摘要
The paper points out that the deep reason why modern computer system fails to defense malware lies in that user has no right to control the access of information, and proposes an explicit authorization mechanism. Its basic idea is that user explicitly authorizes program the file set it can access, and monitor all file access operations; once program requests to access file out of the authorized file set, refuse it, and this means that the program is malicious or has design errors. Computers based on this novel mechanism can protect information from attacking reliably, and have good software and hardware compatibility. A testing system is presented to validate our theory.
The paper points out that the deep reason why modern computer system fails to defense malware lies in that user has no right to control the access of information, and proposes an explicit authorization mechanism. Its basic idea is that user explicitly authorizes program the file set it can access, and monitor all file access operations; once program requests to access file out of the authorized file set, refuse it, and this means that the program is malicious or has design errors. Computers based on this novel mechanism can protect information from attacking reliably, and have good software and hardware compatibility. A testing system is presented to validate our theory.
基金
Supported by the Foundation of National Labora-tory for Modern Communications(51436050505KG0101)
