论文信息 - Research on the Application Security Isolation Model

Research on the Application Security Isolation Model

With the rapid development of information technology, the secrutiy problems of information systems are being paid more and more attention, so the Chinese government is carrying out information security classified protection policy in the whole country. Considering computer application systems are the key componets for information system, this paper analyzes the typical security problems in computer application systems and points out that the cause for the problems is lack of safe and valid isolation protection mechanism. In order to resolve the issues, some widely used isolation models are studied in this paper, and a New Application Security Isolation model called NASI is proposed, which is based on trusted computing technology and the least privilege principle. After that, this paper introduces the design ideas of NASI, gives out formal description and safety analysis for the model, and finally describes the implementation of the prototype system based on NASI.

Yong Zhao | Lei Gong | Jianhua Liao

[1] John M. Boone,et al. INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[2] John Rushby,et al. Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .

[3] Mary Campione,et al. The Java Tutorial Continued: The Rest of the JDK , 1998 .

[4] Butler W. Lampson,et al. A note on the confinement problem , 1973, CACM.

[5] Ian Goldberg,et al. A Secure Environment for Untrusted Helper Applications ( Confining the Wily Hacker ) , 1996 .

[6] José Meseguer,et al. Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[7] Yang Yu,et al. A feather-weight virtual machine for windows applications , 2006, VEE '06.

[8] Ashvin Goel,et al. Application-level isolation and recovery with solitude , 2008, Eurosys '08.

[9] Hemma Prafullchandra,et al. Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2 , 1997, USENIX Symposium on Internet Technologies and Systems.