Building Secure Systems using Programming Languages and Analysis

Hails questions

  1. Does Hails suffer from the external timing channel? If so, explain the attack. If not, explain why this is not a concern. Consider the scenario where an attacker is able to execute code server-side (e.g., as part of a VC).

  2. Hails relies on COWL to enforce IFC in the browser. Suppose that was not the case. Can you think of a way of addressing leaks due to untrusted HTML using a server-side only solution? (Hint: you may want to look at the resin assignment for inspiration.) Bonus: What about untrusted JavaScript?

  3. Why did Hails eventually move from policies as pure functions (Document -> Label) to side-effecting ones (Document -> LIO Label)? What is a negative trade-offs due to this?