| 一个分层隔离的操作系统内核 |
| |
| 引用本文: | 谢钧,张韬,张士庚,黄皓.一个分层隔离的操作系统内核[J].计算机应用,2005,25(6):1286-1289. |
| |
| 作者姓名: | 谢钧 张韬 张士庚 黄皓 |
| |
| 作者单位: | 1.南京大学计算机软件新技术国家重点实验室; 2.解放军理工大学指挥自动化学院 |
| |
| 基金项目: | 国家自然科学基金资助项目(60473093),江苏省自然科学基金资助项目(BK2002073) |
| |
| 摘 要: | 传统单块结构操作系统的所有内核代码在一个公共的、共享的地址空间运行,因此内核中任何一个漏洞或在内核中加载任何不可靠模块都会威胁到整个系统的安全。研究并实现了一个分层隔离的操作系统安全内核,将内核特权分割隔离,阻止内核安全漏洞的扩散,防止恶意内核模块代码对内核代码数据的随意篡改。原型操作系统完全自主开发,支持i386体系结构。
|
| 关 键 词: | 操作系统安全 内核结构 隔离保护机制 计算机安全 |
| 文章编号: | 1001-9081(2005)06-1286-04 |
Layered and separated operating system kernel |
| |
| XIE Jun,ZHANG Tao,ZHANG Shi-geng,HUANG Hao.Layered and separated operating system kernel[J].journal of Computer Applications,2005,25(6):1286-1289. |
| |
| Authors: | XIE Jun ZHANG Tao ZHANG Shi-geng HUANG Hao |
| |
| Affiliation: | 1. State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing Jiangsu 210093, China; 2. Institute of Command Automation, PLA University of Science and Technology, Nanjing Jiangsu 210007, China |
| |
| Abstract: | In traditional monolithic kernel operating systems, all kernel codes run within a common and shared address space, and any vulnerabilities in kernel or any untrusted modules loaded in kernel would compromise the whole system security. The development of a layered and separated secure kernel was described in this paper. Since the powers of kernel are partitioned, the vulnerabilities of kernel are confined, and arbitrarily tampering of kernel by malice codes was prevented. The prototype system is entirely developed from beginning for the i386 architecture. |
| |
| Keywords: | operating system security kernel structure separation mechanism computer security |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
