Developing practical but secure programs remains an important and open problem. Recently, the operating-system and architecture communities have proposed novel systems, which we refer to as interactive-security systems. They provide primitives that a program can use to perform security-critical operations, such as reading from and writing to system storage by restricting some modules to execute with limited privileges. Developing programs that use the low-level primitives provided by such systems to correctly ensure end-to-end security guarantees while preserving intended functionality is a challenging problem. This paper describes previous and proposed work on techniques and tools that enable a programmer to generate programs automatically that use such primitives. For two interactive security systems, namely the Capsicum capability system and the HiStar information-flow system, we developed languages of policies that a programmer can use to directly express security and functionality requirements, along with synthesizers that take a program and policy in the language and generate a program that correctly uses system primitives to satisfy the policy. We propose future work on developing a similar synthesizer for novel architectures that enable an application to execute different modules in Secure Isolated Regions without trusting any other software components on a platform, including the operating system.

中文翻译：

---

交互式安全系统的程序综合

开发实用但安全的程序仍然是一个重要且开放的问题。最近，操作系统和架构社区提出了新颖的系统，我们将其称为交互式安全系统。它们提供程序可以用来执行安全关键操作的原语，例如通过限制某些模块以有限权限执行来读取和写入系统存储。开发使用此类系统提供的低级原语来正确确保端到端安全保证同时保留预期功能的程序是一个具有挑战性的问题。本文描述了之前和提议的技术和工具方面的工作，这些技术和工具使程序员能够自动生成使用此类原语的程序。对于两个交互式安全系统，即 Capsicum 能力系统和 HiStar 信息流系统，我们开发了程序员可以用来直接表达安全和功能要求的策略语言，以及在语言中获取程序和策略并生成正确使用的程序的合成器系统原语来满足策略。我们建议未来的工作是为新颖的架构开发类似的合成器，使应用程序能够在安全隔离区域中执行不同的模块，而无需信任平台上的任何其他软件组件，包括操作系统。以及采用语言中的程序和策略并生成正确使用系统原语来满足策略的程序的合成器。我们建议未来的工作是为新颖的架构开发类似的合成器，使应用程序能够在安全隔离区域中执行不同的模块，而无需信任平台上的任何其他软件组件，包括操作系统。以及采用语言中的程序和策略并生成正确使用系统原语来满足策略的程序的合成器。我们建议未来的工作是为新颖的架构开发类似的合成器，使应用程序能够在安全隔离区域中执行不同的模块，而无需信任平台上的任何其他软件组件，包括操作系统。