Achieving information flow security through precise control of effects

Author

Harrison, William L. ; Hook, James

Author_Institution

Dept. of Comput. Sci., Missouri Univ., Columbia, MO, USA

fYear

2005

fDate

20-22 June 2005

Firstpage

16

Lastpage

30

Abstract

This paper advocates a novel approach to the construction of secure software: controlling information flow and maintaining integrity via monadic encapsulation of effects. This approach is constructive, relying on properties of monads and monad transformers to build, verify, and extend secure software systems. We illustrate this approach by construction of abstract operating systems called separation kernels. Starting from a mathematical model of shared-state concurrency based on monads of resumptions and state, we outline the development by stepwise refinements of separation kernels supporting Unix-like system calls, interdomain communication, and a formally verified security policy (domain separation). Because monads may be easily and safely represented within any pure, higher-order, typed functional language, the resulting system models may be directly realized within a language such as Haskell.

Keywords

concurrency control; data integrity; operating system kernels; security of data; Haskell; Unix-like system calls; abstract operating systems; domain separation; information flow security; information integrity; interdomain communication; monadic encapsulation; security policy; separation kernels; shared-state concurrency; software security; typed functional language; Communication system security; Concurrent computing; Encapsulation; Information security; Kernel; Mathematical model; Operating systems; Software maintenance; Software systems; Transformers;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations, 2005. CSFW-18 2005. 18th IEEE Workshop

ISSN

1063-6900

Print_ISBN

0-7695-2340-4

Type

conf

DOI

10.1109/CSFW.2005.6

Filename

1443195