Flexible dynamic information flow control in the presence of exceptions*. (12th January 2017)
- Record Type:
- Journal Article
- Title:
- Flexible dynamic information flow control in the presence of exceptions*. (12th January 2017)
- Main Title:
- Flexible dynamic information flow control in the presence of exceptions*
- Authors:
- STEFAN, DEIAN
MAZIÈRES, DAVID
MITCHELL, JOHN C.
RUSSO, ALEJANDRO - Abstract:
- Abstract: We describe a language-based, dynamic information flow control (IFC) system called LIO. Our system presents a new design point for IFC, influenced by the challenge of implementing IFC as a Haskell library, as opposed to the more typical approach of modifying the language runtime system. In particular, we take a coarse-grained, floating-label approach, previously used by IFC Operating Systems, and associate a single, mutable label—the current label —with all the data in a computation's context. This label is always raised to reflect the reading of sensitive information and it is used to restrict the underlying computation's effects. To preserve the flexibility of fine-grained systems, LIO also provides programmers with a means for associating an explicit label with a piece of data. Interestingly, these labeled values can be used to encapsulate the results of sensitive computations which would otherwise lead to the creeping of the current label. Unlike other language-based systems, LIO also bounds the current label with a current clearance, providing a form of discretionary access control that LIO programs can use to deal with covert channels. Moreover, LIO provides programmers with mutable references and exceptions. The latter, exceptions, are used in LIO to encode and recover from monitor failures, all while preserving data confidentiality and integrity—this addresses a longstanding concern that dynamic IFC is inherently prone to information leakage due to monitorAbstract: We describe a language-based, dynamic information flow control (IFC) system called LIO. Our system presents a new design point for IFC, influenced by the challenge of implementing IFC as a Haskell library, as opposed to the more typical approach of modifying the language runtime system. In particular, we take a coarse-grained, floating-label approach, previously used by IFC Operating Systems, and associate a single, mutable label—the current label —with all the data in a computation's context. This label is always raised to reflect the reading of sensitive information and it is used to restrict the underlying computation's effects. To preserve the flexibility of fine-grained systems, LIO also provides programmers with a means for associating an explicit label with a piece of data. Interestingly, these labeled values can be used to encapsulate the results of sensitive computations which would otherwise lead to the creeping of the current label. Unlike other language-based systems, LIO also bounds the current label with a current clearance, providing a form of discretionary access control that LIO programs can use to deal with covert channels. Moreover, LIO provides programmers with mutable references and exceptions. The latter, exceptions, are used in LIO to encode and recover from monitor failures, all while preserving data confidentiality and integrity—this addresses a longstanding concern that dynamic IFC is inherently prone to information leakage due to monitor failure. … (more)
- Is Part Of:
- Journal of functional programming. Volume 27(2017)
- Journal:
- Journal of functional programming
- Issue:
- Volume 27(2017)
- Issue Display:
- Volume 27, Issue 2017 (2017)
- Year:
- 2017
- Volume:
- 27
- Issue:
- 2017
- Issue Sort Value:
- 2017-0027-2017-0000
- Page Start:
- Page End:
- Publication Date:
- 2017-01-12
- Subjects:
- Functional programming (Computer science) -- Periodicals
- Journal URLs:
- http://journals.cambridge.org/action/displayJournal?jid=JFP ↗
http://firstsearch.oclc.org ↗ - DOI:
- 10.1017/S0956796816000241 ↗
- Languages:
- English
- ISSNs:
- 0956-7968
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library STI - ELD Digital store
- Ingest File:
- 2477.xml