Ensuring information security by using Haskell's advanced type system

2017 International Carnahan Conference on Security Technology (ICCST) Pub Date : 2017-10-01 DOI:10.1109/CCST.2017.8167844

M. Pirro, M. Conti, R. Lazzeretti

{"title":"Ensuring information security by using Haskell's advanced type system","authors":"M. Pirro, M. Conti, R. Lazzeretti","doi":"10.1109/CCST.2017.8167844","DOIUrl":null,"url":null,"abstract":"Protecting data confidentiality and integrity has become increasingly important in modern software. Sometimes, access control mechanisms come short and solutions on the application-level are needed. An approach can rely on enforcing information security using some features provided by certain programming languages. Several different solutions addressing this problem have been presented in literature, and entire new languages or libraries have been built from scratch. Some of them use type systems to let the compiler check for vulnerable code. In this way we are able to rule out those implementations which do not meet a certain security requirement. In this paper we use Haskell's type system to enforce three key properties of information security: non-interference and flexible declassification policies, strict input validation, and secure computations on untainted and trusted values. We present a functional lightweight library for applications with data integrity and confidentiality issues. Our contribute relies on a compile time enforcing of the aforementioned properties. Our library is wholly generalized and might be adapted for satisfying almost every security requirement.","PeriodicalId":371622,"journal":{"name":"2017 International Carnahan Conference on Security Technology (ICCST)","volume":"109 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Carnahan Conference on Security Technology (ICCST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2017.8167844","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Protecting data confidentiality and integrity has become increasingly important in modern software. Sometimes, access control mechanisms come short and solutions on the application-level are needed. An approach can rely on enforcing information security using some features provided by certain programming languages. Several different solutions addressing this problem have been presented in literature, and entire new languages or libraries have been built from scratch. Some of them use type systems to let the compiler check for vulnerable code. In this way we are able to rule out those implementations which do not meet a certain security requirement. In this paper we use Haskell's type system to enforce three key properties of information security: non-interference and flexible declassification policies, strict input validation, and secure computations on untainted and trusted values. We present a functional lightweight library for applications with data integrity and confidentiality issues. Our contribute relies on a compile time enforcing of the aforementioned properties. Our library is wholly generalized and might be adapted for satisfying almost every security requirement.

查看原文本刊更多论文

使用Haskell先进的类型系统，确保信息安全

保护数据的机密性和完整性在现代软件中变得越来越重要。有时，访问控制机制不足，需要应用程序级的解决方案。一种方法可以依赖于使用某些编程语言提供的某些特性来实施信息安全。文献中已经提出了解决这个问题的几种不同的解决方案，并且从头开始构建了全新的语言或库。其中一些使用类型系统让编译器检查易受攻击的代码。通过这种方式，我们能够排除那些不满足特定安全需求的实现。在本文中，我们使用Haskell的类型系统来实现信息安全的三个关键属性:不干扰和灵活的解密策略，严格的输入验证，以及对未污染和可信值的安全计算。我们为具有数据完整性和机密性问题的应用程序提供了一个功能轻量级库。我们的贡献依赖于上述属性的编译时强制执行。我们的库是完全一般化的，可以适应几乎所有的安全需求。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 International Carnahan Conference on Security Technology (ICCST)

自引率

0.00%

发文量