Arrows for secure information flow

This paper presents an embedded security sublanguage for enforcing informationflow policies in the standard Haskell programming language. The sublanguage provides useful information-flow control mechanisms including dynamic security lattices, run-time code privileges and declassification all without modifying the base language. This design avoids the redundant work of producing new languages, lowers the threshold for adopting security-typed languages, and also provides great flexibility and modularity for using security-policy frameworks. The embedded security sublanguage is designed using a standard combinator interface called arrows. Computations constructed in the sublanguage have static and explicit control-flow components, making it possible to implement information-flow control using static-analysis techniques at run time, while providing strong security guarantees. This paper presents a formal proof that our embedded sublanguage provides noninterference, a concrete Haskell implementation and an example application demonstrating the proposed techniques. Disciplines Computer Sciences Comments Peng Li and Steve Zdancewic. Arrows for Secure Information Flow. Theoretical Computer Science, 411(19):1974-1994, 2010. ©2011 Elsevier. Authors retain the right to post a pre-print version of the journal article on Internet web sites including electronic pre-print servers, and to retain indefinitely such version on such servers or sites. This journal article is available at ScholarlyCommons: http://repository.upenn.edu/cis_papers/557 Arrows for Secure Information Flow Peng Li Steve Zdancewic University of Pennsylvania, Department of Computer and Information Science, 3330 Walnut Street, Philadelphia, Pennsylvania, 19104-6389, USA