flexible dynamic information flow control in haskell
play

Flexible Dynamic Information Flow Control in Haskell Deian Stefan 1 - PowerPoint PPT Presentation

Sep 23, 2022 •263 likes •820 views

Flexible Dynamic Information Flow Control in Haskell Flexible Dynamic Information Flow Control in Haskell Deian Stefan 1 Alejandro Russo 2 John C. Mitchell 1 David Mazires 1 1 2 Haskell11 www.scs.stanford.edu/ deian/lio Flexible

  1. Flexible Dynamic Information Flow Control in Haskell Flexible Dynamic Information Flow Control in Haskell Deian Stefan 1 Alejandro Russo 2 John C. Mitchell 1 David Mazières 1 1 2 Haskell’11 www.scs.stanford.edu/ ∼ deian/lio

  2. Flexible Dynamic Information Flow Control in Haskell Introduction Motivation Motivation Complex systems are composed of many different modules Generally, difficult to asses quality of modules ⇒ bugs and malware are pervasive Current approaches to execute untrusted code are very limited

  3. Flexible Dynamic Information Flow Control in Haskell Introduction Motivation Motivation: A paper review system Integrating untrusted plugins Administrator functionality Add papers and users Assign reviewers Specify conflict of interest relationships User functionality Read papers and read/write reviews Provide and execute (untrusted) plugins Security Policy: User in conflict with a paper should not be able to read the corresponding review.

  4. Flexible Dynamic Information Flow Control in Haskell Introduction Motivation Motivation: A paper review system Integrating untrusted plugins Administrator functionality Add papers and users Assign reviewers Specify conflict of interest relationships User functionality Read papers and read/write reviews Provide and execute (untrusted) plugins Security Policy: User in conflict with a paper should not be able to read the corresponding review.

  5. Flexible Dynamic Information Flow Control in Haskell Introduction Motivation Motivation: A paper review system Integrating untrusted plugins Example third-party plugins 1 Online chat for discussing common reviews 2 Alternative user interface 3 PDF viewer with review annotations 4 . . .

  6. Flexible Dynamic Information Flow Control in Haskell Introduction Motivation Motivation: A paper review system Integrating untrusted plugins Challenge: How do we safely integrate plugins? 1 Limit plugins to pure computations ✗ Inflexible: may want to use references, file-system, etc. 2 Allow plugins to use IO library ✗ Insecure: can easily violate security policies

  7. Flexible Dynamic Information Flow Control in Haskell Introduction Motivation Motivation: A paper review system Integrating untrusted plugins Challenge: How do we safely integrate plugins? Solution: New Labeled IO (LIO) library ✓ Secure: security policies enforced in end-to-end fashion ✓ Flexible: can access references, file-system, etc., using policy-enforcing API

  8. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library Enforcing Security Policies Common approach: policy specifies what code can be executed ✗ Requires reasoning about every line of code

  9. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library Enforcing Security Policies Common approach: policy specifies what code can be executed ✗ Requires reasoning about every line of code Information flow control approach: policy specifies where data can flow ✓ No reasoning about plugin code necessary ➥ Well- suited for executing untrusted code

  10. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library Enforcing Security Policies Common approach: policy specifies what code can be executed ✗ Requires reasoning about every line of code Information flow control approach: policy specifies where data can flow ✓ No reasoning about plugin code necessary ➥ Well- suited for executing untrusted code ✓ Natural way to specify policies ⊲ e.g., if Bob is in conflict with review R : policy ≡ information from R cannot flow to Bob

  11. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library Enforcing Security Policies Common approach: policy specifies what code can be executed ✗ Requires reasoning about every line of code Information flow control approach: policy specifies where data can flow ✓ No reasoning about plugin code necessary ➥ Well- suited for executing untrusted code ✓ Natural way to specify policies ⊲ e.g., if Bob is in conflict with review R : policy ≡ information from R cannot flow to Bob ➠ LIO is an IFC library!

  12. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library DIFC Model Enforcing IFC With Labels How do we track and control the flow of information? R Every piece of data in the system has a label ⊲ e.g., review has label L R Every computation has a labels ∼ behavior ⊲ e.g., plugin has label L P Labels are partially ordered by ⊑ ( can flow to ) relation ⇒ determines allowable flows E.g., Plugin accesses a review.

  13. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library DIFC Model Enforcing IFC With Labels How do we track and control the flow of information? READ R Every piece of data in the system has a label ⊲ e.g., review has label L R Every computation has a labels ∼ behavior ⊲ e.g., plugin has label L P Labels are partially ordered by ⊑ ( can flow to ) relation ⇒ determines allowable flows E.g., READ is a flow from review to plugin.

  14. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library DIFC Model Enforcing IFC With Labels How do we track and control the flow of information? WRITE R Every piece of data in the system has a label ⊲ e.g., review has label L R Every computation has a labels ∼ behavior ⊲ e.g., plugin has label L P Labels are partially ordered by ⊑ ( can flow to ) relation ⇒ determines allowable flows E.g., WRITE is a flow from plugin to review.

  15. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library DIFC Model Reasoning About Policy Enforcement Transitivity of ⊑ relation How do labels help enforce security policies?

  16. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library DIFC Model Reasoning About Policy Enforcement Transitivity of ⊑ relation How do labels help enforce security policies? ➥ Labels impose restrictions on flow of data.

  17. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library DIFC Model Reasoning About Policy Enforcement Transitivity of ⊑ relation X E.g., Label review so it cannot flow to Bob ➥ Label policy enforced end-to-end

  18. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library DIFC Model Reasoning About Policy Enforcement Transitivity of ⊑ relation E.g., Even if there are many paths from R to Bob ➥ There is no label L P such that L R ⊑ L P ⊑ L Bob

  19. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library DIFC Model Reasoning About Policy Enforcement Transitivity of ⊑ relation X E.g., Even if there are many paths from R to Bob ➥ There is no label L P such that L R ⊑ L P ⊑ L Bob

  20. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library DIFC Model Reasoning About Policy Enforcement Transitivity of ⊑ relation X E.g., Even if there are many paths from R to Bob ➥ There is no label L P such that L R ⊑ L P ⊑ L Bob

  21. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library DIFC Model Decentralized IFC E.g., Suppose program chair wants to send results , once the review process is over ➥ He cannot send result to Bob: ⊑ is too strict X A computation may employ privileges ( ⋆ ) to bypass certain flow restrictions with ⊑ ⋆

  22. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library DIFC Model Decentralized IFC E.g., Suppose program chair wants to send results , once the review process is over ➥ He cannot send result to Bob: ⊑ is too strict A computation may employ privileges ( ⋆ ) to bypass certain flow restrictions with ⊑ ⋆

  23. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library DIFC Model Decentralized IFC E.g., Suppose program chair wants to send results , once the review process is over ➥ He cannot send result to Bob: ⊑ is too strict A computation may employ privileges ( ⋆ ) to bypass certain flow restrictions with ⊑ ⋆

  24. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library Core Library The Right Language for DIFC Difficult to do DIFC as a library ➥ Usually requires modifying language Haskell is a natural fit for IFC Type-level distinction between pure and side-effecting code ⇒ can control side-effects Monad transformers ⇒ can associate labels with computations

  25. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library Core Library The Right Language for DIFC Difficult to do DIFC as a library ➥ Usually requires modifying language Haskell is a natural fit for IFC Type-level distinction between pure and side-effecting code ⇒ can control side-effects Monad transformers ⇒ can associate labels with computations Haskell is almost perfect ✗ Issue: unsafe ∗ to break type system

  26. Flexible Dynamic Information Flow Control in Haskell Information Flow Control Library Core Library The Right Language for DIFC Difficult to do DIFC as a library ➥ Usually requires modifying language Haskell is a natural fit for IFC Type-level distinction between pure and side-effecting code ⇒ can control side-effects Monad transformers ⇒ can associate labels with computations Haskell is almost perfect ✗ Issue: unsafe ∗ to break type system ✓ Addressed by SafeHaskell (see D. Terei’s talk)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

with Deferrable constraints in Haskell through the tale of a Haskell information flow control

with Deferrable constraints in Haskell through the tale of a Haskell information flow control

Gradually typed DSLs with Deferrable constraints in Haskell through the tale of a Haskell information flow control library Pablo Buiras, Alejandro Russo, Dimitrios Vytiniotis Information flow control 101 Non- interference:

465 views • 31 slides
IFC Inside: Retrofitting Languages with Dynamic Information Flow Control Stefan Heule, Deian

IFC Inside: Retrofitting Languages with Dynamic Information Flow Control Stefan Heule, Deian

IFC Inside: Retrofitting Languages with Dynamic Information Flow Control Stefan Heule, Deian Stefan, Edward Z. Yang, John C. Mitchell, Alejandro Russo Stanford University, Chalmers University Motivating Example: Web Security Website uses

487 views • 28 slides
Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow

Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow

Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow Analysis Data-flow Analysis Static VS Dynamic Analysis Software Testing Control Con ol Flow ow Gr Graph entry S1 Procedure AVG S1 count =

1.08k views • 104 slides
Control Flow CS105 : Saelee dynamic flow of execution single path sequential decisions

Control Flow CS105 : Saelee dynamic flow of execution single path sequential decisions

Control Flow CS105 : Saelee dynamic flow of execution single path sequential decisions questions conditional operators Math Notation Ruby Operator < < > > >= <= = == != Boolean values true

465 views • 17 slides
Topics in Software Dynamic White-box Testing Part 1: Control-flow Testing [Reading assignment:

Topics in Software Dynamic White-box Testing Part 1: Control-flow Testing [Reading assignment:

Topics in Software Dynamic White-box Testing Part 1: Control-flow Testing [Reading assignment: Chapter 7, pp. 105-122 plus many things in slides that are not in the book ] Control-Flow Testing Control-flow testing is a structural testing

509 views • 48 slides
1 Liveness by Example (cont) Control Flow Graphs (CFGs) Live range of a Definition a is live

1 Liveness by Example (cont) Control Flow Graphs (CFGs) Live range of a Definition a is live

Introduction to Data-flow analysis Data-flow Analysis Last Time Idea Undergraduate compilers review Data-flow analysis derives information about the dynamic behavior of a program by only examining the static code Assem.Instr data

903 views • 4 slides
Optimizing Dynamic Power Flow Anders Rantzer Automatic Control LTH Lund Universty Anders

Optimizing Dynamic Power Flow Anders Rantzer Automatic Control LTH Lund Universty Anders

Optimizing Dynamic Power Flow Anders Rantzer Automatic Control LTH Lund Universty Anders Rantzer Optimizing Dynamic Power Flow Combine with water power reservoirs in northern Sweden Use wind farms to stabilize network AEOLUS project:

873 views • 27 slides
eventlet eventlet coroutines flexible efficient control flow greenlet non-blocking i/o

eventlet eventlet coroutines flexible efficient control flow greenlet non-blocking i/o

eventlet eventlet coroutines flexible efficient control flow greenlet non-blocking i/o efficient network i/o select/poll/epoll threads switch between async and sync queues/pipes coroutines main subroutine: subroutine(1, 2)

487 views • 23 slides
Computer Security environment, without compromising functionality or security? Three parts

Computer Security environment, without compromising functionality or security? Three parts

9/7/2013 Some topics Im working on Computing on encrypted data Information flow: Dynamic IFC in Haskell, web Sandboxing Untrusted JavaScript Third party web tracking and other web security stories Practical web security

572 views • 21 slides
Ni Nickel A Framework for Design and Verification of Information Flow Control Systems Helgi

Ni Nickel A Framework for Design and Verification of Information Flow Control Systems Helgi

Ni Nickel A Framework for Design and Verification of Information Flow Control Systems Helgi Sigurbjarnarson , Luke Nelson, Bruno Castro-Karney, James Bornholt, Emina Torlak, and Xi Wang .org Enforcing information flow control is critical

1.02k views • 58 slides
1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
Information flow control 1 D. Denning and P. Denning Certification of Programs for Secure

Information flow control 1 D. Denning and P. Denning Certification of Programs for Secure

Secure Architecture Principles Information flow control 1 D. Denning and P. Denning Certification of Programs for Secure Information Flow (CACM 1976) Review Access Control Discretionary access control (DAC) Philosophy: users have

321 views • 16 slides
Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification

Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification

Flow and Congestion Control CS 218 F2003 Oct 29, 03 Flow control goals Classification and overview of main techniques TCP Tahoe, Reno, Vegas TCP Westwood Readings: (1) Keshavs book Chapter on Flow Control; (2)

374 views • 22 slides
A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer

A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer

A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer Logical Systems Lab Computer Science Department Carnegie Mellon University LICS18 1 / 21 Outline: Hybrid { Dynamics, Logic, Power } Hybrid

353 views • 34 slides
Control flow Conditionals and Control Flow l A conditional branch

Control flow Conditionals and Control Flow l A conditional branch

10/2/15 Control flow Conditionals and Control Flow l A conditional branch is sufficient to implement most control Condition codes flow constructs offered in higher

356 views • 12 slides
1 Why Why flow flow control? control? sender

1 Why Why flow flow control? control? sender

Lecture 7. Lecture 7. TCP mechanisms for: TCP mechanisms for: data transfer control / flow control error control congestion control Graphical examples (applet java) of several algorithms at:

589 views • 13 slides
Data Analytics and Dynamic Languages Lee E. Edlefsen, Ph.D. VP of Engineering 1 Overview

Data Analytics and Dynamic Languages Lee E. Edlefsen, Ph.D. VP of Engineering 1 Overview

Data Analytics and Dynamic Languages Lee E. Edlefsen, Ph.D. VP of Engineering 1 Overview Revolution Confidential This is my perspective on the use of dynamic languages (interpreters) for data analytics (statistics) I am a

728 views • 14 slides
Assemblages: Modules with Interfaces for Dynamic Linking and Communication Yu David Liu and

Assemblages: Modules with Interfaces for Dynamic Linking and Communication Yu David Liu and

Assemblages: Modules with Interfaces for Dynamic Linking and Communication Yu David Liu and Scott F. Smith The Johns Hopkins University Assemblages:Modules with InterfacesforDynamic Linking and Communication p.1 The Main Design Principle

652 views • 40 slides
Programming Languages Third Edition Chapter 10 Control II Procedures and Environments

Programming Languages Third Edition Chapter 10 Control II Procedures and Environments

Programming Languages Third Edition Chapter 10 Control II Procedures and Environments Objectives Understand the nature of procedure definition and activation Understand procedure semantics Learn parameter-passing mechanisms

1.15k views • 99 slides
Dynamic Pricing Janyl Jumadinova, Raj Dasgupta Computer Science Department University of

Dynamic Pricing Janyl Jumadinova, Raj Dasgupta Computer Science Department University of

Multi-attribute Regret-based Dynamic Pricing Janyl Jumadinova, Raj Dasgupta Computer Science Department University of Nebraska, Omaha Outline Problem: Multi-attribute dynamic pricing Solution: Preference elicitation using minimax

309 views • 20 slides
Web Architecture, 3-Tier Apps PDBM 15.1, 15.6 Dr. Chris Mayfield Department of Computer Science

Web Architecture, 3-Tier Apps PDBM 15.1, 15.6 Dr. Chris Mayfield Department of Computer Science

Web Architecture, 3-Tier Apps PDBM 15.1, 15.6 Dr. Chris Mayfield Department of Computer Science James Madison University Mar 24, 2020 Definitions What is The Internet? A global system of interconnected computer networks that use the Internet

632 views • 14 slides
D3 Tutorial Introduction of Basic Components: HTML, CSS, SVG, and JavaScript D3.js Setup Edit by

D3 Tutorial Introduction of Basic Components: HTML, CSS, SVG, and JavaScript D3.js Setup Edit by

D3 Tutorial Introduction of Basic Components: HTML, CSS, SVG, and JavaScript D3.js Setup Edit by Jiayi Xu and Han-Wei Shen, The Ohio State University HTML - H yper T ext M arkup L anguage HTML is the standard markup language for creating Web

1.14k views • 39 slides
HTML, XML Ramakrishnan & Gehrke, Chapter 7 www.w3schools.com www.webdesign.com Really

HTML, XML Ramakrishnan & Gehrke, Chapter 7 www.w3schools.com www.webdesign.com Really

Web Service Architectures; HTML, XML Ramakrishnan & Gehrke, Chapter 7 www.w3schools.com www.webdesign.com Really everybody can design an own website 320302 Databases & Web Services (P. Baumann) Overview Internet / Web

2.55k views • 29 slides
06/09/14 10. A (very) short intro to JSP 10. A (very) short intro to JSP Dynamic web pages

06/09/14 10. A (very) short intro to JSP 10. A (very) short intro to JSP Dynamic web pages

06/09/14 10. A (very) short intro to JSP 10. A (very) short intro to JSP Dynamic web pages Dynamic web pages Internet HTTP Request Web browser Web browser Advanced CS Intro

375 views • 3 slides

More recommend