开放系统的恶意代码防御模型

提出了一个适用于开放系统环境的恶意代码防御模型。把系统内部划分为可信域和不可信域,可信域由已标识客体和已授权主体构成,不可信域由未标识客体和未授权主体构成。为把低完整性级别的信息限制在不可信域以防范恶意代码对可信域的渗透和攻击,定义了主体授权规则、客体访问规则和主体通信规则。为使可信域可以安全地同外界进行信息交换,引入了可信完整性部件。可信完整性部件由安全性检查部件和可信度提升部件构成,其中前者对所有要进入可信域的客体进行安全性检查,后者把经检查被认为是安全的客体转移到可信域并提升其完整性级别,从而在不损害安全性的前提下提高系统的可用性。

Malicious code defending model for open system

A malicious code defending model for open system is presented.It divides system into two security domains.One is named the Trusted Domain(TD) and the other is named the Untrusted Domain(UD).TD consists of all labeled objects and all authorized subjects.UD consists of all unlabeled objects and all unauthorized subjects.Rules are defined to regulate subject authorization,object access,and communications between subjects in order to confine low integrity level information in the UD thus to prevent malicious code from entering the TD.To improve system usability,a new security component named the Trusted Integrity Component(TIC) is introduced.The TIC is comprised of the Security Checking Component and the Integrity Upgrading Component.The former inspects security of all objects which are going to enter the TD,the latter upgrades the integrity level of those passed the security inspection and identifies them as members of the TD.