Programming for a Capability System via Safety Games
نویسندگان
چکیده
New operating systems with security-specific system calls, such as the Capsicum capability system, allow programmers to write applications that satisfy strong security properties with significantly less effort than full verification. However, the amount of effort required is still high enough that even the Capsicum developers have reported difficulties in writing correct programs for their system. In this work, we present an algorithm that automatically rewrites a program for Capsicum so that it satisfies a given security policy by finding a winning strategy to an automatatheoretic safety game. We have implemented our algorithm as a tool, and we present experimental results that demonstrate that our algorithm can be applied to rewrite practical programs to satisfy practical security properties. Capsicum, combined with our algorithm, thus represents a sweet spot in the trade-off between the strength of policies that an operating system can enforce, and the ease of programming for such a system.
منابع مشابه
An interval-valued programming approach to matrix games with payoffs of triangular intuitionistic fuzzy numbers
The purpose of this paper is to develop a methodology for solving a new type of matrix games in which payoffs are expressed with triangular intuitionistic fuzzy numbers (TIFNs). In this methodology, the concept of solutions for matrix games with payoffs of TIFNs is introduced. A pair of auxiliary intuitionistic fuzzy programming models for players are established to determine optimal strategies...
متن کاملSecure Programming via Safety Games
Writing secure programs remains an open, challenging, and important problem. However, new operating systems allow application programs to write secure programs with a tractable amount of effort. Such systems define a notion of privilege and provide a set of system calls, or primitives, that a program can invoke to manage its privilege and the privileges of other programs with which it interacts...
متن کاملA BI-OBJECTIVE PROGRAMMING APPROACH TO SOLVE MATRIX GAMES WITH PAYOFFS OF ATANASSOV’S TRIANGULAR INTUITIONISTIC FUZZY NUMBERS
The intuitionistic fuzzy set has been applied to game theory very rarely since it was introduced by Atanassov in 1983. The aim of this paper is to develop an effective methodology for solving matrix games with payoffs of Atanassov’s triangular intuitionistic fuzzy numbers (TIFNs). In this methodology, the concepts and ranking order relations of Atanassov’s TIFNs are defined. A pair of bi-object...
متن کاملBankruptcy Assessment with the Interval Programming and Games Theory
Some of the parameters in issues of the reality world are uncertainty. One of the uncertain problems with the qualitative parameters is economic problems such as bankruptcy problem. In this case, there is a probability of dealing with imprecise concepts including the intervals regarding the official’s viewpoint, organizations’ managers. Accordingly, this article uses the concepts of data envelo...
متن کاملSolving matrix games with hesitant fuzzy pay-offs
The objective of this paper is to develop matrix games with pay-offs of triangular hesitant fuzzy elements (THFEs). To solve such games, a new methodology has been derived based on the notion of weighted average operator and score function of THFEs. Firstly, we formulate two non-linear programming problems with THFEs. Then applying the score function of THFEs, we transform these two problems in...
متن کامل