显式授权机制及对应的可信安全计算机

Explicit Authorization Mechanism and Corresponding Trusted Secure Computer Systems

下载PDF

导出

摘要现代计算机系统对恶意程序窃取、破坏信息无能为力的根本原因在于系统强行代替用户行使对信息的支配权,却又不能忠实履行用户的意愿.对此提出显式授权机制,给出了信息窃取、破坏型恶意程序的精确定义,并证明基于显式授权机制的计算机能够实时、可靠抵御恶意程序的窃取、破坏攻击;给出了基于该机制的两种可信安全计算机系统.第一种可信安全计算机系统是直接将显式授权机制融入到操作系统中,能够实时、可靠抵御任意恶意程序和隐藏恶意的应用程序的信息攻击,同时与现有计算机系统具有很好的软硬件兼容性.第二种可信安全计算机系统对现有计算机硬件结构、操作系统均有小改动,但具有更强的抗攻击性能,能够实时、可靠阻止恶意操作系统自身发起的破坏攻击. In this paper, the authors point out that the deep reason why modern computer system fails to defense malware lies in that user has no right to control the access of information. Based on it, the authors propose an explicit authorization mechanism, and give a formal definition of malware that steals or destroys information. Further, they prove that computer based on this novel mechanism can protect information from attacking reliably, and present two trusted secure computer systems based on it. In the first system, the explicit authorization mechanism is embedded into operating system, and the system can prevent information from being attacked by arbitrary malware or malicious application. The system is highly compatible with current computer hardware and software. In the second system, slight changes are made to hardware and operating system. However, the system has stronger anti-attack ability and can prevent attack from operating system itself reliably and timely.

作者何鸿君曹四化罗莉冯涛潘莉邹之霁

机构地区国防科学技术大学计算机学院

出处《计算机学报》 EI CSCD 北大核心 2006年第8期1318-1328,共11页 Chinese Journal of Computers

基金现代通信国家重点实验室基金课题(51436050505KG0101)资助.

关键词信息窃取信息破坏恶意程序显式授权机制可信安全计算机 information stealing information destroying malware explicit authorization mechanism trusted secure computer system

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献37

1Cohen F.. Friendly contagion: Harnessing the subtle power of computer viruses. The Sciences, 1991, (9/10): 22-28
2Spafford E. H.. Response to Fred Cohen's "contest". The Sciences, 1992, (1/2): 4
3Gligor V. D.. 20 years of operating systems security. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy,Oakland, California, 1999,108-110
4Shapiro J. S. , Vanderburgh J. , Northup E. , Chizmadia D..Design of the EROS trusted window system. In: Proceedings of the 13th USENIX Security Symposium, San Diego, 2004,165-178
5Andrew "bunnie" Huang. The trusted PC: skin-deep Security.IEEE Computer, 2002, 35(10):103-105
6Microsoft Corporation. NGSCB.. Trusted computing base and software authentication. Microsoft Corporation, White paper,2003
7Microsoft Corporation. Security model for the next-generation secure computing base. Microsoft Corporation, White paper,2003
8Sandhu R. S. , Samarati P.. Acess control: Principles and practice. IEEE Communications Magazine, 1994, (9): 40-48
9Ferraiolo D. F. , Sandhu R. , Gavrila S. , Kuhn D. R. , Chandramouli R.. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 2001, 4(3): 224-274
10Oliveira S. R. M. , Zaiane O. R.. Foundations for an access control model for privacy preservation in multi-relational association rule mining. In: Proceedings of the IEEE International Conference on Privacy, Security and Data Mining, Maebashi City, Japan, 2002, 14- 19-26

1唐岢.显式授权机制及对应的可信安全计算机漫谈[J].中国科技信息,2013(13):69-69.
2倪建武.计算机网络信息安全威胁及其防护策略[J].信息与电脑（理论版）,2012,0(8):19-20. 被引量：3
3吴华,王海顺.计算机主机信息安全问题研究[J].安阳师范学院学报,2009(5):85-87.
4杨烩荣.信息安全面临的威胁[J].公安应用技术通讯,2000(1):9-12.
5笑迎.星星姐姐信箱[J].少年月刊（小学高年级）,2011(4):13-14.
6熊礼治,徐正全,顾鑫.云环境数据服务的可信安全模型[J].通信学报,2014,35(10):127-137.
7陈木朝.基于虚拟机的云计算可信安全技术分析与探究[J].电子制作,2014,22(18):95-95. 被引量：1
8潘林,陈萍,于晗,赵敏.可信安全云防护系统的设计[J].科教文汇,2016(1):176-178. 被引量：1
9政务内网可信安全解决方案[J].计算机安全,2006(6):23-24.
10翟胜军.校园网络安全的建设思路[J].中国教育信息化（高教职教）,2010(9):25-25.

计算机学报

2006年第8期

浏览历史

内容加载中请稍等...

显式授权机制及对应的可信安全计算机

参考文献37

相关作者

相关机构

相关主题

浏览历史