lio: Labeled IO Information Flow Control Library

This is a package candidate release! Here you can preview how this package release will appear once published to the main package index (which can be accomplished via the 'maintain' link below). Please note that once a package has been published to the main package index it cannot be undone! Please consult the package uploading documentation for more information.



The Labeled IO (LIO) library is an information flow control (IFC) library. IFC is a mechanism that enforces security policies by tracking and controlling the flow of information within a system. Unlike discretionary access control (such as UNIX file permissions), IFC permits scenarios in which untrusted computation may have the ability to manipulate secret data without having the ability to further disclose that data.

LIO is an IFC library that can be used to implement such untrusted computations. LIO provides combinators similar to those of IO for performing side-effecting computations (e.g., modifying mutable references, forking threads, throwing and catching exceptions, etc.) To track and control the flow of information, LIO associates a security policy, called a label, with every piece of data. A label may, for example, impose a restriction on who can observe, propagate, or modify the data to which it applies. Unlike standard IO operations, the LIO counterparts check the vailidity of labels before performing the (underlying IO) side-effecting computation. For example, before writing to a labeled variable, LIO asserts that the write will not violate any security policies associated with the data to be written.

Most code should import module LIO and whichever label format the application is using (e.g., LIO.DCLabel to use the format that ships with the library). Side-effecting code should be specified as actions in the LIO monad. See LIO.Core for a description of the core library API, LIO.Label for a discussion of labels, and LIO.Run for functions allowing one to run an LIO computation from the IO monad.

WARNING: For security, untrusted code must always be compiled with the -XSafe and -fpackage-trust SafeHaskell flags. See for more details on the guarantees provided by SafeHaskell.


Versions0.0.1, 0.0.2, 0.1.0, 0.1.1, 0.1.2, 0.1.3,,,,,,,,,,,,,,,,,,
Change logNone available
Dependenciesbase (>=4.5 && <6.0), bytestring (>=0.10), containers, hashable (>=1.2) [details]
AuthorHails team
MaintainerDeian Stefan <deian at cs dot ucsd dot edu>
Home page
Bug tracker
Source repositoryhead: git clone
UploadedTue Jul 5 00:09:35 UTC 2016 by DeianStefan




Maintainers' corner

For package maintainers and hackage trustees