STBAC：一种新的操作系统访问控制模型  被引量：5

作　　者：单智勇[1,2,3] 石文昌[1,2,3] 

机构地区：[1]中国人民大学信息学院,北京100872 [2]教育部数据工程与知识工程重点实验室,北京100872 [3]中国人民大学系统与信息安全研究实验室,北京100872

出　　处：《计算机研究与发展》2008年第5期758-764,共7页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(60703103);国家“八六三”高技术研究发展计划基金项目(2007AA01Z414);中国人民大学科研基金项目(06XNB053)~~

摘　　要：现代操作系统的主要威胁来自网络,传统访问控制机制在这方面尚有不足.提出一种应用于操作系统的访问控制模型——STBAC,可以有效防御网络攻击,并保持较好的兼容性和易用性.即使系统被攻破,STBAC模型仍然能保护关键资源,使入侵者无法达到真正的破坏目的.STBAC模型以进行过不可信远程通信的进程为可疑感染的起点,依据感染规则追踪可疑感染进程及其子进程在内核中的活动,依据保护规则禁止可疑感染进程非法访问关键资源,以防止系统关键资源遭到破坏.对原型系统的测试表明,STBAC模型在不明显影响系统兼容性和性能的前提下,可以有效地保护系统安全.With the rapid development and increasing use of network, threats to modern operating systems mostly come from network, such as buffer overflows, viruses, worms, Trojans, DOS, etc. On the other hand, as computers, especially PCs, become cheaper and easier to use, people prefer to use computers exclusively and share information through network. The traditional access control mechanisms, however, can not deal with them in a smart way. Traditional DAC in OS alone cannot defeat network attacks well. Traditional MAC is effective in maintaining security, but it has problems of application incompatibility and administration complexity. To this end, a new access control model named STBAC for operating system is proposed which can defeat attacks from network while maintaining good compatibility, simplicity and performance. Even in the cases when some processes are subverted, STBAC can still protect vital resources, so that the intruder cannot reach his/her final goal. STBAC regards processes that have done non-trustable-communication as starting points of suspicious taint, traces the activities of the suspiciously tainted processes and their child processes by taint rules, and forbids the suspiciously tainted processes to illegally access vital resources by protection rules. The tests on the STBAC prototype show that it can protect system security effectively without imposing heavy compatibility and performance impact upon operating system.

关 键 词：操作系统 访问控制 信息流 安全性 可疑感染 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]