ISSN 1000-1239 CN 11-1777/TP

• 论文 • 上一篇    下一篇


单智勇 石文昌   

  1. (中国人民大学信息学院 北京 100872) (教育部数据工程与知识工程重点实验室 北京 100872) (中国人民大学系统与信息安全研究实验室 北京 100872)(
  • 出版日期: 2008-05-15

STBAC: A New Access Control Model for Operating System

Shan Zhiyong and Shi Wenchang   

  1. (School of Information, Renmin University of China, Beijing 100872) (Key Laboratory of Data Engineering & Knowledge Engineering, MOE, Beijing 100872) (Systems & Information Security Research Laboratory, Renmin University of China, Beijing 100872)
  • Online: 2008-05-15

摘要: 现代操作系统的主要威胁来自网络,传统访问控制机制在这方面尚有不足.提出一种应用于操作系统的访问控制模型——STBAC,可以有效防御网络攻击,并保持较好的兼容性和易用性.即使系统被攻破,STBAC模型仍然能保护关键资源,使入侵者无法达到真正的破坏目的.STBAC模型以进行过不可信远程通信的进程为可疑感染的起点,依据感染规则追踪可疑感染进程及其子进程在内核中的活动,依据保护规则禁止可疑感染进程非法访问关键资源,以防止系统关键资源遭到破坏.对原型系统的测试表明,STBAC模型在不明显影响系统兼容性和性能的前提下,可以有效地保护系统安全.

关键词: 操作系统, 访问控制, 信息流, 安全性, 可疑感染

Abstract: With the rapid development and increasing use of network, threats to modern operating systems mostly come from network, such as buffer overflows, viruses, worms, Trojans, DOS, etc. On the other hand, as computers, especially PCs, become cheaper and easier to use, people prefer to use computers exclusively and share information through network. The traditional access control mechanisms, however, can not deal with them in a smart way. Traditional DAC in OS alone cannot defeat network attacks well. Traditional MAC is effective in maintaining security, but it has problems of application incompatibility and administration complexity. To this end, a new access control model named STBAC for operating system is proposed which can defeat attacks from network while maintaining good compatibility, simplicity and performance. Even in the cases when some processes are subverted, STBAC can still protect vital resources, so that the intruder cannot reach his/her final goal. STBAC regards processes that have done nontrustablecommunication as starting points of suspicious taint, traces the activities of the suspiciously tainted processes and their child processes by taint rules, and forbids the suspiciously tainted processes to illegally access vital resources by protection rules. The tests on the STBAC prototype show that it can protect system security effectively without imposing heavy compatibility and performance impact upon operating system.

Key words: operating system, access control, information flow, security, suspicious taint