A Haskell-embedded DSL for secure information-flow

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming Pub Date : 2025-06-13 DOI:10.1016/j.scico.2025.103351

Cecilia Manzino, Gonzalo de Latorre

{"title":"A Haskell-embedded DSL for secure information-flow","authors":"Cecilia Manzino, Gonzalo de Latorre","doi":"10.1016/j.scico.2025.103351","DOIUrl":null,"url":null,"abstract":"<div><div>This paper presents a domain-specific language, embedded in Haskell (EDSL), for enforcing the information flow property <em>Delimited Release</em>. To build this language we use Haskell extensions that will allow some kind of dependently-typed programming.</div><div>Considering the effort it takes to build a language from scratch, we decided to provide an information-flow security language as an EDSL, using the infrastructure of the host language to support it.</div><div>The decision to use Haskell as the implementation language was driven by its powerful type system that makes it possible to encode the security type system of the embedded language at the type level, as well as by its nature as a general-purpose language.</div><div>The implementation follows an approach in which the type of the abstract syntax of the embedded language is decorated with security type information. In this way, typed programs will correspond to secure programs, and the verification of the security invariants of programs will be reduced to type-checking.</div><div>The embedded security language is designed in a way that is easy to use. We illustrate its use through three examples: an electronic purchase, secure reading of database information, and a password checker.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"247 ","pages":"Article 103351"},"PeriodicalIF":1.5000,"publicationDate":"2025-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Science of Computer Programming","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167642325000905","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

This paper presents a domain-specific language, embedded in Haskell (EDSL), for enforcing the information flow property Delimited Release. To build this language we use Haskell extensions that will allow some kind of dependently-typed programming.

Considering the effort it takes to build a language from scratch, we decided to provide an information-flow security language as an EDSL, using the infrastructure of the host language to support it.

The decision to use Haskell as the implementation language was driven by its powerful type system that makes it possible to encode the security type system of the embedded language at the type level, as well as by its nature as a general-purpose language.

The implementation follows an approach in which the type of the abstract syntax of the embedded language is decorated with security type information. In this way, typed programs will correspond to secure programs, and the verification of the security invariants of programs will be reduced to type-checking.

The embedded security language is designed in a way that is easy to use. We illustrate its use through three examples: an electronic purchase, secure reading of database information, and a password checker.

查看原文本刊更多论文

用于安全信息流的haskell嵌入式DSL

本文提出了一种嵌入在Haskell （EDSL）中的领域特定语言，用于强制执行信息流属性Delimited Release。为了构建这种语言，我们使用了Haskell扩展，它将允许某种依赖类型的编程。考虑到从头开始构建一门语言需要付出的努力，我们决定将信息流安全语言作为EDSL提供，并使用宿主语言的基础设施来支持它。使用Haskell作为实现语言的决定是由其强大的类型系统驱动的，它可以在类型级别对嵌入式语言的安全类型系统进行编码，同时也是由于它作为一种通用语言的性质。该实现遵循一种方法，在该方法中，嵌入式语言的抽象语法的类型使用安全类型信息进行修饰。这样，类型化程序将对应于安全程序，程序的安全不变量的验证将简化为类型检查。嵌入式安全语言以一种易于使用的方式设计。我们通过三个示例来说明它的使用：电子购买、安全读取数据库信息和密码检查器。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Science of Computer Programming 工程技术-计算机：软件工程

CiteScore

3.80

自引率

0.00%

发文量

审稿时长

67 days

期刊介绍： Science of Computer Programming is dedicated to the distribution of research results in the areas of software systems development, use and maintenance, including the software aspects of hardware design. The journal has a wide scope ranging from the many facets of methodological foundations to the details of technical issues andthe aspects of industrial practice. The subjects of interest to SCP cover the entire spectrum of methods for the entire life cycle of software systems, including • Requirements, specification, design, validation, verification, coding, testing, maintenance, metrics and renovation of software; • Design, implementation and evaluation of programming languages; • Programming environments, development tools, visualisation and animation; • Management of the development process; • Human factors in software, software for social interaction, software for social computing; • Cyber physical systems, and software for the interaction between the physical and the machine; • Software aspects of infrastructure services, system administration, and network management.