Date Added: Dec 2009
This paper presents an embedded security sub-language for enforcing information-flow policies in the standard Haskell programming language. The sub-language provides useful information-flow control mechanisms including dynamic security lattices, run-time code privileges and declassification all without modifying the base language. This design avoids the redundant work of producing new languages, lowers the threshold for adopting security-typed languages, and also provides great flexibility and modularity for using security-policy frameworks. The embedded security sub-language is designed using a standard combinator interface called arrows. Computations constructed in the sub-language have static and explicit control-flow components, making it possible to implement information-flow control using static-analysis techniques at run time, while providing strong security guarantees.