Getting Started with SecLang
Version 1.0
1. Setup and Usage
2. Language Basics
4. Channels
5. Special Keywords
SecLang Web Interpreter is an educational tool designed to teach information flow security concepts using the SecLang programming language. SecLang is a programming language, created in the context of my master project, that incorporates information flow security concepts directly into its syntax, bridging the gap between theoretical knowledge and practical application.
- Deno: Make sure you have Deno installed. You can download it from Deno's official website.
- Node.js and npm: For the frontend part of the application, you need Node.js and npm. You can download them from Node.js official website.
-
Clone the Repository:
git clone [email protected]:MouadhKh/SecLang.git -
Run the Frontend: From the project's root directory run the following commands
cd frontend
npm installnpm run devThe frontend will be served on
http://localhost:3000. -
Run the Backend:
From the project's root directory and run the following command
cd backend
deno run --allow-write --allow-read api/app.ts
The backend server will start on `http://localhost:8000.
Make sure the backend application run on the defined port(8000)
Run the SecLang Interpreter Locally:
- Edit
config.jsonand set theenvironmentproperty todev(it is prod by default). - Follow the instructions in
main.ts - Run the following command in the project root directory:
deno run --allow-write --allow-read main.ts
There are already two test suites for SecLang(the language not the web application) that you can run
-
For error handling tests:
deno test --allow-read --allow-write test/error_handling.tests.ts -
For channels tests:
deno test --allow-read --allow-write test/channels.tests.ts
SecLang supports the following data types:
int: Integer values.bool: Boolean values (trueorfalse).string: String values.
Variables and constants are special in SecLang as they inherently security class. Variables and channels are annotated with security classes (U for Unclassified, S for Secret, TS for Top Secret) to indicate their sensitivity levels. Security annotations play a crucial role in explicit and implicit information flow control and are the core of SecLang. If not explicitly set, a variable/constant security class is set to Unclassified by default.
Variables are declared using the syntax:
type variableName : SecurityClass = value
Example:
int x : S = 10
bool flag : U = true
const string constant='SecLang'
Assignments should respect the information flow policy. Information flow x->y is only permissible if the security class of y is at least equal to x's.
SecLang supports common operators for arithmetic, and comparisons. Also Expressions follow standard precedence rules.
Example:
int result = x + 5 * 2
bool isValid = result==5
string greetings='HelloWorld'
greetings=greetings/2
greetings=greetings*3
Control structures create an implicit information flow so make sure your code complies with the information flow policy. Information is authorized to flow to equal or more secure variables/constants.
SecLang's if-then-else-endif syntax allows conditional branching
if condition then
// Code to execute when condition is true
else
// Code to execute when condition is false
endif
SecLang provides while loops for iterative control flow.
while condition do
// Code to execute while condition is true
endwhile
SecLang includes preconfigured communication channels for secure data exchange. Channels are designed with specific security classes, ensuring secure inter-process communication.
Channel syntax following the pattern below
open('channelName,'accessMode')
operations...
close('channelName')
Channels are predefined and are presentations of security classes: Unclassified,Confidential,Secret,TopSecret. They follow strict security rules and only allow secure data flows.
Examples:
The code example below is not authorized because we are trying to store a Secret information in a Unclassified variable.
open('Secret','r')
string x:U=read('Secret')
close('Secret')
SecLang support logging only constant values or Unclassified variables/constants. The used syntax is debug 'SecLang greets you!'
Security classes(or labels) is a central topic in SecLang. That's why we offer special functions to change the security label of a variable but only in one direction(down).
Example:
int x:TS
downgrade x
//At this stage, the security class of x is
//Secret
declassify x
//Now, the security class of x is
//Unclassified