seclib: A simple library for static information-flow security in Haskell
This is a package candidate release! Here you can preview how this package release will appear once published to the main package index (which can be accomplished via the 'maintain' link below). Please note that once a package has been published to the main package index it cannot be undone! Please consult the package uploading documentation for more information.
Warnings:
- Exposed modules use unallocated top-level names: SecLib
This package presents a static library to enforce Information-Flow Control (IFC) in Haskell. IFC allows untrusted code to manipulate sensitive data (i.e., secret information), while preserving its confidentiality.
To illustrate the use case scenario for SecLib, let us consider two Haskell
programmers , Alice and Bob, who do not trust each other. Image that Alice
wishes to use Bob's code to check the strength of Alice's sensitive passwords.
Clearly, Alice is concern that the passwords could be leaked if they are run
with Bob's code. How could Alice be sure that Bob's code will preserve the
confidentiality of Alice's password? One option is to do code review---a very
time consuming approach. Instead, Alice demands that Bob's code uses the
security monads provided by this library (i.e., Sec and SecIO). Now, Alice
only requires, by using the type-system, that Bob's code is written using such
monads. Importantly, Alice needs to use Safe Haskell to compile Bob's
untrusted code using the flags -XSafe. This package provides the files
Alice.hs and Bob.hs. The former calls into functions provided by the
latter and the library guarantees that secrets are not unintentionally or
maliciously leaked.
The library is a modern and simplified version (updated to exploit the last GHC type-system features) of the work presented in A Library for Light-weight Information-Flow Security in Haskell by Alejandro Russo, Koen Claessen and John Hughes. In Proc. of the ACM SIGPLAN 2008 Haskell Symposium. With respect to the version 1.0.0.0, this version has less side-effectful features (e.g., no secure file handlers and sockets) as well as declassification combinators. However, it presents a simpler and more intuitive interface which can be easily extended to cover a rich-set of side-effects.
Properties
| Versions | 0.1, 0.2, 0.4, 0.5, 0.6, 0.7, 1.0.0.0, 1.1.0.0, 1.1.0.1, 1.1.0.1, 1.1.0.2, 1.1.0.3 |
|---|---|
| Change log | None available |
| Dependencies | base (>=4.7 && <4.8) [details] |
| License | BSD-3-Clause |
| Author | Alejandro Russo |
| Maintainer | russo@chalmers.se |
| Category | Security |
| Source repo | this: git clone https://russo@bitbucket.org/russo/seclib.git(tag release-1.1.0.1) |
| Uploaded | by AlejandroRusso at 2014-12-15T02:49:17Z |
Modules
[Index]
Downloads
- seclib-1.1.0.1.tar.gz [browse] (Cabal source package)
- Package description (as included in the package)
Maintainer's Corner
Package maintainers
For package maintainers and hackage trustees