Calling all type nerds: my new job deals with a lot of encrypted data that shouldn't be transmitted in plaintext. We’ve just added sorbet to our rails project (gradual typechecker). I feel like I've read somewhere that it's possible to use types to enforce that kind of restriction. Does anyone have any experience using types for that (or links to talks/papers/blog posts)?

Language-based information-flow security https://ieeexplore.ieee.org/abstract/document/1159651

for anyone looking, here's the preprint: https://www.cs.cornell.edu/andru/papers/jsac/sm-jsac03.pdf

I might be harebrained to say this. But, my initial thought is to have a kind of encrypted dictionary of information + a centralized security master with an access log.

the company is SOC 2 compliant—encryption at rest and in transit is already happening

Ah, so this is just a type design question?

yeah the scenario is basically: the server decrypts some data for a calculation, then asks an api a question or sends some data to a client, while accidentally including some personally identifiable info. we catch it in code reviews but i was was wondering if there was a way to catch it at compile time

Something simple could be to always return decrypted data back to the user code under a

{ $dec: ___ }

key, so then, you would always have to access the decrypted data by using

respJson.userName.$dec

then, you can write a linter to statically check all use-sites accesses of the decrypted data. Just spit balling. This could obv be modified to some other tools in Ruby

yeah i'm pretty much trying to figure out how to encode that with a type—the decryption process is really clever, so it basically feels like you're using a regular rails object even though it's encrypted in memory. that's really nice for ergonomics and not having to update the whole codebase but it also means there's no guardrail to prevent you from sending it somewhere. maybe the answer is just to look through the encryption/decryption code and see if there's an obvious spot for a shim

a data type that throws when encoded/decoded? (if that's a thing in ruby)

so we want it to be decoded for use. we just don't want the decoded data sent off the server

Sounds almost like sonarqube control flow analysis type stuff. Tracking when a piece of data was unwrapped and where it goes in order to detect this type of issue statically. Not really an answer...

woah these are all great ideas thank you

Perhaps create a Classified<T> type that can only be read by a Declassifier object, giving you something like object capabilities.

At google protobuffer message field descriptions can be annotated with options, so then there are linters that check the service definition is not allowing public access to confidential fields. I think there was deeper support in some of the processing libraries to pass those flags along variables but I can't see anything equivalent in the public domain and they are not really foolproof anyway. I do think this is more of a metadata topic rather than a types topic though. gRPC can represent annotated datatypes, which might be a useful building block (?)

@Garth Goldwater did you figure out an interesting approach?

i didn’t unfortunately. we had to move on to some launch stuff for the moment. still very interested