Skip to content

Latest commit

 

History

History
71 lines (53 loc) · 2.35 KB

README.md

File metadata and controls

71 lines (53 loc) · 2.35 KB

ifc-ts | Information-Flow Control in TypeScript

💡 Why use this library? It limits what you can do.

For the same reasons you wear safety gear when doing dangerous work: it is restricting and cumbersome, but you do it for protection. ⛑️🧑‍🚀

Introduction

ifc-ts is a library that provides developers with an API for specifying information-flow security constraints in effectful code. These constraints are checked statically by TypeScript's type checker. Consequently, if an effectful computation, written using this API, is well-typed, then it is information-flow secure (aka. noninterfering).

A developer specifies information-flow constraints by assigning labels to information sources and sinks, and by performing I/O on these sources and sinks using the I/O operations of our labeled-I/O monad. Our monad tracks the labels of I/O operations, and prohibits chaining I/O operations that would leak information.

(This approach is in line with a long line of work on using monads for information-flow control, popularized by the LIO library in Haskell).

Our implementation reduces information-flow security checks to checks performed by TypeScript's type checker. Notably, we compute lattice operations and checks at the type-level, by using type constraints (and narrowing), conditional types, and subtyping.

Quickstart

In your typescript project, run npm install ifc-ts. Then, in your code, import types and functions you need from the library like so:

import {label} from 'ifc-ts';
import type {Label} from 'ifc-ts';

const myLabel: Label = label('my value');

And that's it, you're ready to go!

Examples

We have various examples in the examples/ directory. Make sure to check them out to get the most out of this library.

Build

To compile & run this file:

tsc
node ifc-ts

For this to work, you need the library ifc-ts depends on: @types/node. Install it with

npm install @types/node

You also need tsc (TypeScript compiler), node (a JavaScript runtime), and possibly an updated npm. (I personally installed npm through my package manager, reconfigured -g to point inside ${HOME}, then installed latest version of npm, node, and typescript. details here)