with deferrable constraints in haskell
play

with Deferrable constraints in Haskell through the tale of a - PowerPoint PPT Presentation

Jan 05, 2023 •145 likes •465 views

Gradually typed DSLs with Deferrable constraints in Haskell through the tale of a Haskell information flow control library Pablo Buiras, Alejandro Russo, Dimitrios Vytiniotis Information flow control 101 Non- interference:

  1. Gradually typed DSLs with Deferrable constraints in Haskell … through the tale of a Haskell information flow control library Pablo Buiras, Alejandro Russo, Dimitrios Vytiniotis

  2. Information flow control 101 • Non- interference: “sensitive” input does not flow to “public” output data Label = L | H • Formal model: a lattice of security labels, ℓ ⊑ H = True security labelled data, L ⊑ L = True and observational equivalence w.r.t. a label H ⊑ L = False • Can be enforced statically (e.g. types, static analyses) or dynamically

  3. LIO: Dynamic IFC for Haskell [Stefan et al.] Just a state monad carrying “current label” data LIO a instance Monad LIO 1. Observing (unlabelling) sensitive data increases current label -- data guarded by label data Labeled a 2. Cannot output data below current label

  4. LIO: Dynamic IFC for Haskell [Stefan et al.] Just a state monad carrying “current label” data LIO a instance Monad LIO 1. Observing (unlabelling) sensitive data increases current label -- data guarded by label data Labeled a 2. Cannot output data below current label lconcat :: Labeled String -> Labeled String -> LIO String lconcat lstr1 lstr2 = do -- Initial current label ℓcur str1 <- unlabel lstr1 -- ℓcur’ = ℓcur ⊔ (labelOf lstr1) str2 <- unlabel lstr2 -- ℓcur’’ = ℓcur’ ⊔ (labelOf lstr2) return (str1 ++ str2) -- Final current label ℓcur’’

  5. Quite a number of dynamic checks/taints … Question: Is there a statically checked variant of LIO?

  6. Quite a number of dynamic checks/taints … Question: Is there a statically checked variant of LIO? IDEA 1 type class Flows l1 l2 Use labels at instance Flows L L the type level instance Flows L H instance Flows H H type family Join l1 l2 where ... -- singleton term-level labels data SLabel (l::Label) where L :: SLabel L H :: SLabel H data Labeled (l::Label) a

  7. Quite a number of dynamic checks/taints … Question: Is there a statically checked variant of LIO? IDEA 1 type class Flows l1 l2 Use labels at instance Flows L L the type level instance Flows L H instance Flows H H IDEA 2 type family Join l1 l2 where ... Use a “Hoare data SLIO lin lout a state monad” -- singleton term-level labels return :: a -> SLIO l l a data SLabel (l::Label) where (>>=) :: SLIO l1 l2 a L :: SLabel L -> (a -> SLIO l2 l3 b) H :: SLabel H -> SLIO l1 l3 b data Labeled (l::Label) a

  8. Quite a number of dynamic checks/taints … Question: Is there a statically checked variant of LIO? IDEA 1 Label after type class Flows l1 l2 Use labels at action instance Flows L L Label before the type level action instance Flows L H instance Flows H H IDEA 2 type family Join l1 l2 where ... Use a “Hoare data SLIO lin lout a state monad” -- singleton term-level labels return :: a -> SLIO l l a data SLabel (l::Label) where (>>=) :: SLIO l1 l2 a L :: SLabel L -> (a -> SLIO l2 l3 b) H :: SLabel H -> SLIO l1 l3 b data Labeled (l::Label) a

  9. From LIO to SLIO, mechanically unlabel :: Labeled a -> LIO a -- (1) never fails; -- (2) taints LIO label with argument label Label before Label after action action unlabel :: Labeled la a -> SLIO l (Join l la) a

  10. From LIO to SLIO, mechanically label :: Label -> a -> LIO (Labeled a) -- (1) succeeds only if current label ⊑ argument label; -- (2) returns labelled data Current label can flow to argument label label :: Flows l la => SLabel la -> SLIO l l (Labeled la a)

  11. From LIO to SLIO; tackling the “label creep” toLabeled :: Label -> LIO a -> LIO (Labeled a) -- toLabeled ℓ m -- 1) C heck that ℓcur ⊑ ℓ -- 2) Execute action m starting from ℓcur; new label is ℓcur’ -- 3) Check that ℓcur’ ⊑ ℓ -- 4) If so, pack the result with label ℓ , final label is ℓcur * A simpler version of toLabeled :: SLIO ℓ i ℓo a -> SLIO ℓ i ℓ i (Labeled ℓo a)

  12. Success!

  13. Success! ?

  14. Static types can get complex -- Send a string to a remote server who may leak something report :: Flows l L => String -> SLIO l l () lReport ls1 ls2 = do v1 <- unlabel ls1 v2 <- unlabel ls2 let res = v1 ++ v2 report res return res

  15. Static types can get complex -- Send a string to a remote server who may leak something report :: Flows l L => String -> SLIO l l () lReport :: Flows (Join (Join ℓi ℓ1) ℓ2) L => Labeled ℓ1 String - > Labeled ℓ2 String - > SLIO ℓi (Join (Join ℓi ℓ1) ℓ2) String lReport ls1 ls2 = do v1 <- unlabel ls1 v2 <- unlabel ls2 let res = v1 ++ v2 report res return res

  16. Static types can get complex -- Send a string to a remote server who may leak something report :: Flows l L => String -> SLIO l l () lReport :: Flows (Join (Join ℓi ℓ1) ℓ2) L => Labeled ℓ1 String - > Labeled ℓ2 String - > SLIO ℓi (Join (Join ℓi ℓ1) ℓ2) String lReport ls1 ls2 = do v1 <- unlabel ls1 v2 <- unlabel ls2 A bit verbose but (depending let res = v1 ++ v2 who you are) may be ok report res return res

  17. And its tedious to interact with dynamic data lReport :: Flows (Join (Join ℓi ℓ1) ℓ2) L => Labeled ℓ1 String -> Labeled ℓ2 String -> SLIO ℓ i (Join (Join ℓ i ℓ1) ℓ2) String readRemote :: URI -> SLIO li li ( ∃ l. Labeled l String) readReport = do (Exists lv1) <- readRemote “host1” (Exists lv2) <- readRemote “host2” toLabeled (lReport lv1 lv2)

  18. And its tedious to interact with dynamic data lReport :: Flows (Join (Join ℓi ℓ1) ℓ2) L => Labeled ℓ1 String -> Labeled ℓ2 String -> SLIO ℓ i (Join (Join ℓ i ℓ1) ℓ2) String readRemote :: URI -> SLIO li li ( ∃ l. Labeled l String) Labeled l1 String readReport = do (Exists lv1) <- readRemote “host1” (Exists lv2) <- readRemote “host2” toLabeled (lReport lv1 lv2)

  19. And its tedious to interact with dynamic data lReport :: Flows (Join (Join ℓi ℓ1) ℓ2) L => Labeled ℓ1 String -> Labeled ℓ2 String -> SLIO ℓ i (Join (Join ℓ i ℓ1) ℓ2) String readRemote :: URI -> SLIO li li ( ∃ l. Labeled l String) Labeled l1 String Labeled l2 String readReport = do (Exists lv1) <- readRemote “host1” (Exists lv2) <- readRemote “host2” toLabeled (lReport lv1 lv2)

  20. And its tedious to interact with dynamic data lReport :: Flows (Join (Join ℓi ℓ1) ℓ2) L => Labeled ℓ1 String -> Labeled ℓ2 String -> SLIO ℓ i (Join (Join ℓ i ℓ1) ℓ2) String readRemote :: URI -> SLIO li li ( ∃ l. Labeled l String) Labeled l1 String Labeled l2 String Can you spot the 2 type readReport = do errors in readReport? (Exists lv1) <- readRemote “host1” (Exists lv2) <- readRemote “host2” toLabeled (lReport lv1 lv2)

  21. What’s wrong with this code? lReport :: Flows (Join (Join ℓi ℓ1) ℓ2) L => Labeled ℓ1 String -> Labeled ℓ2 String -> SLIO ℓ i (Join (Join ℓ i ℓ1) ℓ2) String readRemote :: URI -> SLIO li li ( ∃ l. Labeled l String) Labeled l1 String Labeled l2 String (1) Existentials escape in return type readReport = do (2) Existentials escape in constraint (Exists lv1) <- readRemote “host1” (Exists lv2) <- readRemote “host2” toLabeled (lReport lv1 lv2)

  22. Existential escape in types: easy solution Labeled l1 String Labeled l2 String Flows (Join (Join li l1) l2) L readReport = do (Exists lv1) <- readRemote “host1” (Exists lv2) <- readRemote “host2” val <- toLabeled (lReport lv1 lv2) return ( Exists val) (1) Existentials escape in return type (2) Existentials escape in constraint

  23. So, back to dynamic LIO? Not quite!

  24. What if we could just … defer a constraint? Labeled l1 String Labeled l2 String Flows (Join (Join li l1) l2) L readReport = do (Exists lv1) <- readRemote “host1” (Exists lv2) <- readRemote “host2” val <- defer (toLabeled (lReport lv1 lv2)) return (Exists val) (1) Existentials escape in return type (2) Existentials escape in constraint

  25. Gradually typed LIO in Haskell

  26. How to defer a constraint to runtime? deferC :: (c => a) -> a Give me any function that requires constraint c to produce result a, and I will give you back a Seems seriously implausible! 

  27. Key idea: A type class of Deferrable constraints class Deferrable (c :: Constraint) where deferC :: Proxy c -> (c => a) -> a Common Haskell-ism to account for the lack of explicit type applications

  28. Easy to give Deferrable instances ! class Deferrable (c :: Constraint) where deferC :: Proxy c -> (c => a) -> a -- class providing a singleton class CLabel l where lab :: Proxy l -> SLabel l instance (Clabel l1, Clabel l2) => Deferrable (Flows l1 l2) where deferC p m = case (lab p1, lab p2) of (L,L) -> m (L,H) -> m (H,H) -> m (H,L) -> error "IFC violation!" where p1 = ⊥ :: Proxy l1; p2 = ⊥ :: Proxy l2 instance (Deferrable c1, Deferrable c2) => Deferrable (c1,c2)

Recommend

Haskell-RL An Equational Specification of Haskell in Maude Andrew Bennett Presented on 24 April

Haskell-RL An Equational Specification of Haskell in Maude Andrew Bennett Presented on 24 April

Haskell-RL An Equational Specification of Haskell in Maude Andrew Bennett Presented on 24 April 2006 Summary Haskell / Haskell-RL Examples Supported Features Haskell-RL State Implementation Functions Data Types

631 views • 14 slides
Bringing Haskell to the World www.fpcomplete.com Experience Report Building Haskell Development

Bringing Haskell to the World www.fpcomplete.com Experience Report Building Haskell Development

Bringing Haskell to the World www.fpcomplete.com Experience Report Building Haskell Development and Deployment tools Gregg Lebovitz Director, Product Management FP Complete Company Goals Increase Haskell Adoption Make Haskell More

344 views • 21 slides
Ancillary Service to the Grid Using Intelligent Deferrable Loads PGMO Days 2015 Ana Bu si

Ancillary Service to the Grid Using Intelligent Deferrable Loads PGMO Days 2015 Ana Bu si

Ancillary Service to the Grid Using Intelligent Deferrable Loads PGMO Days 2015 Ana Bu si c Inria, DI ENS In collaboration with S. Meyn and P. Barooah Thanks to PGMO, NSF, and Google Outline 1 Challenges of Renewable Energy Integration

950 views • 67 slides
Haskell Deian Stefan (adopted from my &amp; Edward Yangs CSE242 slides) Why Haskell? The

Haskell Deian Stefan (adopted from my &amp; Edward Yangs CSE242 slides) Why Haskell? The

Haskell Deian Stefan (adopted from my &amp; Edward Yangs CSE242 slides) Why Haskell? The great ideas [Haskell] Expressive power (say more with less) Pattern matching First-class functions Exception handling Type inference Continuations

597 views • 26 slides
Through the lens of Haskell Exploring new ideas for library design @georgesdubus Haskell, the

Through the lens of Haskell Exploring new ideas for library design @georgesdubus Haskell, the

Through the lens of Haskell Exploring new ideas for library design @georgesdubus Haskell, the language Haskell, the ecosystem Design space There should be one and preferably only one obvious way to do it. (Python) There should be

831 views • 46 slides
Deriving a Relationship from a Single Example Neil Mitchell community.haskell.org/~ndm/derive

Deriving a Relationship from a Single Example Neil Mitchell community.haskell.org/~ndm/derive

Deriving a Relationship from a Single Example Neil Mitchell community.haskell.org/~ndm/derive Haskell data type Haskell lets us define data types: data Language = Haskell [Extension] Compiler | Javascript | Cpp Version Eq instance

1.46k views • 56 slides
Metaprogramming Haskell, Metaprogramming Haskell, Metaprogramming Haskell, The Racket Way The

Metaprogramming Haskell, Metaprogramming Haskell, Metaprogramming Haskell, The Racket Way The

Metaprogramming Haskell, Metaprogramming Haskell, Metaprogramming Haskell, The Racket Way The Racket Way The Racket Way Alexis King Alexis King Northwestern University &amp; PLT 1 #!/bin/bash set -ueo pipefail curl -s

1.4k views • 70 slides
Haskell for Grownups Bill Harrison February 8, 2019 Table of Contents Introduction Resources

Haskell for Grownups Bill Harrison February 8, 2019 Table of Contents Introduction Resources

Haskell for Grownups Bill Harrison February 8, 2019 Table of Contents Introduction Resources for Haskell Haskell vs. C Types + Functions = Programs Pragmatics Modules are the basic unit of a Haskell program Using GHCi How to Write a

761 views • 50 slides
Scheduling Aperiodic and Sporadic Jobs Definitions Polling Server Deferrable Server

Scheduling Aperiodic and Sporadic Jobs Definitions Polling Server Deferrable Server

CPSC-663: Real-Time Systems Aperiodic and Sporadic Jobs Scheduling Aperiodic and Sporadic Jobs Definitions Polling Server Deferrable Server Sporadic Server Generalized Processor Sharing Constant Utilization Server

267 views • 23 slides
A Haskell-Implementation of STM Haskell with Early Conflict Detection David Sabel

A Haskell-Implementation of STM Haskell with Early Conflict Detection David Sabel

A Haskell-Implementation of STM Haskell with Early Conflict Detection David Sabel Goethe-University, Frankfurt, Germany ATPS 2014, Kiel 1 Introduction Software Transactional Memory (STM) treats shared memory operations as transactions

325 views • 20 slides
haskell cons In haskell consing is done via the infix operator (:). For example: (cons 1 (cons 2

haskell cons In haskell consing is done via the infix operator (:). For example: (cons 1 (cons 2

haskell cons In haskell consing is done via the infix operator (:). For example: (cons 1 (cons 2 (cons 3 null))) is the same as 1:2:3:[] in haskell types Haskell has types! Love the typechecker Some of these types you are familiar

566 views • 9 slides
Understanding Basic Haskell Error Messages by Jan Stolarek jan.stolarek@p.lodz.pl Haskell

Understanding Basic Haskell Error Messages by Jan Stolarek jan.stolarek@p.lodz.pl Haskell

Understanding Basic Haskell Error Messages by Jan Stolarek jan.stolarek@p.lodz.pl Haskell is a language that differs greatly from the mainstream languages of today. An emphasis on pure functions, a strong typing system, and a lack of

406 views • 21 slides
Faster Haskell Neil Mitchell www.cs.york.ac.uk/~ndm The Goal Make Haskell faster

Faster Haskell Neil Mitchell www.cs.york.ac.uk/~ndm The Goal Make Haskell faster

Faster Haskell Neil Mitchell www.cs.york.ac.uk/~ndm The Goal Make Haskell faster Reduce the runtime But keep high-level declarative style Full automatic - no special functions Different from foldr/build,

478 views • 24 slides
Dr. Strange- Todd L. Montgomery @toddlmontgomery Haskell Erlang Haskell Clojure

Dr. Strange- Todd L. Montgomery @toddlmontgomery Haskell Erlang Haskell Clojure

How I Learned to Stop Worrying &amp; Love the or Dr. Strange- Todd L. Montgomery @toddlmontgomery Haskell Erlang Haskell Clojure Groovy Erlang Scala Haskell Clojure C# Groovy Erlang C++11 Scala Haskell

1.14k views • 84 slides
Monadic I/O in Haskell Jim Royer CIS 352 March 5, 2019 Jim Royer Monadic I/O in [1ex]

Monadic I/O in Haskell Jim Royer CIS 352 March 5, 2019 Jim Royer Monadic I/O in [1ex]

Monadic I/O in Haskell Jim Royer CIS 352 March 5, 2019 Jim Royer Monadic I/O in [1ex] Haskell 1 / 33 References Chapter 18 of Haskell: the Craft of Functional Programming by Simon Thompson, Addison-Wesley, 2011. Chapter 9 of Learn you a

620 views • 39 slides
Haskell in the datacentre! Simon Marlow Facebook (FHPC 17, September 2017) Haskell powers

Haskell in the datacentre! Simon Marlow Facebook (FHPC 17, September 2017) Haskell powers

Haskell in the datacentre! Simon Marlow Facebook (FHPC 17, September 2017) Haskell powers Sigma A platform for detection Clients Used by many different teams Mainly for anti-abuse e.g. spam, malicious URLs Machine

883 views • 86 slides
A realtime GraphQL backend as a compiler in Haskell http://bit.ly/graphql-haskell Heippa!

A realtime GraphQL backend as a compiler in Haskell http://bit.ly/graphql-haskell Heippa!

A realtime GraphQL backend as a compiler in Haskell http://bit.ly/graphql-haskell Heippa! Tanmai Gopal @tanmaigo http://bit.ly/graphql-haskell Contents 1. The compiler approach 2. Compiler pipeline a. Parse b. GraphQL AST c.

467 views • 21 slides
wrangling the internet of things with haskell production haskell Reid Draper @reiddraper

wrangling the internet of things with haskell production haskell Reid Draper @reiddraper

wrangling the internet of things with haskell production haskell Reid Draper @reiddraper production haskell Reid Draper @reiddraper production haskell today production haskell at helium 12 months in lowest defect rate lowest defect rate

1.1k views • 68 slides
Template Haskell &amp; Lenses Advanced functional programming - Lecture 1 Wouter Swierstra 1

Template Haskell &amp; Lenses Advanced functional programming - Lecture 1 Wouter Swierstra 1

Template Haskell &amp; Lenses Advanced functional programming - Lecture 1 Wouter Swierstra 1 Template Haskell There is a language extension, Template Haskell , that provides metaprogramming support for Haskell. This defines support for quotating

739 views • 53 slides
CSE 110A: Winter 2020 Fundamentals of Compiler Design I Intro to Haskell Owen Arden

CSE 110A: Winter 2020 Fundamentals of Compiler Design I Intro to Haskell Owen Arden

CSE 110A: Winter 2020 Fundamentals of Compiler Design I Intro to Haskell Owen Arden UC Santa Cruz Based on course materials developed by Nadia Polikarpova and Ranjit Jhala Why Haskell? Haskell programs tend to be simple and

190 views • 17 slides
GPU programming in Haskell Henning Thielemann 2015-01-23 GPU programming in Haskell Motivation:

GPU programming in Haskell Henning Thielemann 2015-01-23 GPU programming in Haskell Motivation:

GPU programming in Haskell GPU programming in Haskell Henning Thielemann 2015-01-23 GPU programming in Haskell Motivation: Sensor calibration 1 Motivation: Sensor calibration 2 Haskell GPU programming 3 Fact-check 4 Accelerate programming 5

459 views • 33 slides
Chapter 1: Constraints What are they, what do they do and what can I use them for. 1

Chapter 1: Constraints What are they, what do they do and what can I use them for. 1

Constraint Logic Programming Chapter 1: Constraints What are they, what do they do and what can I use them for. 1 Constraints What are constraints? Modelling problems Constraint solving Tree constraints Other constraint

205 views • 19 slides
Haskell in the datacentre! Simon Marlow Facebook (Copenhagen, April 2019) Haskell powers Sigma

Haskell in the datacentre! Simon Marlow Facebook (Copenhagen, April 2019) Haskell powers Sigma

Haskell in the datacentre! Simon Marlow Facebook (Copenhagen, April 2019) Haskell powers Sigma A platform for detection Clients Used by many different teams Mainly for anti-abuse e.g. spam, malicious URLs Machine

1.01k views • 87 slides
Fixing Records in Haskell Neil Mitchell et al, ndmitchell.com an in-your-face, glaring weakness

Fixing Records in Haskell Neil Mitchell et al, ndmitchell.com an in-your-face, glaring weakness

Fixing Records in Haskell Neil Mitchell et al, ndmitchell.com an in-your-face, glaring weakness telling you there is something wrong with Haskell - Greg Weber What is your least favorite thing about Haskell? Records are still tedious - 2018

809 views • 39 slides

More recommend