with deferrable constraints in haskell
play

with Deferrable constraints in Haskell through the tale of a - PowerPoint PPT Presentation

Jan 05, 2023 •145 likes •465 views

Gradually typed DSLs with Deferrable constraints in Haskell through the tale of a Haskell information flow control library Pablo Buiras, Alejandro Russo, Dimitrios Vytiniotis Information flow control 101 Non- interference:

  1. Gradually typed DSLs with Deferrable constraints in Haskell … through the tale of a Haskell information flow control library Pablo Buiras, Alejandro Russo, Dimitrios Vytiniotis

  2. Information flow control 101 • Non- interference: “sensitive” input does not flow to “public” output data Label = L | H • Formal model: a lattice of security labels, ℓ ⊑ H = True security labelled data, L ⊑ L = True and observational equivalence w.r.t. a label H ⊑ L = False • Can be enforced statically (e.g. types, static analyses) or dynamically

  3. LIO: Dynamic IFC for Haskell [Stefan et al.] Just a state monad carrying “current label” data LIO a instance Monad LIO 1. Observing (unlabelling) sensitive data increases current label -- data guarded by label data Labeled a 2. Cannot output data below current label

  4. LIO: Dynamic IFC for Haskell [Stefan et al.] Just a state monad carrying “current label” data LIO a instance Monad LIO 1. Observing (unlabelling) sensitive data increases current label -- data guarded by label data Labeled a 2. Cannot output data below current label lconcat :: Labeled String -> Labeled String -> LIO String lconcat lstr1 lstr2 = do -- Initial current label ℓcur str1 <- unlabel lstr1 -- ℓcur’ = ℓcur ⊔ (labelOf lstr1) str2 <- unlabel lstr2 -- ℓcur’’ = ℓcur’ ⊔ (labelOf lstr2) return (str1 ++ str2) -- Final current label ℓcur’’

  5. Quite a number of dynamic checks/taints … Question: Is there a statically checked variant of LIO?

  6. Quite a number of dynamic checks/taints … Question: Is there a statically checked variant of LIO? IDEA 1 type class Flows l1 l2 Use labels at instance Flows L L the type level instance Flows L H instance Flows H H type family Join l1 l2 where ... -- singleton term-level labels data SLabel (l::Label) where L :: SLabel L H :: SLabel H data Labeled (l::Label) a

  7. Quite a number of dynamic checks/taints … Question: Is there a statically checked variant of LIO? IDEA 1 type class Flows l1 l2 Use labels at instance Flows L L the type level instance Flows L H instance Flows H H IDEA 2 type family Join l1 l2 where ... Use a “Hoare data SLIO lin lout a state monad” -- singleton term-level labels return :: a -> SLIO l l a data SLabel (l::Label) where (>>=) :: SLIO l1 l2 a L :: SLabel L -> (a -> SLIO l2 l3 b) H :: SLabel H -> SLIO l1 l3 b data Labeled (l::Label) a

  8. Quite a number of dynamic checks/taints … Question: Is there a statically checked variant of LIO? IDEA 1 Label after type class Flows l1 l2 Use labels at action instance Flows L L Label before the type level action instance Flows L H instance Flows H H IDEA 2 type family Join l1 l2 where ... Use a “Hoare data SLIO lin lout a state monad” -- singleton term-level labels return :: a -> SLIO l l a data SLabel (l::Label) where (>>=) :: SLIO l1 l2 a L :: SLabel L -> (a -> SLIO l2 l3 b) H :: SLabel H -> SLIO l1 l3 b data Labeled (l::Label) a

  9. From LIO to SLIO, mechanically unlabel :: Labeled a -> LIO a -- (1) never fails; -- (2) taints LIO label with argument label Label before Label after action action unlabel :: Labeled la a -> SLIO l (Join l la) a

  10. From LIO to SLIO, mechanically label :: Label -> a -> LIO (Labeled a) -- (1) succeeds only if current label ⊑ argument label; -- (2) returns labelled data Current label can flow to argument label label :: Flows l la => SLabel la -> SLIO l l (Labeled la a)

  11. From LIO to SLIO; tackling the “label creep” toLabeled :: Label -> LIO a -> LIO (Labeled a) -- toLabeled ℓ m -- 1) C heck that ℓcur ⊑ ℓ -- 2) Execute action m starting from ℓcur; new label is ℓcur’ -- 3) Check that ℓcur’ ⊑ ℓ -- 4) If so, pack the result with label ℓ , final label is ℓcur * A simpler version of toLabeled :: SLIO ℓ i ℓo a -> SLIO ℓ i ℓ i (Labeled ℓo a)

  12. Success!

  13. Success! ?

  14. Static types can get complex -- Send a string to a remote server who may leak something report :: Flows l L => String -> SLIO l l () lReport ls1 ls2 = do v1 <- unlabel ls1 v2 <- unlabel ls2 let res = v1 ++ v2 report res return res

  15. Static types can get complex -- Send a string to a remote server who may leak something report :: Flows l L => String -> SLIO l l () lReport :: Flows (Join (Join ℓi ℓ1) ℓ2) L => Labeled ℓ1 String - > Labeled ℓ2 String - > SLIO ℓi (Join (Join ℓi ℓ1) ℓ2) String lReport ls1 ls2 = do v1 <- unlabel ls1 v2 <- unlabel ls2 let res = v1 ++ v2 report res return res

  16. Static types can get complex -- Send a string to a remote server who may leak something report :: Flows l L => String -> SLIO l l () lReport :: Flows (Join (Join ℓi ℓ1) ℓ2) L => Labeled ℓ1 String - > Labeled ℓ2 String - > SLIO ℓi (Join (Join ℓi ℓ1) ℓ2) String lReport ls1 ls2 = do v1 <- unlabel ls1 v2 <- unlabel ls2 A bit verbose but (depending let res = v1 ++ v2 who you are) may be ok report res return res

  17. And its tedious to interact with dynamic data lReport :: Flows (Join (Join ℓi ℓ1) ℓ2) L => Labeled ℓ1 String -> Labeled ℓ2 String -> SLIO ℓ i (Join (Join ℓ i ℓ1) ℓ2) String readRemote :: URI -> SLIO li li ( ∃ l. Labeled l String) readReport = do (Exists lv1) <- readRemote “host1” (Exists lv2) <- readRemote “host2” toLabeled (lReport lv1 lv2)

  18. And its tedious to interact with dynamic data lReport :: Flows (Join (Join ℓi ℓ1) ℓ2) L => Labeled ℓ1 String -> Labeled ℓ2 String -> SLIO ℓ i (Join (Join ℓ i ℓ1) ℓ2) String readRemote :: URI -> SLIO li li ( ∃ l. Labeled l String) Labeled l1 String readReport = do (Exists lv1) <- readRemote “host1” (Exists lv2) <- readRemote “host2” toLabeled (lReport lv1 lv2)

  19. And its tedious to interact with dynamic data lReport :: Flows (Join (Join ℓi ℓ1) ℓ2) L => Labeled ℓ1 String -> Labeled ℓ2 String -> SLIO ℓ i (Join (Join ℓ i ℓ1) ℓ2) String readRemote :: URI -> SLIO li li ( ∃ l. Labeled l String) Labeled l1 String Labeled l2 String readReport = do (Exists lv1) <- readRemote “host1” (Exists lv2) <- readRemote “host2” toLabeled (lReport lv1 lv2)

  20. And its tedious to interact with dynamic data lReport :: Flows (Join (Join ℓi ℓ1) ℓ2) L => Labeled ℓ1 String -> Labeled ℓ2 String -> SLIO ℓ i (Join (Join ℓ i ℓ1) ℓ2) String readRemote :: URI -> SLIO li li ( ∃ l. Labeled l String) Labeled l1 String Labeled l2 String Can you spot the 2 type readReport = do errors in readReport? (Exists lv1) <- readRemote “host1” (Exists lv2) <- readRemote “host2” toLabeled (lReport lv1 lv2)

  21. What’s wrong with this code? lReport :: Flows (Join (Join ℓi ℓ1) ℓ2) L => Labeled ℓ1 String -> Labeled ℓ2 String -> SLIO ℓ i (Join (Join ℓ i ℓ1) ℓ2) String readRemote :: URI -> SLIO li li ( ∃ l. Labeled l String) Labeled l1 String Labeled l2 String (1) Existentials escape in return type readReport = do (2) Existentials escape in constraint (Exists lv1) <- readRemote “host1” (Exists lv2) <- readRemote “host2” toLabeled (lReport lv1 lv2)

  22. Existential escape in types: easy solution Labeled l1 String Labeled l2 String Flows (Join (Join li l1) l2) L readReport = do (Exists lv1) <- readRemote “host1” (Exists lv2) <- readRemote “host2” val <- toLabeled (lReport lv1 lv2) return ( Exists val) (1) Existentials escape in return type (2) Existentials escape in constraint

  23. So, back to dynamic LIO? Not quite!

  24. What if we could just … defer a constraint? Labeled l1 String Labeled l2 String Flows (Join (Join li l1) l2) L readReport = do (Exists lv1) <- readRemote “host1” (Exists lv2) <- readRemote “host2” val <- defer (toLabeled (lReport lv1 lv2)) return (Exists val) (1) Existentials escape in return type (2) Existentials escape in constraint

  25. Gradually typed LIO in Haskell

  26. How to defer a constraint to runtime? deferC :: (c => a) -> a Give me any function that requires constraint c to produce result a, and I will give you back a Seems seriously implausible! 

  27. Key idea: A type class of Deferrable constraints class Deferrable (c :: Constraint) where deferC :: Proxy c -> (c => a) -> a Common Haskell-ism to account for the lack of explicit type applications

  28. Easy to give Deferrable instances ! class Deferrable (c :: Constraint) where deferC :: Proxy c -> (c => a) -> a -- class providing a singleton class CLabel l where lab :: Proxy l -> SLabel l instance (Clabel l1, Clabel l2) => Deferrable (Flows l1 l2) where deferC p m = case (lab p1, lab p2) of (L,L) -> m (L,H) -> m (H,H) -> m (H,L) -> error "IFC violation!" where p1 = ⊥ :: Proxy l1; p2 = ⊥ :: Proxy l2 instance (Deferrable c1, Deferrable c2) => Deferrable (c1,c2)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Haskell-RL An Equational Specification of Haskell in Maude Andrew Bennett Presented on 24 April

Haskell-RL An Equational Specification of Haskell in Maude Andrew Bennett Presented on 24 April

Haskell-RL An Equational Specification of Haskell in Maude Andrew Bennett Presented on 24 April 2006 Summary Haskell / Haskell-RL Examples Supported Features Haskell-RL State Implementation Functions Data Types

631 views • 14 slides
Bringing Haskell to the World www.fpcomplete.com Experience Report Building Haskell Development

Bringing Haskell to the World www.fpcomplete.com Experience Report Building Haskell Development

Bringing Haskell to the World www.fpcomplete.com Experience Report Building Haskell Development and Deployment tools Gregg Lebovitz Director, Product Management FP Complete Company Goals Increase Haskell Adoption Make Haskell More

344 views • 21 slides
Ancillary Service to the Grid Using Intelligent Deferrable Loads PGMO Days 2015 Ana Bu si

Ancillary Service to the Grid Using Intelligent Deferrable Loads PGMO Days 2015 Ana Bu si

Ancillary Service to the Grid Using Intelligent Deferrable Loads PGMO Days 2015 Ana Bu si c Inria, DI ENS In collaboration with S. Meyn and P. Barooah Thanks to PGMO, NSF, and Google Outline 1 Challenges of Renewable Energy Integration

950 views • 67 slides
Haskell Deian Stefan (adopted from my &amp; Edward Yangs CSE242 slides) Why Haskell? The

Haskell Deian Stefan (adopted from my &amp; Edward Yangs CSE242 slides) Why Haskell? The

Haskell Deian Stefan (adopted from my &amp; Edward Yangs CSE242 slides) Why Haskell? The great ideas [Haskell] Expressive power (say more with less) Pattern matching First-class functions Exception handling Type inference Continuations

597 views • 26 slides
Through the lens of Haskell Exploring new ideas for library design @georgesdubus Haskell, the

Through the lens of Haskell Exploring new ideas for library design @georgesdubus Haskell, the

Through the lens of Haskell Exploring new ideas for library design @georgesdubus Haskell, the language Haskell, the ecosystem Design space There should be one and preferably only one obvious way to do it. (Python) There should be

831 views • 46 slides
Deriving a Relationship from a Single Example Neil Mitchell community.haskell.org/~ndm/derive

Deriving a Relationship from a Single Example Neil Mitchell community.haskell.org/~ndm/derive

Deriving a Relationship from a Single Example Neil Mitchell community.haskell.org/~ndm/derive Haskell data type Haskell lets us define data types: data Language = Haskell [Extension] Compiler | Javascript | Cpp Version Eq instance

1.46k views • 56 slides
Metaprogramming Haskell, Metaprogramming Haskell, Metaprogramming Haskell, The Racket Way The

Metaprogramming Haskell, Metaprogramming Haskell, Metaprogramming Haskell, The Racket Way The

Metaprogramming Haskell, Metaprogramming Haskell, Metaprogramming Haskell, The Racket Way The Racket Way The Racket Way Alexis King Alexis King Northwestern University &amp; PLT 1 #!/bin/bash set -ueo pipefail curl -s

1.4k views • 70 slides
Haskell for Grownups Bill Harrison February 8, 2019 Table of Contents Introduction Resources

Haskell for Grownups Bill Harrison February 8, 2019 Table of Contents Introduction Resources

Haskell for Grownups Bill Harrison February 8, 2019 Table of Contents Introduction Resources for Haskell Haskell vs. C Types + Functions = Programs Pragmatics Modules are the basic unit of a Haskell program Using GHCi How to Write a

761 views • 50 slides
Scheduling Aperiodic and Sporadic Jobs Definitions Polling Server Deferrable Server

Scheduling Aperiodic and Sporadic Jobs Definitions Polling Server Deferrable Server

CPSC-663: Real-Time Systems Aperiodic and Sporadic Jobs Scheduling Aperiodic and Sporadic Jobs Definitions Polling Server Deferrable Server Sporadic Server Generalized Processor Sharing Constant Utilization Server

267 views • 23 slides
A Haskell-Implementation of STM Haskell with Early Conflict Detection David Sabel

A Haskell-Implementation of STM Haskell with Early Conflict Detection David Sabel

A Haskell-Implementation of STM Haskell with Early Conflict Detection David Sabel Goethe-University, Frankfurt, Germany ATPS 2014, Kiel 1 Introduction Software Transactional Memory (STM) treats shared memory operations as transactions

325 views • 20 slides
haskell cons In haskell consing is done via the infix operator (:). For example: (cons 1 (cons 2

haskell cons In haskell consing is done via the infix operator (:). For example: (cons 1 (cons 2

haskell cons In haskell consing is done via the infix operator (:). For example: (cons 1 (cons 2 (cons 3 null))) is the same as 1:2:3:[] in haskell types Haskell has types! Love the typechecker Some of these types you are familiar

566 views • 9 slides
Understanding Basic Haskell Error Messages by Jan Stolarek jan.stolarek@p.lodz.pl Haskell

Understanding Basic Haskell Error Messages by Jan Stolarek jan.stolarek@p.lodz.pl Haskell

Understanding Basic Haskell Error Messages by Jan Stolarek jan.stolarek@p.lodz.pl Haskell is a language that differs greatly from the mainstream languages of today. An emphasis on pure functions, a strong typing system, and a lack of

406 views • 21 slides
Faster Haskell Neil Mitchell www.cs.york.ac.uk/~ndm The Goal Make Haskell faster

Faster Haskell Neil Mitchell www.cs.york.ac.uk/~ndm The Goal Make Haskell faster

Faster Haskell Neil Mitchell www.cs.york.ac.uk/~ndm The Goal Make Haskell faster Reduce the runtime But keep high-level declarative style Full automatic - no special functions Different from foldr/build,

478 views • 24 slides
Dr. Strange- Todd L. Montgomery @toddlmontgomery Haskell Erlang Haskell Clojure

Dr. Strange- Todd L. Montgomery @toddlmontgomery Haskell Erlang Haskell Clojure

How I Learned to Stop Worrying &amp; Love the or Dr. Strange- Todd L. Montgomery @toddlmontgomery Haskell Erlang Haskell Clojure Groovy Erlang Scala Haskell Clojure C# Groovy Erlang C++11 Scala Haskell

1.14k views • 84 slides
Monadic I/O in Haskell Jim Royer CIS 352 March 5, 2019 Jim Royer Monadic I/O in [1ex]

Monadic I/O in Haskell Jim Royer CIS 352 March 5, 2019 Jim Royer Monadic I/O in [1ex]

Monadic I/O in Haskell Jim Royer CIS 352 March 5, 2019 Jim Royer Monadic I/O in [1ex] Haskell 1 / 33 References Chapter 18 of Haskell: the Craft of Functional Programming by Simon Thompson, Addison-Wesley, 2011. Chapter 9 of Learn you a

620 views • 39 slides
Haskell in the datacentre! Simon Marlow Facebook (FHPC 17, September 2017) Haskell powers

Haskell in the datacentre! Simon Marlow Facebook (FHPC 17, September 2017) Haskell powers

Haskell in the datacentre! Simon Marlow Facebook (FHPC 17, September 2017) Haskell powers Sigma A platform for detection Clients Used by many different teams Mainly for anti-abuse e.g. spam, malicious URLs Machine

883 views • 86 slides
Web Mining and Recommender Systems T emporal data mining This week Temporal models This week

Web Mining and Recommender Systems T emporal data mining This week Temporal models This week

Web Mining and Recommender Systems T emporal data mining This week Temporal models This week well look back on some of the topics already covered in this class, and see how they can be adapted to make use of temporal information 1.

707 views • 59 slides
The (gimmicky) Road Map Gradual Sub-Lattice Reduction The Old Stuff Lattice Reduction

The (gimmicky) Road Map Gradual Sub-Lattice Reduction The Old Stuff Lattice Reduction

The Old Stuff The New Concepts The Bottom Line Gradual Sub-Lattice Reduction (now with more applications!) Andy Novocin andy@novocin.com LIRMM, Montpellier June 22nd The Old Stuff The New Concepts The Bottom Line The (gimmicky) Road

1.46k views • 99 slides
A Gradual, Semi-Discrete Approach to Generative Network Training via Explicit Wasserstein

A Gradual, Semi-Discrete Approach to Generative Network Training via Explicit Wasserstein

A Gradual, Semi-Discrete Approach to Generative Network Training via Explicit Wasserstein Minimization Yucheng Chen 1 Matus Telgarsky 1 Chao Zhang 1 Bolton Bailey 1 Daniel Hsu 2 Jian Peng 1 1 Department of Computer Science, UIUC, Urbana, IL 2

99 views • 8 slides
Efficient Semantic Segmentation using Gradual Grouping Nikitha Vallurupalli 1 , Sriharsha

Efficient Semantic Segmentation using Gradual Grouping Nikitha Vallurupalli 1 , Sriharsha

Efficient Semantic Segmentation using Gradual Grouping Nikitha Vallurupalli 1 , Sriharsha Annamaneni 1 , Girish Varma 1 , C V Jawahar 1 , Manu Mathew 2 , Soyeb Nagori 2 IIIT Hyderabad 1 , TI Bangalore 2 Image / annotation from cityscapes dataset

309 views • 13 slides
The effectiveness of gradual learning EN S EMBLE METH ODS IN P YTH ON Romn de las Heras

The effectiveness of gradual learning EN S EMBLE METH ODS IN P YTH ON Romn de las Heras

The effectiveness of gradual learning EN S EMBLE METH ODS IN P YTH ON Romn de las Heras Data Scientist, SAP / Agile Solutions Collective vs gradual learning Collective Learning Gradual Learning Principle: wisdom of the crowd Principle:

461 views • 23 slides
03: Choice &amp; Control 15-424: Foundations of Cyber-Physical Systems Andr e Platzer

03: Choice &amp; Control 15-424: Foundations of Cyber-Physical Systems Andr e Platzer

03: Choice &amp; Control 15-424: Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr e

847 views • 27 slides
Gradual Information Flow Typing Tim Disney Cormac Flanagan University of California Santa Cruz

Gradual Information Flow Typing Tim Disney Cormac Flanagan University of California Santa Cruz

Gradual Information Flow Typing Tim Disney Cormac Flanagan University of California Santa Cruz January 29th, 2011 - STOP 2011 Combining gradual typing with information flow Gradual Information + Typing Flow = More secure software

1.1k views • 82 slides
Graffit ffiti i Data a Analy lysis sis Philip lip Santarp tarpia ia Pro rof. Chun un

Graffit ffiti i Data a Analy lysis sis Philip lip Santarp tarpia ia Pro rof. Chun un

12/17/2015 Graffit ffiti i Data a Analy lysis sis Philip lip Santarp tarpia ia Pro rof. Chun un BDA 761 Inquiries about the Graffiti Data What is the Average clean up time per borough? What is the largest problem area in each

221 views • 5 slides

More recommend