论文信息 - A Security Enhancement Architecture for COTS Operating System

A Security Enhancement Architecture for COTS Operating System

Most commercial off-the-shelf(COTS) personal computer operating systems can't provide information protection strong enough. Since these systems together with various applications running on them are so widely adopted, they won't be replaced in near future. A practical solution for their vulnerabilities is to harden them. In this paper, a security enhancement architecture for COTS operating system is proposed. It consists of five key components: information flow hook(IFH), information flow parser(IFP), policy decision engine(PDE), application supporting layer(ASL), and policy enforcement component. IFH and IFP work together to make the rest part of the architecture be operating system independent. By this way, the architecture is made a general framework for COTS operating system security enhancement. PDE is an abstract layer of different policies, it makes the architecture be able to support multiple security policies. ASL is introduced for compatibility purposes, it mediates conflictions between enforced security policies and existing applications. In practice, the architecture can be implemented using Interposition technology thus requires neither source code nor binary level modification of the preexisting system.

[1] Zhen Ji,et al. Problems with a Probabilistic Encryption Scheme Based on Chaotic Systems , 2003, Int. J. Bifurc. Chaos.

[2] Timothy Fraser,et al. LOMAC: Low Water-Mark integrity protection for COTS environments , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[3] Matthew Scott Rimer. The secure file system under Windows NT , 1999 .

[4] Stephen Smalley,et al. Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[5] Steven B. Lipner,et al. Trusted Computer System Evaluation Criteria ( Orange Book ) December , 2001 .

[6] L. Kocarev. Chaos-based cryptography: a brief overview , 2001 .

[7] Kazuyuki Aihara,et al. Dynamical Characteristics of Discretized Chaotic Permutations , 2002, Int. J. Bifurc. Chaos.

[8] L. Kocarev,et al. Pseudorandom bits generated by chaotic maps , 2003 .

[9] Slawomir T. Fryska,et al. Computer dynamics and shadowing of chaotic orbits , 1992 .

[10] T. Mitchem,et al. Using kernel hypervisors to secure applications , 1997, Proceedings 13th Annual Computer Security Applications Conference.