Boat: Automatic Generation of Policy Code for Flume
msra(2008)
摘要
Distributed Information Flow Control (DIFC) is a system- level security mechanism that can simplify program secu- rity but requires that a programmer supply policy code in any programs it helps to secure. Writing this policy code is not a simple matter, and is thus likely to consume sig- nificant programmer attention and introduce bugs. Thus do we implement Boat, a means to simplify DIFC programming. Boat reads a program's C source and a pol- icy specification, generates from these a system of con- straints, and solves those constraints to generate instru- mentation for the original C source. Thus, Boat augments the original program with added code to ensure that its DIFC policy matches the programmer's specification.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要