Computer Engineering and Applications ›› 2007, Vol. 43 ›› Issue (33): 127-128.
• 网络、通信与安全 • Previous Articles Next Articles
CHEN Ze-mao1,LIU Jing-chao1,ZHOU Li-bing1,SHEN Chang-xiang2
Received:
Revised:
Online:
Published:
Contact:
陈泽茂1,柳景超1,周立兵1,沈昌祥2
通讯作者:
Abstract: A malicious code defending model for open system is presented.It divides system into two security domains.One is named the Trusted Domain(TD) and the other is named the Untrusted Domain(UD).TD consists of all labeled objects and all authorized subjects.UD consists of all unlabeled objects and all unauthorized subjects.Rules are defined to regulate subject authorization,object access,and communications between subjects in order to confine low integrity level information in the UD thus to prevent malicious code from entering the TD.To improve system usability,a new security component named the Trusted Integrity Component(TIC) is introduced.The TIC is comprised of the Security Checking Component and the Integrity Upgrading Component.The former inspects security of all objects which are going to enter the TD,the latter upgrades the integrity level of those passed the security inspection and identifies them as members of the TD.
Key words: malicious code defending, integrity model, security model, secure operating system, trusted computing
摘要: 提出了一个适用于开放系统环境的恶意代码防御模型。把系统内部划分为可信域和不可信域,可信域由已标识客体和已授权主体构成,不可信域由未标识客体和未授权主体构成。为把低完整性级别的信息限制在不可信域以防范恶意代码对可信域的渗透和攻击,定义了主体授权规则、客体访问规则和主体通信规则。为使可信域可以安全地同外界进行信息交换,引入了可信完整性部件。可信完整性部件由安全性检查部件和可信度提升部件构成,其中前者对所有要进入可信域的客体进行安全性检查,后者把经检查被认为是安全的客体转移到可信域并提升其完整性级别,从而在不损害安全性的前提下提高系统的可用性。
关键词: 恶意代码防御, 完整性模型, 安全模型, 安全操作系统, 可信计算
CHEN Ze-mao1,LIU Jing-chao1,ZHOU Li-bing1,SHEN Chang-xiang2. Malicious code defending model for open system[J]. Computer Engineering and Applications, 2007, 43(33): 127-128.
陈泽茂1,柳景超1,周立兵1,沈昌祥2. 开放系统的恶意代码防御模型[J]. 计算机工程与应用, 2007, 43(33): 127-128.
0 / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://cea.ceaj.org/EN/
http://cea.ceaj.org/EN/Y2007/V43/I33/127