期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

多保护域进程模型及其实现 被引量:4

A Multi-Protection Domains Process Model and Its Implementation
下载PDF
导出
摘要 在很多安全操作系统中都存在一些安全关键进程或可信进程 ,一旦它们被黑客入侵则会破坏整个系统的安全性 .本文的多保护域进程模型在进程内部通过细粒度的内核级保护域隔离机制对进程数据和代码实施访问控制 ,从而防止黑客利用程序局部漏洞劫持整个进程 ,以达到增强安全关键进程自身安全的目的 .本文为该模型提供了两种设计方案并对其中一种设计做了原型实现 . Many secure operating systems have some privileged processes or trusted processes which are always at risk of being hijacked by various attacks such as the buffer overflow attack.Once they are hijacked,the security of the whole system would be damaged.In this paper,a multi-protection domains process model is described which provides fine-grained kernel level protection for codes and data within process address space.The fine-grained internal protection of process can effectively prevent attackers from hijacking the whole process by damaging the process's data or codes.This paper offers two designs for this model and a prototype implementation of one of them.
作者 谢钧 黄皓 张佳
机构地区 南京大学计算机软件新技术国家重点实验室
出处 《电子学报》 EI CAS CSCD 北大核心 2005年第1期38-42,共5页 Acta Electronica Sinica
基金 江苏省自然科学基金 (No .BK2 0 0 2 0 73)
关键词 保护域 访问控制 计算机安全 操作系统 protection domain access control computer security operating system
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献9

  • 1K Kourai, S Chiba. A Secure Access Control Mechanism Against Intemet Crackers[R]. ISE-TR-01176, Institute of Information Sciences and Electronics, Univ.of Tsukuba, 2001.
  • 2J S Shapiro,J M Smith.D J Father.EROS:A fast capability system[A].In Proc.17th ACM Symposium on Operating Systems Principles[C].New York,1999.170—185.
  • 3K M Walker, D F Steme, M L Badger, et al. Confining root programs with domain and type enforcement (DTE) [A]. In Proc 6th USENIX Security Symposium[ C]. Washington DC, 1996.21 - 36.
  • 4C Cowan,P Wagle,C Pu,et al. Buffer overflows:Attacks and defenses for the vulnerability of the decade [A]. In Proc DARPA lnformation Survivability Conference and Expo[C] .Hilton Head SC,2000.1119-1130.
  • 5W D Young, P A Telega, W E Boebert. A verified labeler for the secure ada target [A]. In Proe 9th National Computer Security Conference[C]. Gaithersburg MD, 1986.55 - 61.
  • 6R Wahbe, S Lucco, T E Anderson, S L Graham. Ffficieat softwarebased fault isolation [J]. ACM Operating Systems Review, 1993, 27(5) :203 - 16.
  • 7B N Bershad,T E Anderson, E D Lazowska, et al. Extensibility, safety and performance in the SPIN operating system [J]. ACM Operating Systems Review, 1995,29(5):267 - 284.
  • 8T C Chiueh, G Venkitachalam, P Pradhan. Integrating segmantation and paging protection for safe, efficient and transparent software extensions[A].In Proc 17th ACM Symposium on Operating Systems Principles[C] .New York,1999.140- 153.
  • 9M Takahashi, K Kono, T Masuda. Efficient kerenel support of fine-grained protection domains for mobile code [A]. In Proc 19th IEEE International Conference on Distributed Computing Systems[C]. Austin TX, 1999.64- 73.

同被引文献55

引证文献4

二级引证文献7

电子学报
2005年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部