{-# OPTIONS_GHC -Wall -Werror #-}

{-# LANGUAGE NoGeneralizedNewtypeDeriving #-}
{-# LANGUAGE Safe                         #-}

{-# LANGUAGE MultiParamTypeClasses        #-}

--------------------------------------------------------------------------------

-- |
-- Copyright  : (c) 2026 SPISE MISU ApS
-- License    : SSPL-1.0 OR AGPL-3.0-only
-- Maintainer : SPISE MISU <mail+hackage@spisemisu.com>
-- Stability  : experimental
--
-- Information Flow Control (IFC)
--
-- https://en.wikipedia.org/wiki/Information_flow_(information_theory)
--
-- In low level information flow analysis, each variable is usually assigned a
-- security level. The basic model comprises two distinct levels: low and high,
-- meaning, respectively, publicly observable information, and secret
-- information. To ensure confidentiality, flowing information from high to low
-- variables should not be allowed. On the other hand, to ensure integrity,
-- flows to high variables should be restricted.[1]
--
-- More generally, the security levels can be viewed as a lattice with
-- information flowing only upwards in the lattice.[2]
--
-- For example, considering two security levels `L` and `H` (low and high), if
-- `L ≤ H`, flows from `L` to `L`, from `H` to `H`, and `L` to `H` would be
-- allowed, while flows from `H` to `L` would not.[3]
--
-- Throughout this article, the following notation is used:
--
-- a) variable `l ∈ L` (low) shall denote a publicly observable variable
--
-- b) variable `h ∈ H` (high) shall denote a secret variable
--
-- Where `L` and `H` are the only two security levels in the lattice being
-- considered.
--
-- [1] Andrei Sabelfeld and Andrew C. Myers. Language-Based Information-Flow
-- Security. IEEE Journal on Selected Areas in Communications, 21(1), Jan. 2003.
--
-- [2] Dorothy Denning. A lattice model of secure information
-- flow. Communications of the ACM, 19(5):236-242, 1976.
--
-- [3] Smith, Geoffrey (2007). "Principles of Secure Information Flow
-- Analysis". Advances in Information Security. 27. Springer US. pp. 291–307.

--------------------------------------------------------------------------------

module Agent.Control.IFC
  ( Flow
    -- * Observable variables
  , L
  , H
  )
where

--------------------------------------------------------------------------------

data L -- (low) denote a publicly observable variable
data H -- (high) denote a secret non-observable variable

--------------------------------------------------------------------------------

class Lattice a b

instance Lattice L L
instance Lattice L H
instance Lattice H H

--------------------------------------------------------------------------------

class Lattice a b => Flow a b

instance Flow L L
instance Flow L H
instance Flow H H