lio: Labeled IO Information Flow Control Library
The Labeled IO (LIO) library is an information flow control (IFC) library. IFC is a mechanism that enforces security policies by tracking and controlling the flow of information within a system. Different from discretionary access control (think UNIX file permissions), with IFC you can execute an untrusted computation on your secret data and be sure that it does not leak it or overwrite it.
LIO is an IFC library that can be used to implement such untrusted
computations. LIO provides combinators similar to those of IO for
performing side-effecting computations (e.g., accessing the
filesystem, modifying mutable references, throwing exceptions, etc.)
To track and control the flow of information, LIO associates a
security policy, usually called a label, with every piece of data.
A label may, for example, impose a restriction on who can observe,
propagate, or modify the data labeled as such. Different from
standard IO operations, the LIO counterparts usually take an
additional parameter for the label which they inspect before
actually performing the (underlying IO) side-effecting computation.
So, before writing to a file LIO asserts that the write will not
violate any security policies associated with the file or the data
to be written.
Most code should import module LIO and whichever label format the
application is using (e.g., LIO.DCLabel). All untrusted code
should have type LIO, which trusted code can safely execute with
evalLIO. See LIO for a description of the core library API.
The paper that describes the core of LIO, including motivation and formal modeling/proofs, is available here: http://arxiv.org/abs/1207.1457
Modules
[Index]
Flags
Automatic Flags
| Name | Description | Default |
|---|---|---|
| tolabeled | Enable toLabeled primitive. This is NOT termination-sensitive non-interferant so use with care. | Disabled |
Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info
Downloads
- lio-0.9.2.0.tar.gz [browse] (Cabal source package)
- Package description (as included in the package)
Maintainer's Corner
For package maintainers and hackage trustees
Candidates
| Versions [RSS] | 0.0.1, 0.0.2, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.9.0.0, 0.9.0.1, 0.9.1.0, 0.9.1.1, 0.9.1.2, 0.9.2.0, 0.9.2.2, 0.10.0.0, 0.11.0.0, 0.11.0.1, 0.11.2.0, 0.11.3.0, 0.11.4.0, 0.11.4.1, 0.11.4.2, 0.11.5.0, 0.11.6.0, 0.11.7.0, 0.11.7.1 |
|---|---|
| Dependencies | base (>=4.5 && <5.0), bytestring (>=0.9), cereal (>=0.3.5.1), containers (>=0.4.2), directory (>=1.1.0.2), filepath (>=1.3.0.0), SHA (>=1.5.0.0), time (>=1.2.0.5), transformers (>=0.2.2), xattr (>=0.6.1), zlib (>=0.5.3.1) [details] |
| License | LicenseRef-GPL |
| Author | Hails team |
| Maintainer | Hails team <hails at scs dot stanford dot edu> |
| Category | Security |
| Source repo | head: git clone ssh://anonymous@gitstar.com/scs/lio.git |
| Uploaded | by DeianStefan at 2012-11-29T23:29:33Z |
| Distributions | NixOS:0.11.7.1 |
| Reverse Dependencies | 4 direct, 0 indirect [details] |
| Downloads | 18227 total (62 in the last 30 days) |
| Rating | 2.0 (votes: 1) [estimated by Bayesian average] |
| Your Rating | |
| Status | Docs uploaded by user Build status unknown [no reports yet] |