MAO Weifeng,PING Lingdi,JIANG Li,CHEN Xiaoping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.068

2006-01-01

Abstract:SECOS is a secure operating system with independent intellectual property right,which accords with the requirements of level 4 secure operation system technology.This paper illustrates some key issues of the system,including design method for enchancement of security,improved model from the Bell-La Padula MAC(mandatory access control) implementation,the realization of the model,formal method during the system development,conversiion channel analysis and its prevention,and secure deletion.The performance evaluation shows the design and implementation of SECOS is effective.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

Xiaoguang Wang,Yong Qi,Zhi Wang,Yue Chen,Yajin Zhou

DOI: https://doi.org/10.1109/tdsc.2017.2675991

2019-01-01

Abstract:The OS kernel is critical to the security of a computer system. Many systems have been proposed to improve its security. A fundamental weakness of those systems is that page tables, the data structures that control the memory protection, are not isolated from the vulnerable kernel, and thus subject to tampering. To address that, researchers have relied on virtualization for reliable kernel memory protection. Unfortunately, such memory protection requires to monitor every update to the guest's page tables. This fundamentally conflicts with the recent advances in the hardware virtualization support. In this paper, we propose SecPod, an extensible framework for virtualization-based security systems that can provide both strong isolation and the compatibility with modern hardware. SecPod has two key techniques: paging delegation delegates and audits the kernel's paging operations to a secure space; execution trapping intercepts the (compromised) kernel's attempts to subvert SecPod by misusing privileged instructions. We have implemented a prototype of SecPod based on KVM. Our experiments show that SecPod is both effective and efficient.

Dan Meng,Jie Ma,Jin He,Limin Xiao,Zhiwei Xu

DOI: https://doi.org/10.1109/IPDPS.2002.1016641

2002-01-01

Abstract:This paper introduces semi-user-level communication architecture, a new high-performance light-weighted communication architecture for inter-node communication of clusters. Different from traditional kernel-level networking architecture and user-level communication architecture, semi-user-level communication architecture removes OS kernel from its message-receiving path while reserves an OS trapping on its message-sending path. No interrupt handling is needed. This new communication architecture doesn't support user-level access to network interface. It provides good portability, security, and support for heterogeneous networking environment and usage of large memory. Semi-user-level communication architecture has been implemented on a SMP workstation cluster system called DAWNING-3000, which is interconnected through Myrinet. Communication performance results are given and overhead distribution is analyzed.

JIANG Li,CHEN Jian,PING Ling-di,CHEN Xiao-ping

DOI: https://doi.org/10.3785/j.issn.1008-973x.2010.05.004

2010-01-01

Abstract:In multithreaded environment,sensitive information is often deliberately released by many real applications and sometimes information needs to become more confidential. In order to address this situation,a security policy was defined in the style of strong bisimulation equivalence,which can handle both information leaking and erasing. The policy controls what information is released and guarantees that attackers cannot exploit information releasing mechanisms to reveal more sensitive data than intended. Moreover,it ensures that public data after erasing cannot be abused by attackers. Then a secure transforming type system was proposed to enforce the security policy by using the cross-copying technique,which can eliminate internal timing covert channels resulting from the interplay between different threads. The transforming type system can transform an insecure program into a secure one,trying to close information leaks. The secure program has the same structure as the original program and models the same timing behavior. Finally,the soundness of the type system was proved with respect to the operational semantics. Results indicate that if a program can be transformed according to typing rules,the resulting program satisfies the security policy.

WU Zhen,CHEN Yao-wu

DOI: https://doi.org/10.3969/j.issn.1005-9490.2006.04.059

2006-01-01

Abstract:In order to reduce the complexity brought by a great deal of data communication among multi-processes,we introduce a new kind of IPC based on message for Linux,propose the architecture and its work procedure.All kinds of IPC of Linux were listed and compared with the message-based IPC.At last,we illuminate how to apply the message-based IPC in DVR software architecture.

Peng LIU,Shixiong XIA

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.10.028

2005-01-01

Abstract:The typical architecture of embedded systems with multiple CPUs is introduced. A method of the message-based interprocess communication(IPC) in the distributed operating system for such multi-CPU embedded systems is proposed. It compares this IPC method with other IPC methods in normal distributed operating systems.

Xian Chen,Wenzhi Chen,Peng Long,Zhongyong Lu,Zonghui Wang

DOI: https://doi.org/10.1109/cbd.2013.32

2013-01-01

Abstract:For the ability to explore the memory's fullest potential, memory de-duplication has been widely experimented with in current main stream virtualization platforms. A lot of work has been done to improve the efficiency of memory de-duplication, while too little attention was paid to the introduced security issues which have been proved by prior work. To deal with this security risk and efficiently manage the memory we start our work in this paper. We first conduct extensive experiments on different OS platforms to study the realistic situation of page sharing. By analyzing the results we find: 1) Page sharing is contributed mostly by self-sharing (nearly 90%), and the self-sharing rate varies significantly between Linux and Windows OS platforms. Compared with self-sharing the inter-VM sharing rate is extremely low, under 1% in most cases. 2) Page size has a larger influence on Linux platform than Windows platform, so sub-page de-duplication proposed in prior work may achieve better performance on Linux platform. On the basis of above findings we propose a group-based secure page sharing model (or GSKSM), in which we consider both VM processes and normal processes. We have successfully implemented it in Linux kernel 3.6.6, and the experiment results show it works well with negligible overhead. Finally based on GSKSM we further present an efficient memory management approach (or SEMMA), which combines GSKSM and balloon technique to efficiently manage the memory, and the preliminary experiment result is satisfactory.

Jin Hai,Zi Xiaochao,Pan Li,Li Jianhua

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.07.034

2006-01-01

Abstract:In this article,we firstly analyze access control technology of current operating system. Then we discuss the three dimension access model,based on traditional access control model. And,the paper introduces the concept of access control based on program.After that,we introduce Linux Security Module in Linux kernel 2.6. Finally,we design and implement the access control mechanism based on the program privilege.

Liye Tian,Xing Rong,Tingting Liu

DOI: https://doi.org/10.1007/978-3-642-35211-9_3

2012-01-01

Abstract:To control file access in Linux, Linux Security Module (LSM) and Virtual Filesystem are analyzed. Based on the LSM security field & hooks, a file mandatory access control system is designed and implemented on Linux2.6.26. This system meets GB 17859-1999's requirements by preserving subject and object labels. Kernel hooks are widely used in the system to get labels and judge if an access is legal. In a simplified environment the system is tested, test result shows that the system is able to complete file mandatory access control according to security policy.

Ke Pei,Gang Zhang,Chang Qing

DOI: https://doi.org/10.1109/APWCS.2010.26

2010-01-01

Abstract:Most of embedded multiprocessor platforms are ideal for running diverse operating systems and implementing different applications. Inter-processor communication interface makes it possible for an embedded multi-processor system to easily support multiple subsystems parallel processing. This paper propose a kind of OS-level communication interface implementing method based-on HPI in the Complementary Multi-processor System and present the primary principles and corresponding DSP side code structure for HPI. Take a single-board embedded multimedia system which was integrated three embedded microprocessors (PXA255, TMS320DM642 and SM501) as hardware platform, detailed description of how implement tasks communication and data transform by HPI between different embedded OS(ARM-Linux and μC/OS-II) running on ARM and DSP separately.

Chen Weidong,Wang Chao,Zhang Li,Xu Zheng,Xing Xishuang

DOI: https://doi.org/10.3969/j.issn.1000-386x.2013.03.080

2013-01-01

Abstract:Information security of server is encountering increasingly serious security menace.Viruses,worms,Trojans and other malicious programs impose the threat on the security of server system.The operating system has the needs to identify and control from kernel layer the subjects and objects imperilling the security.Mandatory access control has to be executed on files,registry,process,etc.in kernel layer.We study and address the implementation of operating system security kernel in terms of system resources and networks covert communication in this paper.The system has been applied to the corporate websites,various types of servers and other network security applications that have higher security requirement.The mandatory access control and each process,file,registry and network communications,etc.are all endued the appropriate security attributes systematically.Security attributes are set by the administrator strictly in accordance with the rules.Combined with the principle of least privilege and security auditing,security control is conducted at the application layer on the server or server cluster.

GAO Yan-Yan,LI Xi,ZHOU Xue-Hai

2011-01-01

Abstract:Inter-process communication(IPC) mechanism is one of the key technologies of microkernel operating system.In this paper we present a formal method to model and verify the IPC implementation.The source code of L4 IPC implementation is translated into Abstract model which is described in Promela,and the Abstract model can be verified with Spin directly.The experimental results show the feasibility and practicality of the method.

Ennan Zhai,Qingni Shen,Yonggang Wang,Tao Yang,Liping Ding,Sihan Qing

DOI: https://doi.org/10.1007/978-3-642-20291-9_38

2011-01-01

Abstract:Host compromise is a serious security problem for operating systems. Most previous solutions based on integrity protection models are difficult to use: on the other hand, usable integrity protection models can only provide limited protection. This paper presents SecGuard, a secure and practical integrity protection model. To ensure the security of systems. SecGuard provides provable guarantees for operating systems to defend against three categories of threats: network-based threat, IPC communication threat and contaminative file threat. To ensure practicability, SecGuard introduces several novel techniques. For example, SecGuard leverages the information of existing discretionary access control information to initialize integrity labels for subjects and objects in the system. We developed the prototype system of SecGuard based on Linux Security Modules framework (LSM), and evaluated the security and practicability of SecGuard.

Zhiyong Shan,Yang Yu,Tzi-cker Chiueh

DOI: https://doi.org/10.48550/arXiv.1609.04781

2016-09-15

Operating Systems

Abstract:As OS-level virtualization technology usually imposes little overhead on virtual machine start-up and running, it provides an excellent choice for building intrusion/fault tolerant applications that require redundancy and frequent invocation. When developing Windows OS-level virtual machine, however, people will inevitably face the challenge of confining Windows Inter-Process Communications (IPC). As IPC on Windows platform is more complex than UNIX style OS and most of the programs on Windows are not open-source, it is difficult to discover all of the performed IPCs and confine them. In this paper, we propose three general principles to confine IPC on Windows OS and a novel IPC confinement mechanism based on the principles. With the mechanism, for the first time from the literature, we successfully virtualized RPC System Service (RPCSS) and Internet Information Server (IIS) on Feather-weight Virtual Machine (FVM). Experimental results demonstrate that multiple IIS web server instances can simultaneously run on single Windows OS with much less performance overhead than other popular VM technology, offering a good basis for constructing dependable system.

LIU Qian,LUO Yuan,WENG Chu-liang,LI Ming-lu

DOI: https://doi.org/10.3969/j.issn.1674-9456.2010.06.012

2010-01-01

Abstract:Access control is the widely used way to guarantee the security of communication between virtual machines(VMs).But it is limited in flexibility and scalability.To overcome this limitation,this paper proposes a suite of security protocols for virtual machine systems.These security protocols establish a trusted path from bottom hardware to applications in VMs,by utilizing trusted platform module(TPM) as the trusted root.As a result,security functions,including granting key and certificate,identity authentication,secure communication between VMs,key and certificate update,are fulfilled successfully.Besides,these security protocols are implemented in Xen.

LI Hong-jiao,LI Jian-hua,ZHU Hong-wen

DOI: https://doi.org/10.3321/j.issn:1006-2467.2005.08.021

2005-01-01

Abstract:A new access control method,called Multi-policy Access Control Model(MACM),was proposed by analyzing the limitations of single security model and the security requirements of electronic government applications.The new method makes use of virtues of single security model,and at the same time the system's reliability and availability are taken into account. The formal description of the new method was given and its implementation on Linux kernel was investigated.The performance tests show that there is little overhead introduced by the method.

ZENG Ling-hua,SHE Kun,OUYANG Kai-cui,ZHOU Ming-tian

2005-01-01

Journal of Computer Applications

Abstract:The kernel module of security middleware is the Common Security Service Manager (CSSM).Its architecture and process of the security service were discussed.The management module of Security Services Provider Module(SSPM),part of CSSM,was designed and implemented.The data structure and the algorithm used in SSPM management module of CSSM,were also introduced.

LIU Wei-peng,HU Jun,LV Hui-jun,LIU Yi

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.07.056

2008-01-01

Abstract:This paper analyses the main design idea of Linux Security Module(LSM) and the problem of the intrinsic access control mechanism of Linux executable program, and discusses the design of Mandatory Access Control(MAC) mechanism of executable program based on LSM. As the demonstration, it implements a MAC system prototype based on Linux kernel 2.6.11. The illumination that how to implement MAC of executable program in operating system is given.

Zhiyong Tan,Duo Liu,Xuejun Zhuo,Yiqi Dai,Laurence T. Yang

DOI: https://doi.org/10.1007/s11227-011-0732-z

IF: 3.3

2013-01-01

The Journal of Supercomputing

Abstract:This paper presents the design and implementation features of Centralized Pervasive Computing Environment/Multilevel Security (CPCE/MLS), a multilevel security (MLS) system in pervasive computing environment deployed in Local area network (LAN) with a Mandatory Access Control (MAC) mechanism. By introducing the server-storage terminals and implementing the multilevel security access control mechanism based on the Bell---LaPadula model, process creation supervision, and an auditing mechanism, the CPCE/MLS system is able to provide the security guarantee of the whole computing environment. As such, each terminal is controlled under an integrated security policy. The performance test results show that the CPCE/MLS system, without optimization, generates great overhead but achieves significantly better performance after the cache mechanism is added in the monitor agent and in the hook driver. The system with the hook driver cache mechanism is able to achieve the 95.9% throughput of the native system with 8 K and 16 K requested data blocksize.