Kernel-mode security enhancement technologies are widely used to improve the efficiency of data processing and the security of data and operating systems in recent years. However, the security modules have been implemented without consolidated standards, in kernel-mode which make them hard to be compared, selected and reused. In this paper, a kernel-mode security module evaluation framework (KSEF) is proposed to satisfy such requirements. The main contributions of KSEF are supporting the evaluation of kernel-mode security modules, providing a design pattern which is easy to customize and extendable for different kernel-mode security enhancement applications (KSEAs), and offering a uniform interface for the evaluation and implementation of the kernel-mode security modules. As a result, the KSEF smoothes the steps among the design, test and release of the security products, facilitates the modularized and structured design of KSEA. Finally, base on the idea of KSEF, a concrete implementation of cryptographic service modules evaluation framework in kernel-mode is described in detail.
[1]
J. Voas,et al.
The pros and cons of Unix and Windows security policies
,
2000
.
[2]
Ricardo Dahab,et al.
Composing Cryptographic Services: A Comparison of Six Cryptographic APIs
,
1999
.
[3]
Sushil Jajodia,et al.
Integrating an object-oriented data model with multilevel security
,
1990,
Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.
[4]
Peter Gutmann,et al.
The Design of a Cryptographic Security Architecture
,
1999,
USENIX Security Symposium.
[5]
Jeng-Shyang Pan,et al.
Genetic watermarking based on transform-domain techniques
,
2004,
Pattern Recognit..
[6]
NSA Cross.
Security Service API : Cryptographic API Recommendation
,
1995
.