2018-06-18: Coarse-grained information-flow control as a library in Haskell

Abstract

Information-Flow Control (IFC) is a well-established approach for allowing untrusted code to manipulate sensitive data securely. It relies on tracking dependencies within a program to ensure confidentiality and integrity, i.e. to prohibit public outputs that depend on secret inputs or trusted outputs that depend on untrusted inputs. In a coarse-grained enforcement, computations get a single label that bounds the sensitivity of all values in scope rather than labelling values individually.

In this talk, we will explore how to leverage functional programming abstractions to implement coarse-grained information-flow control as a Haskell library known as LIO. We will illustrate the flexibility of the approach by extending the LIO library with advanced features such as concurrency, static and dynamic checking and access to an untrusted external store. Some of these features introduce new challenges for security, including covert channels that arise from the timing behaviour of programs. Despite these challenges, we will show how to preserve security guarantees in the presence of such features.

About Pablo Buiras

Pablo Buiras is a Postdoctoral Fellow at Harvard University's School of Engineering and Applied Sciences, where he has been since 2016. He received a B.S. and M.Sc. from Universidad Nacional de Rosario in Rosario, Argentina in 2012. He received his PhD in Computer Science from Chalmers University of Technology in Gothenburg, Sweden in 2016 under the guidance of Alejandro Russo. His dissertation focused on information-flow control for programming-language-based security in Haskell. More generally, his interests also include functional programming, type systems, verification and programming language semantics.