摘要
现代操作系统的主要威胁来自网络,传统访问控制机制在这方面尚有不足.提出一种应用于操作系统的访问控制模型——STBAC,可以有效防御网络攻击,并保持较好的兼容性和易用性.即使系统被攻破,STBAC模型仍然能保护关键资源,使入侵者无法达到真正的破坏目的.STBAC模型以进行过不可信远程通信的进程为可疑感染的起点,依据感染规则追踪可疑感染进程及其子进程在内核中的活动,依据保护规则禁止可疑感染进程非法访问关键资源,以防止系统关键资源遭到破坏.对原型系统的测试表明,STBAC模型在不明显影响系统兼容性和性能的前提下,可以有效地保护系统安全.
With the rapid development and increasing use of network, threats to modern operating systems mostly come from network, such as buffer overflows, viruses, worms, Trojans, DOS, etc. On the other hand, as computers, especially PCs, become cheaper and easier to use, people prefer to use computers exclusively and share information through network. The traditional access control mechanisms, however, can not deal with them in a smart way. Traditional DAC in OS alone cannot defeat network attacks well. Traditional MAC is effective in maintaining security, but it has problems of application incompatibility and administration complexity. To this end, a new access control model named STBAC for operating system is proposed which can defeat attacks from network while maintaining good compatibility, simplicity and performance. Even in the cases when some processes are subverted, STBAC can still protect vital resources, so that the intruder cannot reach his/her final goal. STBAC regards processes that have done non-trustable-communication as starting points of suspicious taint, traces the activities of the suspiciously tainted processes and their child processes by taint rules, and forbids the suspiciously tainted processes to illegally access vital resources by protection rules. The tests on the STBAC prototype show that it can protect system security effectively without imposing heavy compatibility and performance impact upon operating system.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2008年第5期758-764,共7页
Journal of Computer Research and Development
基金
国家自然科学基金项目(60703103)
国家“八六三”高技术研究发展计划基金项目(2007AA01Z414)
中国人民大学科研基金项目(06XNB053)~~
关键词
操作系统
访问控制
信息流
安全性
可疑感染
operating system
access control
information flow
security
suspicious taint
