WANG Gao-zu,LI Wei-hua,XU Yan-ling,SHI Hao-bin

DOI: https://doi.org/10.3969/j.issn.1001-3695.2008.06.057

2008-01-01

Abstract:This paper analyzed TrustZone technology and safety defects using μCLinux to construct embedded system.Then used DTE model and BLP model to enhance safety of μCLinux under LSM framework to solve safety problems of TrustZone technology in OS level.In the end,put forward a safety solution scheme for embedded system based on TrustZone technology and μCLinux with enhanced safety mechanism.And gave a brief introduction of implementation of the scheme.

LI Hong-jiao,LI Jian-hua,ZHU Hong-wen

DOI: https://doi.org/10.3321/j.issn:1006-2467.2005.08.021

2005-01-01

Abstract:A new access control method,called Multi-policy Access Control Model(MACM),was proposed by analyzing the limitations of single security model and the security requirements of electronic government applications.The new method makes use of virtues of single security model,and at the same time the system's reliability and availability are taken into account. The formal description of the new method was given and its implementation on Linux kernel was investigated.The performance tests show that there is little overhead introduced by the method.

MAO Weifeng,PING Lingdi,JIANG Li,CHEN Xiaoping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.068

2006-01-01

Abstract:SECOS is a secure operating system with independent intellectual property right,which accords with the requirements of level 4 secure operation system technology.This paper illustrates some key issues of the system,including design method for enchancement of security,improved model from the Bell-La Padula MAC(mandatory access control) implementation,the realization of the model,formal method during the system development,conversiion channel analysis and its prevention,and secure deletion.The performance evaluation shows the design and implementation of SECOS is effective.

Diming Zhang,Liangqiang Chen,Fei Xue,Hao Wu,Hao Huang

DOI: https://doi.org/10.1007/978-3-319-69659-1_19

2017-01-01

Abstract:Mobile security has become increasingly important in mobile computing, hence mandatory access control (MAC) systems have been widely used to protect it. However, malicious code in the mobile system may have significantly impact to the integrity of these MAC systems by forcing them to make the wrong access control decision, because they are running on the same privilege level and memory address space. Therefore, for a trusted MAC system, it is desired to be isolated from the malicious mobile system at runtime. In this paper, we propose a trusted MAC isolation framework called T-MAC to solve this problem. T-Mac puts the MAC system into the enclave provided by the ARM TrustZone so as to avert the direct impact of the malicious code on the access decision process. In the meanwhile, T-MAC provides a MAC supplicant client which runs in the mobile system kernel to effectively lookup policy decisions made by the back-end MAC service in the enclave and to enforce these rules on the system with trustworthy behaviors. Moreover, to protect T-MAC components that are not in the enclave, we not only provide a protection mechanism that enables TrustZone to protect the specific memory region from the compromised system, but establish a secure communication channel between the mobile system and the enclave as well. The prototype is based on SELinux, which is the widely used MAC system, and the base of SEAndroid. The experimental results show that SELinux receives enough protection, and the performance degradation that ranges between 0.53% to 7.34% compared to the original by employing T-MAC.

LIU Wei-peng,HU Jun,LV Hui-jun,LIU Yi

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.07.056

2008-01-01

Abstract:This paper analyses the main design idea of Linux Security Module(LSM) and the problem of the intrinsic access control mechanism of Linux executable program, and discusses the design of Mandatory Access Control(MAC) mechanism of executable program based on LSM. As the demonstration, it implements a MAC system prototype based on Linux kernel 2.6.11. The illumination that how to implement MAC of executable program in operating system is given.

Yutian Yang,Jinjiang Tu,Wenbo Shen,Songbo Zhu,Rui Chang,Yajin Zhou

DOI: https://doi.org/10.1109/tdsc.2023.3334268

2024-01-01

Abstract:Nowadays, code reuse attacks impose a substantial threat to the security of operating system kernels. Control-flow graph-based CFI techniques, while effective, bring considerable performance overhead, thus limiting their practical adoption in real-world products. As an alternative approach, recent research suggests safeguarding the integrity of sensitive pointers as a countermeasure against manipulation attempts. Unfortunately, existing pointer integrity protection schemes only protect sensitive pointers partially and ignore assembly code, leaving protection gaps. To fill up these protection gaps, we propose a novel security concept named full life-cycle integrity , which enforces the integrity of a sensitive pointer at every step on its value flow chain. To realize full life-cycle integrity, we propose three novel techniques, including assembly-aware sensitivity for analyzing assembly code, Merkle PAC tree for protecting interrupt context securely and efficiently, and pointer-grained authentication for defeating spatial substitution attacks. We have developed a practical implementation of comprehensive life-cycle integrity for the Linux kernel, called ”kernel Code Pointer Authentication” (kCPA), which leverages the ARM Pointer Authentication (PAuth) mechanism. This implementation has been extended to the Apple M1 architecture for real-world evaluation on PAuth hardware. Our assessment demonstrates that kCPA effectively mitigates a range of real-world attacks while incurring a minimal 2.5% performance overhead for the Phoronix Test Suite and nearly negligible performance impact for SPEC2017 benchmarks.

CHEN Hui,ZHOU Xue-Hai,CHEN Xiang-Lan

DOI: https://doi.org/10.3969/j.issn.1003-3254.2010.12.003

2010-01-01

Abstract:Security is always a hot topic with the development of computer technologies.Currently,mechanisms like active defense,detection and anti-detection are proposed.They could be implemented on different levels such as application-level and kernel-level in the system.We manage to go to the system-level.Linux owns mature security-enhanced version SELinux.For Windows,we focus on mandatory access control and propose a mechanism with improved efficiency,compatibility and stability.

Liye Tian,Xing Rong,Tingting Liu

DOI: https://doi.org/10.1007/978-3-642-35211-9_3

2012-01-01

Abstract:To control file access in Linux, Linux Security Module (LSM) and Virtual Filesystem are analyzed. Based on the LSM security field & hooks, a file mandatory access control system is designed and implemented on Linux2.6.26. This system meets GB 17859-1999's requirements by preserving subject and object labels. Kernel hooks are widely used in the system to get labels and judge if an access is legal. In a simplified environment the system is tested, test result shows that the system is able to complete file mandatory access control according to security policy.

Deqing Zou,Lei Shi,Hai Jin

DOI: https://doi.org/10.1109/ICPADS.2009.128

2009-01-01

Abstract:We design and implement a Mandatory Access Control (MAC) system in distributed virtual computing environment, named DVM-MAC, aiming to provide distributed trust through enforcing MAC policies. In DVM-MAC, Prioritized Chinese Wall (PCW) model is implemented to control potential covert channels between VMs in both single node and distributed environment. A policy enforcement module locates inside Xen VMM for better enforcing MAC locally rather than outside the VMM. DVM-MAC adopts centralized architecture for multi-level management and secure transmission of inter-node policy information. For performance consideration, a specific policy decision and enforcement module for controlling inter-node behaviors is moved out of Xen VMM and up to user space. DVM-MAC authorizes a specific center node named Central Security Server (CSS) to be responsible for the decision making between the nodes as well as leaves the inter-node policy enforcement module in each node. Through our experiments and data analysis, we verify the correctness, effectiveness, and efficiency in our prototype when implementing PCW model.

Tu Wenjie,Guan Haibing,Bai Yingcai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2006.02.047

2006-01-01

Abstract:This paper analyzes the architecture and the access control mechanism of Linux file system,and provides two feasible methods to implement ACL in kernel to enhance access control function in Linux file system,which then can provide access control based on individual user and group.A detailed implementation of one method is given.

Yanjun Wu,Wenchang Shi,Hongliang Liang,Qinghua Shang,Chunyang Yuan,Liang Bin

DOI: https://doi.org/10.1007/978-3-540-31979-5_11

2005-01-01

Abstract:It's very important for a general-purpose operating system to have a security-tunable feature to meet different security requirements. This can be achieved by supporting diverse security modules, invoking them on demand. However, the security architectures of existing projects on Linux kernels do not support this feature or have some drawbacks in their supporting. Thus we introduce a layered architecture which consists of original kernel layer, module coordination layer and module decision layer. The architecture supports multiple modules register, resolves policy-conflicts of modules by changing their invoking order, and allow user to customize the security by enabling or disabling modules during runtime. The detailed structure and implementation in Linux based system, SECIMOS is described. The caching issue and performance are also discussed. Our practice showed the architecture helps us achieve flexible adaptation in different environments.

Jinan Shen,Deqing Zou,Hai Jin,Kai Yang,Bin Yuan,Weiming Li

DOI: https://doi.org/10.1109/cc.2016.7781724

2016-01-01

China Communications

Abstract:In traditional framework, mandatory access control (MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved under the traditional framework if the operating system (OS) is comprised since malwares are running in ring0 level. In this paper, we propose a novel way to use hypervisors to protect kernel integrity and the access control system in commodity operating systems. We separate the access control system into three parts: policy management (PM), security server (SS) and policy enforcement (PE). Policy management and the security server reside in the security domain to protect them against malware and the isolation feather of the hypervisor can protect them from attacks. We add an access vector cache (AVC) between SS and PE in the guest OS, in order to speed up communication between the guest OS and the security domain. The policy enforcement module is retained in the guest OS for performance. The security of AVC and PE can be ensured by using a memory protection mechanism. The goal of protecting the OS kernel is to ensure the security of the execution path. We implement the system by a modified Xen hypervisor. The result shows that we can secure the security of the access control system in the guest OS with no overhead compared with modules in the latter. Our system offers a centralized security policy for virtual domains in virtual machine environments.

YUAN Chun-Yang,SHI Wen-Chang,LIANG Hong-Liang,WU Yan-Jun,SHANG Qing-Hua

DOI: https://doi.org/10.3969/j.issn.1002-1175.2006.02.011

2006-01-01

Abstract:In this paper,we analyze the restrictions of two main security schemes in Linux system.Then SECIMOS architecture is outlined;security policy model and security modules are introduced respectively.The way to combine these modules in LSM is described.The performance of SECIMOS and the comparison with other security projects are discussed finally.

YI Xiao-Dong,YANG Xue-Jun

DOI: https://doi.org/10.3969/j.issn.1002-137X.2006.01.043

2006-01-01

Computer Science

Abstract:The security requirements of current operating system become more and more diverse,flexible and concrete. Usually,they only specify the constraints among a little set of entities of the system,but expect to be implemented quickly and expediently.These“lightweight”security requirements can't be satisfied well in traditional security frame- work like FLASK and this is why FMAC is presented.The FMAC model is made up of two sub-models named object manager and security policy manager.FMAC also defines a security policy model based on labeled transition system (LTS)in order to standardize and facilitate the policy customization.How to implement FMAC in Unix-class operating systems is also discussed.It's simple to customize the lightweight security policies with the hierarchical structure of objects and role based structure of subjects which are two key elements of the implementation.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

DOI: https://doi.org/10.23919/tst.2017.8030534

2017-01-01

Tsinghua Science & Technology

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

莫毅君,李伟华,王高祖

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.13.045

2008-01-01

Abstract:The current research in access control area and primary access control of Linux is firstly introduced.With the comparison and examples,the existing flaws about access control are discussed.On the basis of role-based access control(RBAC) and process-based access control(PBAC) of current operating system,a new mechanism called role-process-based access control(RPBAC) is presented,which is defined formally.The security of operating system is enhanced by the help of static and dynamic method.The task of follow work is also discussed in the end.

Zhiyong Tan,Duo Liu,Xuejun Zhuo,Yiqi Dai,Laurence T. Yang

DOI: https://doi.org/10.1007/s11227-011-0732-z

IF: 3.3

2013-01-01

The Journal of Supercomputing

Abstract:This paper presents the design and implementation features of Centralized Pervasive Computing Environment/Multilevel Security (CPCE/MLS), a multilevel security (MLS) system in pervasive computing environment deployed in Local area network (LAN) with a Mandatory Access Control (MAC) mechanism. By introducing the server-storage terminals and implementing the multilevel security access control mechanism based on the Bell---LaPadula model, process creation supervision, and an auditing mechanism, the CPCE/MLS system is able to provide the security guarantee of the whole computing environment. As such, each terminal is controlled under an integrated security policy. The performance test results show that the CPCE/MLS system, without optimization, generates great overhead but achieves significantly better performance after the cache mechanism is added in the monitor agent and in the hook driver. The system with the hook driver cache mechanism is able to achieve the 95.9% throughput of the native system with 8 K and 16 K requested data blocksize.

Donghai Tian,Xiaofeng Xiong,Changzhen Hu,Peng Liu

DOI: https://doi.org/10.1007/978-3-642-21031-0_24

2011-01-01

Abstract:Due to lack of the protecting mechanism in the kernel space, the loadable kernel modules (LKM) may be exploited and thus seriously affecting the OS kernel’s security via utilizing the implicit or explicit vulnerabilities. Although lots of systems have been developed to address the above problem, there still remain some challenges. a) How to automatically generate a security policy before the kernel module is enforced? b) How to properly mediate the interactions between the kernel module and OS kernel to ensure the policy consistence without modifications (or least changes) on the existing OS, hardware, and kernel module structure? In this paper, we present LKMG, a policy-centric system which can protect commodity OS kernel from vulnerable loadable kernel modules. More powerful than previous systems, LKMG is able to generate a security policy form the kernel module, and then enforce the policy during the kernel module’s execution. Generally, the working process of LKMG can be divided into two stages. First, we utilize static analysis to extract the kernel code and data access patterns from a kernel module’s source code, and then combine these patterns with the related memory address information to generate a security policy. Second, by leveraging hardware-based virtualization technology, LKMG isolates the kernel module from the rest of the kernel, and then enforces the kernel module’s execution to obey the derived policy. The experiment show that our system can defend against various loadable kernel module exploitations effectively with moderate performance overhead.

Huang Wei

2008-01-01

Abstract:The emergence of general security hardware provides operating system and electronic equipment with a hardware-based security protection,but there were few studies about using the hardware to provide system-level security protection directly.A multi-kernel structure SmartMK was proposed to support applications of different security levels and different types;based on the trusted platform module(TPM) and the new CPU security technology,the strong separation and secure communications mechanisms between multi-kernel were realized and the security of the operating system operating environment was achieved by the hardware and software together.A mandatory access control model was offered to the SmartMK reduce the complexity of access control.Performance testing and application of SmartMK showed that it can effectively strengthen the system security while guaranteeing the system's efficiency.

徐辉,潘爱民

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.11.052

2004-01-01

Abstract:An enhanced security auditing mechanism for Linux is proposed.This mechanism is based on loadable kernel mo-(dule) and provides system level and application level auditing functions.System audit generates an audit record for every security sensitive system call.Application level audit abandons the traditional auditing fashion that auditing system completely depends on applications writing log file in user space.Instead,applications and system kernel will generate audit record coordinately.Examples are given for intrusion detection with this mechanism.