seclib: A simple library for static information-flow security in Haskell
This package presents a static library to enforce Information-Flow Control (IFC) in Haskell. IFC allows untrusted code to manipulate sensitive data (i.e., secret information), while preserving its confidentiality.
To illustrate the use case scenario for SecLib, let us consider two Haskell
programmers , Alice and Bob, who do not trust each other. Image that Alice
wishes to use Bob's code to check the strength of Alice's sensitive passwords.
Clearly, Alice is concern that the passwords could be leaked if they are run
with Bob's code. How could Alice be sure that Bob's code will preserve the
confidentiality of Alice's password? One option is to do code review---a
time consuming approach. Instead, Alice demands that Bob's code uses the
security monads provided by this library (i.e., Sec
and SecIO
). Now, Alice
only requires, by using the type-system, that Bob's code is written using such
monads. Importantly, Alice needs to use Safe Haskell to compile Bob's
untrusted code using the flags -XSafe
. This package provides the files
Alice.hs
and Bob.hs
. The former calls into functions provided by the
latter and the library guarantees that secrets are not unintentionally or
maliciously leaked.
The library is a modern and simplified version (updated to exploit the last GHC type-system features) of the work presented in A Library for Light-weight Information-Flow Security in Haskell by Alejandro Russo, Koen Claessen and John Hughes. In Proc. of the ACM SIGPLAN 2008 Haskell Symposium. With respect to the version 1.0.0.0, this version has less side-effectful features (e.g., no secure file handlers and sockets) as well as declassification combinators. However, it presents a simpler and more intuitive interface which can be easily extended to cover a rich-set of side-effects.
Modules
- SecLib
- SecLib.Lattice
- SecLib.LowHigh
- SecLib.Ref
- SecLib.Reveal
- SecLib.Sec
- SecLib.SecIO
Downloads
- seclib-1.1.0.3.tar.gz [browse] (Cabal source package)
- Package description (as included in the package)
Maintainer's Corner
For package maintainers and hackage trustees
Candidates
Versions [RSS] | 0.1, 0.2, 0.4, 0.5, 0.6, 0.7, 1.0.0.0, 1.1.0.0, 1.1.0.1, 1.1.0.2, 1.1.0.3 |
---|---|
Change log | changelog.md |
Dependencies | base (>=4.7 && <4.13) [details] |
License | BSD-3-Clause |
Author | Alejandro Russo |
Maintainer | russo@chalmers.se |
Category | Security |
Source repo | this: git clone https://russo@bitbucket.org/russo/seclib.git(tag release-1.1.0.333) |
Uploaded | by AlejandroRusso at 2021-01-25T08:50:21Z |
Distributions | |
Reverse Dependencies | 1 direct, 0 indirect [details] |
Downloads | 6838 total (10 in the last 30 days) |
Rating | 2.0 (votes: 1) [estimated by Bayesian average] |
Your Rating | |
Status | Docs not available [build log] All reported builds failed as of 2021-01-25 [all 2 reports] |