| 进程内细粒度保护域模型及其实现 |
| |
| 引用本文: | 王志强,黄皓,夏磊. 进程内细粒度保护域模型及其实现[J]. 计算机应用, 2007, 27(6): 1356-1359 |
| |
| 作者姓名: | 王志强 黄皓 夏磊 |
| |
| 作者单位: | 南京大学计算机系南京大学计算机系南京大学计算机系 |
| |
| 摘 要: | 提出了一种利用细粒度保护域方法实现进程权限动态改变的机制。根据进程的不同执行阶段对系统资源和程序地址空间访问方式的不同,将其划分为多个保护域。设置各个保护域对程序地址空间的访问方式,使之能有效地防御用户态代码注入攻击;保护域对系统资源访问的控制通过一个强制访问控制框架来实施,以此满足系统的安全策略。
|
| 关 键 词: | 保护域 访问控制 flask安全体系结构 信息安全 |
| 文章编号: | 1001-9081(2007)06-1356-04 |
| 收稿时间: | 2006-12-14 |
| 修稿时间: | 2006-12-14 |
Fine-grained protection domain model in a process and its implementation |
| |
| WANG Zhi-qiang,HUANG Hao,XIA Lei. Fine-grained protection domain model in a process and its implementation[J]. Journal of Computer Applications, 2007, 27(6): 1356-1359 |
| |
| Authors: | WANG Zhi-qiang HUANG Hao XIA Lei |
| |
| Affiliation: | 1. Department of Computer Science and Technology, Nanjing University, Nanjing Jiangsu 210093, China; 2. State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing Jiangsu 210093, China |
| |
| Abstract: | A fine-grained protection domains method was proposed to address the problem of dynamically changing a process's capabilities. According to a process's different access mode of its address space and system resources in its different executing phases, this model partitions it into multiple protection domains. Then it sets up access mode of address space for each of them, which makes it feasible to resist code injection attacks. Meanwhile, it integrates Mandatory Access Control (MAC) framework into it to provide the access control of system resources, which meets the security requirement of the system. |
| |
| Keywords: | protection domain access control flask security architecture information security |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
