MS Defense: LMonad: Information Flow Control for Haskell Web Application

Talk
James Parker
Time: 
11.25.2014 11:00 to 12:30
Location: 

AVW 3450

Many web applications need to adhere to privacy policies for users and enforce rich access control policies. These web applications are extremely complex as they are maintained by many developers and are composed of thousands of lines of code. This is problematic as it is difficult to enforce these privacy and access control policies for complicated web applications in an ad hoc manner. One solution to this problem is to use Information Flow Control (IFC) to guarantee that these policies are enforced.
LMonad is an information flow control system designed to enforce privacy and access control policies in Haskell web applications. LMonad generalizes LIO, previous work that offers information flow control for Haskell Programs.
Specifically, LMonad provides a monad transformer to enforce information flow control, in LIO's style, over any existing computation. In addition, LMonad offers a straightforward mechanism to specify privacy and access control policies via label annotations, and it guarantees that database interactions adhere to these policies. To evaluate LMonad, we developed an example website with various privacy and access control policies. We also converted a large, existing web application to include LMonad policies. Our results indicate that LMonad is feasible to use in terms of programmer effort and runtime overhead.
Examining Committee:
Chair: - Dr. Michael Hicks
Committee Member: - Dr. Jeffrey Foster
Committee Member: - Dr. Elaine Shi