检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]北京交通大学,北京100044
出 处:《网络安全技术与应用》2014年第4期184-186,共3页Network Security Technology & Application
摘 要:目前,主流操作系统为了隔离用户程序对操作系统运行稳定性和安全性的影响,将计算机系统运行空间划分为内核空间和用户空间,分别对应系统级和用户级两种处理机运行层级。其间,操作系统所有内核模块的代码都运行在系统层级及一个公共的共享地址空间中。在操作系统实现外设兼容及内核模块扩展特性的过程中,内核中添加任何外部第三方代码都可能威胁到操作系统乃至整个计算机系统的安全。为此,本文就基于三层特权级的操作系统安全体系结构进行了研究,尝试将传统操作系统内核功能模块分割重组和分别放到两个独立的系统运行层级,以防止第三方恶意代码通过内核空间对系统代码与数据进行修改。论文验证性原型系统基于INTEL i386硬件体系结构自主设计和编制开发,初步测试结果令人满意。At present, the mainstream operating system in order to isolate the effects of user program on the stability and security of the operating system, the operating space into computer system as the kernel space and user space, corresponding to system level and user level two processor operation level.In the meantime, code all the kernel modules operating system running in the system level and a public shared address space.In the operating system kernel module peripherals compatibility and propagation characteristics in the process, add any external third party code in the kernel may pose a threat to the operating system and the computer system security.Therefore, the operating system security architecture based on three layers of privilege level were studied, trying to traditional operating system kernel function module dividing reorganization and into two independent system operation level, in order to prevent the third party malicious code on the system code and data by modifying the kernel space.INTEL i386 hardware architecture independent design and development verification prototype system based on this paper, preliminary results are satisfactory.
分 类 号:TP316[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.249