Flexible Dynamic Information Flow Control in the Presence of Exceptions
Abstract
We describe a new, dynamic, floating-label approach to language-based information flow control. A labeled IO monad, LIO, keeps track of a current label and permits restricted access to IO functionality. The current label floats to exceed the labels of all data observed and restricts what can be modified. Unlike other language-based work, LIO also bounds the current label with a current clearance that provides a form of discretionary access control. Computations may encapsulate and pass around the results of computations with different labels. In addition, the LIO monad offers a simple form of labeled mutable references and exception handling. We give precise semantics and prove confidentiality and integrity properties of a call-by-name \lambda-calculus and provide an implementation in Haskell.
- Publication:
-
arXiv e-prints
- Pub Date:
- July 2012
- DOI:
- 10.48550/arXiv.1207.1457
- arXiv:
- arXiv:1207.1457
- Bibcode:
- 2012arXiv1207.1457S
- Keywords:
-
- Computer Science - Cryptography and Security;
- Computer Science - Programming Languages;
- D.4.6;
- D.1.1;
- D.3.3