A Haskell-embedded DSL for secure information-flow
This paper presents a domain-specific language, embedded in Haskell (EDSL), for enforcing the information flow property Delimited Release. To build this language we use Haskell extensions that will allow some kind of dependently-typed programming. Considering the effort it takes to build a language...
Uloženo v:
| Vydáno v: | Science of computer programming Ročník 247; s. 103351 |
|---|---|
| Hlavní autoři: | , |
| Médium: | Journal Article |
| Jazyk: | angličtina |
| Vydáno: |
Elsevier B.V
01.01.2026
|
| Témata: | |
| ISSN: | 0167-6423 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | This paper presents a domain-specific language, embedded in Haskell (EDSL), for enforcing the information flow property Delimited Release. To build this language we use Haskell extensions that will allow some kind of dependently-typed programming.
Considering the effort it takes to build a language from scratch, we decided to provide an information-flow security language as an EDSL, using the infrastructure of the host language to support it.
The decision to use Haskell as the implementation language was driven by its powerful type system that makes it possible to encode the security type system of the embedded language at the type level, as well as by its nature as a general-purpose language.
The implementation follows an approach in which the type of the abstract syntax of the embedded language is decorated with security type information. In this way, typed programs will correspond to secure programs, and the verification of the security invariants of programs will be reduced to type-checking.
The embedded security language is designed in a way that is easy to use. We illustrate its use through three examples: an electronic purchase, secure reading of database information, and a password checker. |
|---|---|
| AbstractList | This paper presents a domain-specific language, embedded in Haskell (EDSL), for enforcing the information flow property Delimited Release. To build this language we use Haskell extensions that will allow some kind of dependently-typed programming.
Considering the effort it takes to build a language from scratch, we decided to provide an information-flow security language as an EDSL, using the infrastructure of the host language to support it.
The decision to use Haskell as the implementation language was driven by its powerful type system that makes it possible to encode the security type system of the embedded language at the type level, as well as by its nature as a general-purpose language.
The implementation follows an approach in which the type of the abstract syntax of the embedded language is decorated with security type information. In this way, typed programs will correspond to secure programs, and the verification of the security invariants of programs will be reduced to type-checking.
The embedded security language is designed in a way that is easy to use. We illustrate its use through three examples: an electronic purchase, secure reading of database information, and a password checker. |
| ArticleNumber | 103351 |
| Author | Manzino, Cecilia de Latorre, Gonzalo |
| Author_xml | – sequence: 1 givenname: Cecilia orcidid: 0009-0009-2372-0258 surname: Manzino fullname: Manzino, Cecilia email: ceciliam@fceia.unr.edu.ar – sequence: 2 givenname: Gonzalo surname: de Latorre fullname: de Latorre, Gonzalo email: gdelatorre_@hotmail.com |
| BookMark | eNp9j8tOwzAQRb0oEm3hC9jkBxL8iGOyYFGVR5EisQDWVjweSw5JjOwA4u9JG9asRjN3zmjOhqzGMCIhV4wWjLLquisSeAgFp1zOEyEkW5H1nKi8Krk4J5uUOkppVSq2JnyXHdr0jn2f42DQWrTZ3UuTuRCzhPAZMfPj3Azt5MOYuz58X5Az1_YJL__qlrw93L_uD3nz_Pi03zU5cCmnHExdK6F4KR2lgEaBEbamplSWtRZN5UC46oZKw9GyEoxU1kjBalBWWW7ElojlLsSQUkSnP6If2vijGdVHVd3pk6o-qupFdaZuFwrn1748xuMOjoDWR4RJ2-D_5X8B58ZhPg |
| Cites_doi | 10.1145/360051.360056 10.1016/j.entcs.2020.08.005 10.1109/JSAC.2002.806121 10.1007/978-3-540-37621-7_9 |
| ContentType | Journal Article |
| Copyright | 2025 Elsevier B.V. |
| Copyright_xml | – notice: 2025 Elsevier B.V. |
| DBID | AAYXX CITATION |
| DOI | 10.1016/j.scico.2025.103351 |
| DatabaseName | CrossRef |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| ExternalDocumentID | 10_1016_j_scico_2025_103351 S0167642325000905 |
| GroupedDBID | --K --M .DC .~1 0R~ 123 1B1 1RT 1~. 1~5 4.4 457 4G. 5VS 7-5 71M 8P~ 9JN AAEDT AAEDW AAIKJ AAKOC AALRI AAOAW AAQFI AAQXK AATTM AAXKI AAXUO AAYFN AAYWO ABBOA ABFNM ABJNI ABMAC ABWVN ABXDB ACDAQ ACGFS ACLOT ACNNM ACRLP ACRPL ACVFH ACZNC ADBBV ADCNI ADEZE ADHUB ADMUD ADNMO ADVLN AEBSH AEIPS AEKER AENEX AEUPX AEXQZ AFFNX AFJKZ AFPUW AFTJW AGHFR AGQPQ AGUBO AGYEJ AHHHB AHZHX AIALX AIEXJ AIGII AIIUN AIKHN AITUG AKBMS AKRWK AKYEP ALMA_UNASSIGNED_HOLDINGS AMRAJ ANKPU AOUOD APXCP ASPBG AVWKF AXJTR AZFZN BKOJK BLXMC CS3 DU5 E.L EBS EFJIC EFKBS EFLBG EJD EO8 EO9 EP2 EP3 FDB FEDTE FGOYB FIRID FNPLU FYGXN G-2 G-Q GBLVA GBOLZ HVGLF HZ~ IHE IXB J1W KOM LG9 M26 M41 MO0 N9A O-L O9- OAUVE OK1 OZT P-8 P-9 P2P PC. Q38 R2- ROL RPZ SDF SDG SDP SES SEW SPC SPCBC SSV SSZ T5K TN5 WUQ XPP ZMT ZY4 ~G- ~HD 9DU AAYXX CITATION |
| ID | FETCH-LOGICAL-c255t-cb99737245f00ceb7cb3d90b47d1adeb6fc3f6805b2ed14cb57db5319c7d7d2b3 |
| ISICitedReferencesCount | 0 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001530462200002&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 0167-6423 |
| IngestDate | Sat Nov 29 07:33:42 EST 2025 Sat Oct 04 17:01:59 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Keywords | Haskell Dependently-typed programming Information flow type systems Declassification |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-c255t-cb99737245f00ceb7cb3d90b47d1adeb6fc3f6805b2ed14cb57db5319c7d7d2b3 |
| ORCID | 0009-0009-2372-0258 |
| ParticipantIDs | crossref_primary_10_1016_j_scico_2025_103351 elsevier_sciencedirect_doi_10_1016_j_scico_2025_103351 |
| PublicationCentury | 2000 |
| PublicationDate | January 2026 2026-01-00 |
| PublicationDateYYYYMMDD | 2026-01-01 |
| PublicationDate_xml | – month: 01 year: 2026 text: January 2026 |
| PublicationDecade | 2020 |
| PublicationTitle | Science of computer programming |
| PublicationYear | 2026 |
| Publisher | Elsevier B.V |
| Publisher_xml | – name: Elsevier B.V |
| References | Russo, Claessen, Hughes (br0110) 2008 Goguen, Meseguer (br0030) April 1982 Volpano, Smith (br0040) 1997 Sabelfeld, Myers (br0070) January 2003; 21 Sabelfeld, Sands (br0120) October 2009 A. Sabelfeld, A.C. Myers, Model for Delimited Information Release, ISSS 2003, 174–191. Myers, Sabelfeld, Zdancewic (br0080) June 2004 Yorgey, Weirich, Cretin, Peyton Jones, Vytiniotis, Magalhães (br0140) 2012 Manzino, De Latorre (br0190) 2023 Lampson (br0010) 1971; 8 Manzino, Pardo (br0170) 2020 Eisenberg, Weirich (br0150) 2012 Myers, Zheng, Zdancewic, Chong, Nystrom (br0050) 2001 Eisenberg, Vytiniotis, Peyton Jones, Weirich (br0100) 2014 Li, Zdancewic (br0130) 2010; vol. 411 Askarov, Hunt, Sabelfeld, Sands (br0090) 2008 Dorothy, Denning (br0020) May 1976; 19 Li (10.1016/j.scico.2025.103351_br0130) 2010; vol. 411 Sabelfeld (10.1016/j.scico.2025.103351_br0120) 2009 Eisenberg (10.1016/j.scico.2025.103351_br0150) 2012 Russo (10.1016/j.scico.2025.103351_br0110) 2008 Manzino (10.1016/j.scico.2025.103351_br0170) 2020 Sabelfeld (10.1016/j.scico.2025.103351_br0070) 2003; 21 Askarov (10.1016/j.scico.2025.103351_br0090) 2008 Yorgey (10.1016/j.scico.2025.103351_br0140) 2012 10.1016/j.scico.2025.103351_br0060 Lampson (10.1016/j.scico.2025.103351_br0010) 1971 Goguen (10.1016/j.scico.2025.103351_br0030) 1982 Volpano (10.1016/j.scico.2025.103351_br0040) 1997 Myers (10.1016/j.scico.2025.103351_br0080) 2004 Eisenberg (10.1016/j.scico.2025.103351_br0100) 2014 Myers (10.1016/j.scico.2025.103351_br0050) Manzino (10.1016/j.scico.2025.103351_br0190) 2023 Dorothy (10.1016/j.scico.2025.103351_br0020) 1976; 19 |
| References_xml | – year: 2001 ident: br0050 article-title: Jif: Java information flow. Software release – year: 2008 ident: br0090 article-title: Termination-insensitive noninterference leaks more than just a bit publication-title: ESORICS '08: Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security – start-page: 75 year: 2020 end-page: 94 ident: br0170 article-title: Agda formalization of a security-preserving translation from flow-sensitive to flow-insensitive security types publication-title: Electron. Notes Theor. Comput. Sci. – start-page: 607 year: 1997 end-page: 621 ident: br0040 article-title: A type-based approach to program security publication-title: Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development – year: 2023 ident: br0190 article-title: A Haskell-embedded DSL for secure information-flow publication-title: Brazilian Symposium on Formal Methods (SBMF) – volume: 19 start-page: 236 year: May 1976 end-page: 243 ident: br0020 article-title: A lattice model of secure information flow publication-title: ACM – year: 2008 ident: br0110 article-title: A library for light-weight information-flow security in Haskell publication-title: Haskell – volume: 21 start-page: 5 year: January 2003 end-page: 19 ident: br0070 article-title: Language-based information-flow security publication-title: IEEE J. Sel. Areas Commun. – year: 2014 ident: br0100 article-title: Closed type families with overlapping equations publication-title: POPL '14 – reference: A. Sabelfeld, A.C. Myers, Model for Delimited Information Release, ISSS 2003, 174–191. – start-page: 517 year: October 2009 end-page: 548 ident: br0120 article-title: Declassification: dimensions and principles publication-title: Journal of Computer Security – volume: vol. 411 year: 2010 ident: br0130 article-title: Arrows for secure information flow publication-title: TCS – start-page: 11 year: April 1982 end-page: 20 ident: br0030 article-title: Security policies and security models publication-title: Proc. IEEE Symp. on Security and Privacy – year: 2012 ident: br0150 article-title: Dependently typed programming with singletons publication-title: Haskell – year: June 2004 ident: br0080 article-title: Enforcing robust declassification publication-title: Proc. IEEE Computer Security Foundations Workshop – year: 2012 ident: br0140 article-title: Giving Haskell a promotion publication-title: TLDI – volume: 8 start-page: 18 year: 1971 end-page: 24 ident: br0010 article-title: Protection publication-title: Proc. 5th Princeton Conf. on Information Sciences and Systems – start-page: 11 year: 1982 ident: 10.1016/j.scico.2025.103351_br0030 article-title: Security policies and security models – volume: vol. 411 year: 2010 ident: 10.1016/j.scico.2025.103351_br0130 article-title: Arrows for secure information flow – start-page: 607 year: 1997 ident: 10.1016/j.scico.2025.103351_br0040 article-title: A type-based approach to program security – volume: 19 start-page: 236 issue: 5 year: 1976 ident: 10.1016/j.scico.2025.103351_br0020 article-title: A lattice model of secure information flow publication-title: ACM doi: 10.1145/360051.360056 – year: 2008 ident: 10.1016/j.scico.2025.103351_br0110 article-title: A library for light-weight information-flow security in Haskell – year: 1971 ident: 10.1016/j.scico.2025.103351_br0010 article-title: Protection – year: 2008 ident: 10.1016/j.scico.2025.103351_br0090 article-title: Termination-insensitive noninterference leaks more than just a bit – start-page: 75 year: 2020 ident: 10.1016/j.scico.2025.103351_br0170 article-title: Agda formalization of a security-preserving translation from flow-sensitive to flow-insensitive security types publication-title: Electron. Notes Theor. Comput. Sci. doi: 10.1016/j.entcs.2020.08.005 – volume: 21 start-page: 5 issue: 1 year: 2003 ident: 10.1016/j.scico.2025.103351_br0070 article-title: Language-based information-flow security publication-title: IEEE J. Sel. Areas Commun. doi: 10.1109/JSAC.2002.806121 – year: 2012 ident: 10.1016/j.scico.2025.103351_br0150 article-title: Dependently typed programming with singletons – ident: 10.1016/j.scico.2025.103351_br0060 doi: 10.1007/978-3-540-37621-7_9 – ident: 10.1016/j.scico.2025.103351_br0050 – start-page: 517 year: 2009 ident: 10.1016/j.scico.2025.103351_br0120 article-title: Declassification: dimensions and principles – year: 2023 ident: 10.1016/j.scico.2025.103351_br0190 article-title: A Haskell-embedded DSL for secure information-flow – year: 2012 ident: 10.1016/j.scico.2025.103351_br0140 article-title: Giving Haskell a promotion – year: 2004 ident: 10.1016/j.scico.2025.103351_br0080 article-title: Enforcing robust declassification – year: 2014 ident: 10.1016/j.scico.2025.103351_br0100 article-title: Closed type families with overlapping equations |
| SSID | ssj0006471 |
| Score | 2.4192796 |
| Snippet | This paper presents a domain-specific language, embedded in Haskell (EDSL), for enforcing the information flow property Delimited Release. To build this... |
| SourceID | crossref elsevier |
| SourceType | Index Database Publisher |
| StartPage | 103351 |
| SubjectTerms | Declassification Dependently-typed programming Haskell Information flow type systems |
| Title | A Haskell-embedded DSL for secure information-flow |
| URI | https://dx.doi.org/10.1016/j.scico.2025.103351 |
| Volume | 247 |
| WOSCitedRecordID | wos001530462200002&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVESC databaseName: Elsevier SD Freedom Collection Journals 2021 issn: 0167-6423 databaseCode: AIEXJ dateStart: 20211213 customDbUrl: isFulltext: true dateEnd: 99991231 titleUrlDefault: https://www.sciencedirect.com omitProxy: false ssIdentifier: ssj0006471 providerName: Elsevier |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV3dS8MwEA8yffDFb3F-0QffZqBL26V5HH5NkSFMYW9ll6SwWTvZ5gf-9V6ats5NRAVfQikkLfdLLnfH3f0IOYoZBOh1ebThSk19YJqGSggKgtXBMHELv5eRTfB2O-x2xU3OzTfO6AR4moavr-LxX6HGdwi2KZ39BdzlovgCnxF0HBF2HH8EfLPW6o3vdZJQ_QAa9YqqnXaus3TCsQmumy4hZckijZPhy7SBWpz1PNvcED4UOVwPxS2XBbDTt35qw6xa9pN-qd2Vrl0bR97Gti-G6VsvGU7HFthsbGG-6MXGIFG3otviTStRZvtmzilkGxsYoKuOGxvdcRaYMn8vbzL7udN1x6xsFmYZS4PpTLvIeCDCCllsXp51r8ortmE96fJPinZSWeLe3Ke-NjmmzIjbNbKS2_9O0-K2ThZ0ukFWC24NJxf_JmFNZxZGB2F0EDnHwujMwrhF7s7Pbk9aNOe3oBIduQmVIIRhCfKD2MWTAlyCp4QLPlf1ntKmDMuLG6Eb4AlSdV9CwBUYnSm54oqBt00q6TDVO8SRjIUq1GGMBqKPiwCADJgA3-fgAvOq5LgQQfRo25hERX7fIMokFhmJRVZiVdIoxBTllpi1sCLE9buJu3-duEeWPzbgPqlMRk_6gCzJ50l_PDrM8X8HUUhXWQ |
| linkProvider | Elsevier |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+Haskell-embedded+DSL+for+secure+information-flow&rft.jtitle=Science+of+computer+programming&rft.au=Manzino%2C+Cecilia&rft.au=de+Latorre%2C+Gonzalo&rft.date=2026-01-01&rft.pub=Elsevier+B.V&rft.issn=0167-6423&rft.volume=247&rft_id=info:doi/10.1016%2Fj.scico.2025.103351&rft.externalDocID=S0167642325000905 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0167-6423&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0167-6423&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0167-6423&client=summon |