期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

安全操作系统中的功能隔离机制 被引量:1

The function isolation mechanism in secure operating system
下载PDF
导出
摘要 在分析现有操作系统安全机制的基础上,针对空间隔离技术的不足之处,提出了功能隔离的新思想.功能隔离可以提供更细致的隔离粒度,并可使不同类别的功能请求在相互隔离的执行域中执行,从而提高系统的可靠性与安全性.详细描述了功能隔离的定义,讨论了功能划分的方法和PFI、ASFI两种功能隔离机制及其关键实现技术.实验数据说明,采用功能隔离不会明显影响系统的效率. Considering the limitations of current space isolation technique, a new security mechanism adopting function isolation is proposed. With the mechanism more delicate granularity of function can be used and different execution domains corresponding to different function requests may be isolated each other, so the safety of operating system can be improved. In the paper the principle and algorithm for function division are introduced in detail, and two kinds of isolating mechanisms PFI and ASFI are presented. Experiment results show that the overhead of function isolation wouldn't reduce the system efficiency notably.
作者 龚育昌 唐玲 张晔 贾永泉
机构地区 中国科学技术大学计算机科学技术系
出处 《中国科学院研究生院学报》 CAS CSCD 2008年第4期538-548,共11页 Journal of the Graduate School of the Chinese Academy of Sciences
基金 国家自然科学基金项目(60273042) 安徽省自然科学基金项目(03042203)资助
关键词 安全关键操作系统 空间隔离 功能隔离 功能划分 safety critical operating system; spatial isolation; function isolation; function dividing
分类号 TP316 [自动化与计算机技术—计算机软件与理论] TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献10

  • 1Knight JC. Safety critical systems: challenges and directions. In: Proceedings of the 24th International Conference on Software Engineering. New York: ACM Press, 2002. 547 - 550
  • 2Lamastra G. The design of operating systems supporting temporal isolation: [ Ph. D. Thesis]. Pisa Italy: ReTis Laboratory, Scuola Superiore S Anna, 2000
  • 3LynuxWorks. LynxOS. http://www.lynuxworks.com/rtos/rtos.php
  • 4杨仕平,桑楠,陈慧,熊光泽.安全关键实时操作系统时间隔离保护机制的设计与实现[J].计算机研究与发展,2004,41(7):1306-1314. 被引量:2
  • 5谢钧,黄皓,张佳.基于分段保护的内核模块隔离机制[J].计算机应用与软件,2006,23(12):14-15. 被引量:1
  • 6Daniel P Borer, Marco Cesati. Understanding the linux kernel (3rd). O'REILLY. 2006
  • 7U Vahalia. Unix internals: The new frontiers (2nd). Prentice Hall,2006
  • 8Friedrich LF, Stankovic J, Humphrey M, et al. A survey of configurable, component-based operating systems for embedded applications. IEEE Micro, 2001, 21 (3) :54 - 68
  • 9吴明桥,陈香兰,张晔,龚育昌.一种基于服务体/执行流的新型操作系统构造模型[J].中国科学技术大学学报,2006,36(2):230-236. 被引量:10
  • 10Draves RP, Bershad BN, Rashid RF, et al. Using continuations to implement thread management and communicateon in operating systems. In: Proceedings of the Thirteenth ACM Symposium on Operating Systems Principles, 1991

二级参考文献35

  • 1李宏,陈香兰,吴明桥,龚育昌,赵振西.服务体模型与操作系统内核设计技术[J].计算机研究与发展,2005,42(7):1272-1276. 被引量:13
  • 2J C Knight.Safety critical systems:Challenges and directions.The 24th Int'l Conf on Software Engineering,Orlando,Florida,2002
  • 3K J Wika.Safety kernel enforcement of software safety policies:[Ph D dissertation].Charlottesville,VA:Department of Computer Science,University of Virginia,1995
  • 4J Wahbe,S Lucco,T Anderson.Efficient software-based fault isolation.The 14th ACM Symp on Operating System Principles,North Carolina,United States,1996
  • 5G Lamastra.The design of operating systems supporting temporal isolation:[Ph D dissertation].Pisa,Italy:ReTis Laboratory,Scuola Superiore S Anna,2000
  • 6C C Bakshi,L Bela.A virtual memory system for real-time applications.Real-Time Systems Symposium,Arizona,USA,1992
  • 7M Y Zhu,L Luo,G Z Guang.A provably correct operating system:δ-Core.ACM SIGOPS Operating Systems Review,2001,35(1):17~33
  • 8K Elphinstone,G Heiser.L4 reference manual.School of Computer Science and Engineering,University of New South Wales,Tech Rep,1997.http:/www.cse.unsw.edu.au/`disy/L4/MIPS/l4uman.ps.gz
  • 9C W Mercer,S Savage,H Tokuda.Temporal protection in real-time operating systems.The 11th IEEE Workshop on Real-Time Operating System and Software,Seattle,WA,1994
  • 10Y Song.Time constrained communication over switched Ethernet.The 4th Int'l Conf on Fieldbus Systems and Their Applications,Nancy,France,2001

共引文献10

同被引文献10

  • 1Chen Hao, Wagner D, Dean D. Setuid Demystified[C]//Proc. of the 11th USENIX Security Symposium. San Francisco, USA:[s. n.], 2002.
  • 2Kamp P H, Watson R N. Jails: Confining the Omnipotent Root[C]// Proc. of the 2nd Int'l System Administration and Network Engineering Conference. Maastricht, The Netherlands: [s. n.], 2000.
  • 3Chen Shuo, John D, Chad V, et al. A Black-box Tracing Technique to Identify Causes of Least-privilege Incompatibilities[C]//Proc. of Network and Distributed System Security Symposium.[S. l.]: IEEE Press, 2005.
  • 4Douglas K. Privman: A Library for Partitioning Applications[EB/OL]. (2003-11-07). http://www.usenix.org/event/usenix 03/tech/freenix03/kilpatrick.html.
  • 5Price D, Tucker A. Solaris Zones: Operating System Support for Consolidating Commercial Workloads[C]//Proc. of LISA'04. Atlanta, USA: [s. n.], 2004.
  • 6Yu Yang, Guo Fanglu, Susanta N, et al. A Feather-weight Virtual Machine for Windows Applications[C]//Proc. of the 2nd ACM Conf. on Virtual Execution Environments. [S. l.]: ACM Press, 2006.
  • 7Buyens K, Win B D, Joosen W. Resolving Least Privilege Violations in Software Architectures[C]//Proc. of the 5th Int'l Workshop on Software Engineering for Secure Systems. Vancouver, Canada: [s. n.], 2009.
  • 8毛德操 胡希明.Linux内核源代码情景分析[M].杭州:浙江大学出版社,2001..
  • 9徐宁,刘文清,孟凯凯,王亚弟.SELinux特权用户管理的设计与应用[J].计算机工程,2011,37(10):120-122. 被引量:4
  • 10季庆光,卿斯汉,贺也平.支持POSIX权能机制的一个新的特权控制的形式模型[J].中国科学(E辑),2004,34(6):683-700. 被引量:5

引证文献1

二级引证文献2

中国科学院研究生院学报
2008年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部