Show simple item record

dc.contributor.authorWatson, Robert N. M.
dc.contributor.authorAnderson, Jonathan
dc.contributor.authorReps, Thomas
dc.contributor.authorJha, Somesh
dc.contributor.authorHarris, William R.
dc.description.abstractNew operating systems, such as the Capsicum capability system, allow a programmer to write an application that satisfies strong security properties by invoking security- specific system calls at a few key points in the program. However, rewriting an application to invoke such system calls correctly is an error-prone process: even the Capsicum developers have reported difficulties in rewriting programs to correctly invoke system calls. This paper describes capweave, a tool that takes as input (i) an LLVM program, and (ii) declarative specifications of the possibly-changing capabilities that a program must hold during its execution, and rewrites the program to use Capsicum system calls to enforce the policies. Our experiments demonstrate that capweave can be applied to rewrite security-critical UNIX utilities to satisfy practical security properties. capweave itself works quickly, and the amount of runtime overhead incurred in the programs that capweave produces is generally low for practical workloads.en
dc.subjectsafety gamesen
dc.titleDeclarative, Temporal, and Practical Programming with Capabilitiesen
dc.typeTechnical Reporten

Files in this item


This item appears in the following Collection(s)

  • CS Technical Reports
    Technical Reports Archive for the Department of Computer Sciences at the University of Wisconsin-Madison

Show simple item record