Flame is a library and plugin for the Glasgow Haskell Compiler (GHC) that enforces information security policies in Haskell programs. In Flame, sensitive information is protected by monad-like types that specify how information may flow according to the Flow-Limited Authorization Model. The operations of these Flame monads implement the type system constraints of the Flow-Limited Authorization Calculus (FLAC).
Code and demosAll code for Flame is publically available in our Bitbucket repositories. Pull requests welcome!
We have also built some example applications using Flame.
Nonmalleable Information Flow Control
(CCS - October 2017)
Ethan Cecchetti, Andrew C. Myers, Owen Arden
A new 4-safety hyperproperty for secure declassification and endorsement and a type system for enforcing it.
A Calculus for Flow-Limited Authorization
(CSF - June 2016)
Owen Arden, Andrew C. Myers
A core programming model that uses flow-limited authorization to provide end-to-end information security to dynamic authorization mechanisms and programs that use them.
(CSF - July 2015)
Owen Arden, Jed Liu, Andrew C. Myers
A new model that unifies authorization and information flow to enforce dynamic policies robustly and without side-channels.