Towards Secure IoT Programming in Haskell
IoT applications are often developed in programming languages with low-level abstractions, where a seemingly innocent mistake might lead to severe security vulnerabilities. Current IoT development tools make it hard to identify these vulnerabilities as they do not provide end-to-end guarantees about how data flows within and between appliances. In this work we present Haski, an embedded domain specific language in Haskell (eDSL) for secure programming of IoT devices. Haski enables developers to write Haskell programs that generate C code without falling into many of C’s pitfalls. Haski is designed after the synchronous programming language Lustre, and sports a backwards compatible information-flow control extension to restrict how sensitive data is propagated and modified within the application. We present a novel eDSL design which uses recursive monadic bindings and allows a natural use of functions and pattern-matching in Haskell to write Haski programs. To showcase Haski, we implement a simple smart house controller where communication is done via low-energy Bluetooth on Zephyr OS.
Thu 27 Aug Times are displayed in time zone: Eastern Time (US & Canada) change
11:30 - 13:00: Paper Session 1 - Software EngineeringHaskell at Haskell Chair(s): José Pedro Magalhães | |||
11:30 - 12:00 Talk | Assessing the Quality of Evolving Haskell Systems by Measuring Structural Inequality Haskell Sander KampsOpen University of the Netherlands, Netherlands, Bastiaan HeerenOpen University of the Netherlands, Netherlands, Johan JeuringOpen University of the Netherlands, Netherlands DOI | ||
12:00 - 12:30 Talk | Describing Microservices using Modern Haskell (Experience Report) Haskell DOI | ||
12:30 - 13:00 Talk | Towards Secure IoT Programming in Haskell Haskell Nachiappan ValliappanChalmers University of Technology, Sweden, Robert KrookChalmers University of Technology, Sweden, Alejandro RussoChalmers University of Technology, Sweden, Koen ClaessenChalmers University of Technology, Sweden DOI |