开放系统的恶意代码防御模型  

Malicious code defending model for open system

在线阅读下载全文

作  者:陈泽茂[1] 柳景超[1] 周立兵[1] 沈昌祥[2] 

机构地区:[1]海军工程大学信息安全系,武汉430033 [2]海军计算技术研究所,北京100841

出  处:《计算机工程与应用》2007年第33期127-128,135,共3页Computer Engineering and Applications

基  金:国家高技术研究发展计划(863)(the National High-Tech Research and Development Plan of China under Grant No.2002AA144020)

摘  要:提出了一个适用于开放系统环境的恶意代码防御模型。把系统内部划分为可信域和不可信域,可信域由已标识客体和已授权主体构成,不可信域由未标识客体和未授权主体构成。为把低完整性级别的信息限制在不可信域以防范恶意代码对可信域的渗透和攻击,定义了主体授权规则、客体访问规则和主体通信规则。为使可信域可以安全地同外界进行信息交换,引入了可信完整性部件。可信完整性部件由安全性检查部件和可信度提升部件构成,其中前者对所有要进入可信域的客体进行安全性检查,后者把经检查被认为是安全的客体转移到可信域并提升其完整性级别,从而在不损害安全性的前提下提高系统的可用性。A malicious code defending model for open system is presented.h divides system into two security domains.One is named the Trusted Domain (TD) and the other is named the Untrusted Domain (UD).TD consists of all labeled objects and all authorized subjects.UD consists of all unlabeled objects and all unauthorized subjects.Rules are defined to regulate subject autho- rization,object access,and eommunieations between subjects in order to confine low integrity level information in the UD thus to prevent malicious code from entering the TD.To improve system ,sability,a new security component named the Trusted Integrity Component (TIC) is introduced.The TIC is comprised of the Security Checking Component and the Integrity Upgrading Component.The former inspects security of all objects which are going to enter the TD,the latter upgrades the integrity level of those passed the security inspection and identifies them as members of the TD.

关 键 词:恶意代码防御 完整性模型 安全模型 安全操作系统 可信计算 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象