-multi execution in a functional setting and provide this technology as a library.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andrews, M.: Guest Editor’s Introduction: The State of Web Security. IEEE Security and Privacy 4(4), 14–15 (2006)
Chong, S., Liu, J., Myers, A.C., Qi, X., Vikram, K., Zheng, L., Zheng, X.: Secure web applications via automatic partitioning. In: Proc. ACM Symp. on Operating System Principles, pp. 31–44 (October 2007)
Cohen, E.S.: Information transmission in computational systems. ACM SIGOPS Operating Systems Review 11(5), 133–139 (1977)
Conti, J.J., Russo, A.: A taint mode for Python via a library. In: NordSec 2010. Selected paper by OWASP AppSec Research 2010 (2010)
Credit Research Foundation. Ratios and formulas in customer financial analysis (1999), http://www.crfonline.org/orc/cro/cro-16.html
Del Tedesco, F., Russo, A., Sands, D.: Implementing erasure policies using taint analysis. In: Aura, T. (ed.) The 15th Nordic Conf. in Secure IT Systems. Springer, Heidelberg (2010)
Devriese, D., Piessens, F.: Noninterference through secure multi-execution. In: Proc. of the 2010 IEEE Symposium on Security and Privacy, SP 2010, pp. 109–124. IEEE Computer Society, Washington, DC (2010)
Devriese, D., Piessens, F.: Information flow enforcement in monadic libraries. In: Proc. of the 7th ACM SIGPLAN Workshop on Types in Language Design and Implementation, TLDI 2011, pp. 59–72. ACM, New York (2011)
Federal Aviation Administration (US). Review of Web Applications Security and Intrusion Detection in Air Traffic Control Systems. Note: thousands of vulnerabilities were discovered (June 2009), http://www.oig.dot.gov/sites/dot/files/pdfdocs/ATC_Web_Report.pdf
Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symp. on Security and Privacy, pp. 11–20 (April 1982)
Heintze, N., Riecke, J.G.: The SLam calculus: programming with secrecy and integrity. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 365–377 (January 1998)
Jaskelioff, M.: Lifting of Operations in Modular Monadic Semantics. PhD thesis, University of Nottingham (2009)
Jaskelioff, M., Russo, A.: Secure multi-execution in Haskell. software release (2011), http://www.cse.chalmers.se/~russo/sme/
Li, P., Zdancewic, S.: Encoding Information Flow in Haskell. In: CSFW 2006: Proc. of the 19th IEEE Workshop on Computer Security Foundations. IEEE Computer Society (2006)
Magazinius, J., Phung, P.H., Sands, D.: Safe wrappers and sane policies for self protecting JavaScript. In: Aura, T. (ed.) The 15th Nordic Conf. in Secure IT Systems. Springer, Heidelberg (2010)
Moggi, E.: An abstract view of programming languages. Technical Report ECS-LFCS-90-113, Edinburgh University, Edinburgh, Scotland (1989)
Moggi, E.: Computational lambda-calculus and monads. In: Proc., Fourth Annual Symposium on Logic in Computer Science, pp. 14–23. IEEE Computer Society (1989)
Morgenstern, J., Licata, D.R.: Security-typed programming within dependently typed programming. In: Proc. of the 15th ACM SIGPLAN Int. Conf. on Funct. Prog., ICFP 2010, pp. 169–180. ACM, New York (2010)
Myers, A.C.: JFlow: Practical mostly-static information flow control. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 228–241 (January 1999)
Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: Jif: Java information flow. Software release (July 2001), Located at http://www.cs.cornell.edu/jif
Peyton Jones, S., Gordon, A., Finne, S.: Concurrent haskell. In: POPL 1996: Proc. of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 295–308. ACM, New York (1996)
Peyton Jones, S.L., Wadler, P.: Imperative functional programming. In: Proc. of the ACM Conf. on Principles of Programming, pp. 71–84 (1993)
Phung, P.H., Sands, D., Chudnov, A.: Lightweight self-protecting javascript. In: Safavi-Naini, R., Varadharajan, V. (eds.) ACM Symposium on Information, Computer and Communications Security (ASIACCS 2009). ACM Press, Sydney (2009)
Pottier, F., Simonet, V.: Information flow inference for ML. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 319–330 (January 2002)
Russo, A., Claessen, K., Hughes, J.: A library for light-weight information-flow security in Haskell. In: Haskell 2008: Proc. of the 1st ACM SIGPLAN Symp. on Haskell. ACM (2008)
Russo, A., Hughes, J., Naumann, J.D.A., Sabelfeld, A.: Closing Internal Timing Channels by Transformation. In: Okada, M., Satoh, I. (eds.) ASIAN 2006. LNCS, vol. 4435, pp. 120–135. Springer, Heidelberg (2008)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)
Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: Proc. IEEE Computer Security Foundations Workshop, pp. 255–269 (June 2005)
Simonet, V.: Flow caml in a nutshell. In: Hutton, G. (ed.) Proc. of the First APPSEM-II Workshop, pp. 152–165 (March 2003)
Simonet, V.: The Flow Caml system. Software release (July 2003), http://cristal.inria.fr/~simonet/soft/flowcaml
Swierstra, W., Altenkirch, T.: Beauty in the beast. In: Proc. of the ACM SIGPLAN Workshop on Haskell, Haskell 2007, pp. 25–36. ACM, New York (2007)
Tsai, T.C., Russo, A., Hughes, J.: A library for secure multi-threaded information flow in Haskell. In: Proc. of the 20th IEEE Computer Security Foundations Symposium (July 2007)
Zdancewic, S.: Programming Languages for Information Security. PhD thesis, Cornell University (July 2002)
Zdancewic, S., Zheng, L., Nystrom, N., Myers, A.C.: Untrusted hosts and confidentiality: Secure program partitioning. In: Proc. ACM Symp. on Operating System Principles (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jaskelioff, M., Russo, A. (2012). Secure Multi-execution in Haskell. In: Clarke, E., Virbitskaite, I., Voronkov, A. (eds) Perspectives of Systems Informatics. PSI 2011. Lecture Notes in Computer Science, vol 7162. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29709-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-29709-0_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29708-3
Online ISBN: 978-3-642-29709-0
eBook Packages: Computer ScienceComputer Science (R0)