Security in FP

Hello everyone,

I have been working on a language design which will requires builtin security checks of some sort ala what Java has or something like E. I have been looking recently at ML mixin modules which seem to be very closely related to classes. The question I have is are there known methods for handling security for systems like this where you cannot trust all the packages or load files in the system? To have a security system which is similar to an object based one I assume one would have to have any such security predicated not only on the modules(classes) but also the data. Is this sort of thing possible and is there any research in this area?

Thanks in advance,


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Ask Oleg

He has a paper on type-safe light-weight capability checking.

Previously discussed here. [hehe, Sam found the link ;-) ]


While not directly related to FP, there is a google tech talk by David Wagner which gives a nice overview of capability based security.

Also there is a previous LTU post on Lightweight Static Capabilities which may be of interest.

Emily: Capability-secure version of OCaml

It was cited in the discussion linked above but I did not see a link to this report: How Emily Tamed the Caml.

Unclear question

Security means different things to different people. The Java model is dubious, mainly because it is a complex ad hoc retrofit. E is concerned with certain types of information leakage and (in lesser degree) with trustworthy cross-network authentication. Testing whether computation is pure can be seen as an information flow security problem.

Without knowing a bit more about what kinds of security issues interest you, it's hard to give you a useful answer.

Thanks for the replies. Well

Thanks for the replies.

Well I might have found a solution to my problem. For me the issue is maintaining primarily data integrity and preventing information leakage assuming that a lot of the modules loaded into the system are unsafe and cannot be trusted.

I assume in an FP language the actors/resources in the system cannot be conveniently objects and must instead perhaps be functions and data held in datatypes. I guess it's a rather simple question of what is the proper unit of decomposition of security in such a system.


I am not sure I understood correctly, but with capabilities you have a "signature" that can be passed to a function or stored in a structure which controls access to resources at any granularity you like. Your concern is then to manage these signatures to prevent leakage.

Information Leakage and Confidentiality

There's Flow Caml, which allow[s] to write "real" programs and to automatically check that they obey some confidentiality or integrity policy.