lio-0.10.0.0: Labeled IO Information Flow Control Library

Safe HaskellTrustworthy

LIO.DCLabel

Contents

Description

Disjunction Category Labels (DCLabels) are a label format that encode secrecy and integrity using propositional logic. This exports label operators and instances for the LIO. The label format is documented in LIO.DCLabel.Core, privileges are described in LIO.DCLabel.Privs, and a domain specific language for constructing labels is presented in LIO.DCLabel.DSL.

Synopsis

Principals

newtype Principal Source

A Principal is a simple string representing a source of authority. Any piece of code can create principals, regardless of how untrusted it is.

Constructors

Principal 

Fields

principalName :: ByteString

Get the principal name.

Instances

principal :: String -> PrincipalSource

Generate a principal from a String. (To create one from a ByteString, just use the Principal constructor directly.)

Clauses

data Clause Source

A clause or disjunction category is a set of Principals. Logically the set corresponds to a disjunction of the principals.

Instances

clause :: Set Principal -> ClauseSource

Clause constructor

Components

data Component Source

A component is a set of clauses, i.e., a formula (conjunction of disjunction of Principals). DCFalse corresponds to logical False, while DCFormula Set.empty corresponds to logical True.

Instances

dcTrue :: ComponentSource

Logical True.

dcFalse :: ComponentSource

Logical False.

dcFormula :: Set Clause -> ComponentSource

Arbitrary formula from a clause.

isTrue :: Component -> BoolSource

Is the component True.

isFalse :: Component -> BoolSource

Is the component False.

Labels

data DCLabel Source

A DCLabel is a pair of secrecy and integrity Components.

Instances

dcSecrecy :: DCLabel -> ComponentSource

Extract secrecy component of a label

dcIntegrity :: DCLabel -> ComponentSource

Extract integrity component of a label

dcLabel :: Component -> Component -> DCLabelSource

dcLabel secrecyComponent integrityComponent creates a label, reducing each component to CNF.

dcPub :: DCLabelSource

Element in the DCLabel lattice corresponding to public data. dcPub = < True, True > . This corresponds to data that is not secret nor trustworthy.

dcTop :: DCLabelSource

Element in the DCLabel lattice corresponding to the most secret and least trustworthy data. dcTop = < False, True > .

dcBottom :: DCLabelSource

Element in the DCLabel lattice corresponding to the least secret and most trustworthy data. dcTop = < True, False > .

Privileges

module LIO.DCLabel.Privs

DSL

module LIO.DCLabel.DSL

Synonyms for LIO

The DC monad is LIO with using DCLabels as the label format. Most application should be written in terms of this monad, while most libraries should remain polymorphic in the label type. It is important that any *real* application set the initial current label and clearance to values other than bottom and top as set by defaultState, respectively. In most cases the initial current label should be public, i.e., dcPub.

type DCState = LIOState DCLabelSource

LIOState with underlying label being DCLabel

defaultState :: DCStateSource

Default, starting state for a DC computation. The current label is public (i.e., dcPub) and the current clearance is top.

type DC = LIO DCLabelSource

The monad for LIO computations using DCLabel as the label.

evalDC :: DC a -> IO aSource

Evaluate computation in the DC monad.

runDC :: DC a -> IO (a, DCState)Source

Evaluate computation in the DC monad.

tryDC :: DC a -> IO (Either SomeException a, DCState)Source

Similar to evalLIO, but catches any exceptions thrown by untrusted code with throwLIO.

type MonadDC m = MonadLIO DCLabel mSource

Type synonym for MonadLIO.

Labeled values

type DCLabeled = Labeled DCLabelSource

DC Labeled values.

Labeled references

type DCRef a = LIORef DCLabel aSource

DC Labeled LIORefs.

Gates

type DCGate = Gate DCPrivDescSource

DC Gate.