期刊文献+

基于多安全机制的Linux应用沙箱的设计与实现 被引量:4

Design and Implementation of Linux Application Sandbox Based on Multiple Security Mechanisms
下载PDF
导出
摘要 文章设计了一个具有自己独立工作目录的Linux应用沙箱,可为用户对不信任的应用程序提供一个独立和安全的运行环境,应用程序在沙箱中所做的操作对主机不会造成任何影响。该沙箱提供了文件系统隔离、系统资源隔离、物理资源隔离、权能限制和强制访问控制(Mandatory Access Control,MAC)等策略,添加了地址随机化、不可执行页保护等内存保护安全策略。与已有沙箱对比,文章设计的沙箱增加了多种安全机制,提高了系统的安全性,保护了系统的数据安全和用户的个人隐私等。 Linux application sandbox is designed for providing an independent, secure operating environment for untrusted applications. The sandbox has its own independent working directory, and the operation of applications in the sandbox has no impact on the host. The sandbox provides iflesystem isolation, system resources isolation, physical resources isolation, capabilities limits and mandatory access control (MAC) policies, adding memory protection policies like address randomization and non-executable memory page protection. The sandbox increases several security mechanisms relative to existing sandboxes, improving the system security and protecting the system and user’s personal privacy.
出处 《集成技术》 2014年第4期31-37,共7页 Journal of Integration Technology
基金 国家高技术研究发展计划(863计划)(2012AA01A401)
关键词 Linux应用沙箱 资源隔离 强制访问控制 权能 内存安全保护 Linux application sandbox resources isolation MAC capabilities memory protection
  • 相关文献

参考文献4

二级参考文献21

  • 1I. Goldberg, D. Wagner, R. Thomas, and E. Brewer. A secure environment for untrusted helper applications[J]. In Proc.6th USENIX Security Symposium, July 1996. 被引量:1
  • 2A. Acharya and M. Raje. MAPbox: Using parameterized behavior classes to confine untrusted applications[J]. In Proc. 9th USENIX Security Symposium, Aug. 2000. 被引量:1
  • 3A. Alexandrov, P. Kmiec, and K. Schauser. Consh: A confined execution environmem for internet computations [EB/OL]. http://www.cs. ucsb. edu/berto/papers/99-usenix-consh.ps,1998. 被引量:1
  • 4D, S. Peterson, M. Bishop, and R. Pandey. A flexible containment mechanism for executing untrusted code[J]. In Proc.11th USENIX Security Symposium, August 2002. 被引量:1
  • 5N. Proves. Improving host security with system call policies [C]. In Proc. 12th USENIX Security Symposium, pages 257-272, august 2003. 被引量:1
  • 6Trusted Computing Group (TCG)[S]. Main specification,2004. Version 1.2. 被引量:1
  • 7Trusted Computing Group (TCG)[S]. Trusted platform module protection profile, July 2004. 被引量:1
  • 8ISO/IEC. Information technology- Open Systems Interconnection-Evaluation criteria for information technology [S],1999. Standard ISO/IEC 15408. 被引量:1
  • 9W. A Arbangh, D J Farber, and J. M Smith. A secure and reliable bootstrap architecture [J]. In Proceedings 1997 IEEE Symposiurn on Security and Privacy, pages 65-71, May 1997. 被引量:1
  • 10C. Cowan, S. Beattie, G. Kroach- Hartman, C. Pu, P. Wagle, and V. Gligor. Subdomain: Parsimonious server security[C]. In Proc. Systems Administration Conference, Dec. 2000. 被引量:1

共引文献13

同被引文献17

引证文献4

二级引证文献10

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部