摘要
内核扩展的安全性对操作系统的稳定运行具有重要意义.内核扩展在为驱动开发提供了便捷的同时,但也带来了重大安全隐患.本文设计了一个新型内核扩展安全访问(Security Access to Kernel Extension,SAKE)模型系统,该系统通过对驱动模块的控制范围进行约束,对关键内核扩展函数接口进行审查,来实现安全的内核扩展访问.文中所述研究在Linux操作系统上对SAKE模型系统进行了实现,并结合多款驱动进行了评测.安全性评测结果表明SAKE能够提供安全内核扩展访问功能,并且性能评测表明该系统带来的开销很小.
Kemel extension is very essential for the stability of Operation System. It brings convenience as well as potential security loophole to driver development. This paper proposed a New Secure Access for Kernel Extension { SAKE} system, in which control limits of kernel extension module is constrained, and key function interface is checked, in order to guarantee the security of kernel ex- tension access. This SAKE model is tested in Linux system, and evaluated combined with several drivers. Security test results show that the proposed SAKE system can provide a more secure access for kernel extension, and the overhead it brings is very little accord- ing to the performance test results.
出处
《小型微型计算机系统》
CSCD
北大核心
2013年第10期2225-2230,共6页
Journal of Chinese Computer Systems
基金
国家"八六三"高技术研究发展计划项目(2011AA01A203)资助
关键词
内核扩展
操作系统
驱动安全
驱动可靠性
kernel extension
operating system
driver security
driver reliability
