safe haskell

Download Safe Haskell

Post on 12-May-2015

3.661 views

Category:

Technology

0 download

Embed Size (px)

DESCRIPTION

Safe Haskell talk at Haskell Implementors Workshop 2011, Tokyo Japan.

TRANSCRIPT

  • 1.SAFE HASKELLDavid Terei Simon Marlow David Mazires Simon Peyton JonesStanford University Microsoft Research

2. MOTIVATIONHaskell is a great language for building secure systems in:Information ow controlCapabilitiesComputations on encrypted dataBut all this work cant secure untrusted code in the real world! 3. MOTIVATIONRunning Example:Build in Haskell a website that can run untrusted third-partyplugins:Users can upload plugins in source formAny user can install an uploaded plugin against their account 4. MOTIVATIONHow?Carefully craft plugin interface to restrict functions that a plugin can executee.g Only pure functionsNeed type safety guarantees for this to work 5. MOTIVATIONf :: a -> a 6. MOTIVATION f :: a -> af a = unsafePerformIO $ do_ >= k = UnsafeRIO $ m >>= runRIO . k{-# LANGUAGE Trustworthy #-}module RIO.FileAccess ( rioReadFile, rioWriteFile ) where...pathOK f = {- Implement some policy -}rioReadFile :: FilePath -> RIO StringrioReadFile f = UnsafeRIO $ dook String -> RIO ()rioWriteFile f s = ... 27. RUNNING EXAMPLE{-# LANGUAGE Trustworthy #-}module RIO ( RIO() , runRIO, rioReadFile, rioWriteFile ) whereimport RIO.Unsafeimport safe RIO.FileAccess{-# LANGUAGE Safe #-}module UntrustedPlugin ( runPlugin ) whereimport RIOrunPlugin :: RIO ()runPlugin = ... 28. SUMMARY New language ags: -XSafe, -XTrustworthy, -XUnsafe New option ag: -fpackage-trust (7.4) Safe status of a module will be inferred (7.4) Trust your types! 29. FUTURE WORK Prove safety guarantees Establish clearer denition of safe and what guaranteestrustworthy modules should provide Machine checking possible here? Do a retake on Safe language but by starting with a small,proven correct core and expanding out. Inclusion in the Safe language could be used as a quality barfor new Haskell extensions. Require formal semantics and proofs 30. SAFE HASKELLIn GHC 7.2 Please try out and provide feedbackhttp://www.scs.stanford.edu/~davidt/safehaskell.html