2011-08-17

Code path securing

I'd like to highlight difference in the way we secure code/calculation path in Haskell and C++

Since in Haskell we have no any creation/calculation we use type-level protection by injecting polymorphic object ("token") that should be passed (actually type is passed) to each function that requires access to our secure type (with phantom type "token")

{-# LANGUAGE RankNTypes #-}
data SecureDouble token = SecureDouble { getSecureDouble :: token -> Double }
applyDoubleWithToken :: Double -> (forall a . a -> SecureDouble a -> b) -> b
applyDoubleWithToken x f = f undefined (SecureDouble (const x))
main = do
    applyDoubleWithToken 3.14 (\token sd -> print (getSecureDouble sd token))

So we produce some family of type SecureDouble that later will be accessible only when we pass "token" (even if it just "undefined").

For C++ we create some class Token with constructor that is restricted to be accessed only from some "special place" and pass that object trough different places and require it as argument for our protected class. Since the only place we can create that Token is "special place" we can't call anything from protected class if we didn't received token already.

class Platform;
class TokenA
{
private:
  TokenA() {}
  friend class PlatformA;
};
class WindowA
{
public:
  close(TokenA);
};
class PlatformA
{
public:
  PlatformA instance();
  WindowA activeWindow;
  void quit() { activeWindow.close(TokenA()); }
};
class PlatformB
{
public:
  PlatformB instance();
  void quit() { PlatformA::instance().activeWindow.close(/* nothing to put */); }
};