计算机应用 ›› 2005, Vol. 25 ›› Issue (06): 1286-1289.DOI: 10.3724/SP.J.1087.2005.1289

• 信息安全 • 上一篇    下一篇

一个分层隔离的操作系统内核

谢钧1,2,张韬1,张士庚1,黄皓1   

  1. 1.南京大学计算机软件新技术国家重点实验室; 2.解放军理工大学指挥自动化学院
  • 出版日期:2005-06-01 发布日期:2011-04-06
  • 基金资助:

    国家自然科学基金资助项目(60473093);;江苏省自然科学基金资助项目(BK2002073)

Layered and separated operating system kernel

XIE Jun1,2, ZHANG Tao1, ZHANG Shi-geng1, HUANG Hao1   

  1. 1. State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing Jiangsu 210093, China; 2. Institute of Command Automation, PLA University of Science and Technology, Nanjing Jiangsu 210007, China
  • Online:2005-06-01 Published:2011-04-06

PDF

摘要: 传统单块结构操作系统的所有内核代码在一个公共的、共享的地址空间运行,因此内核中任何一个漏洞或在内核中加载任何不可靠模块都会威胁到整个系统的安全。研究并实现了一个分层隔离的操作系统安全内核,将内核特权分割隔离,阻止内核安全漏洞的扩散,防止恶意内核模块代码对内核代码数据的随意篡改。原型操作系统完全自主开发,支持i386体系结构。

关键词: 操作系统安全, 内核结构, 隔离保护机制, 计算机安全

Abstract:  In traditional monolithic kernel operating systems, all kernel codes run within a common and shared address space, and any vulnerabilities in kernel or any untrusted modules loaded in kernel would compromise the whole system security. The development of a layered and separated secure kernel was described in this paper. Since the powers of kernel are partitioned, the vulnerabilities of kernel are confined, and arbitrarily tampering of kernel by malice codes was prevented. The prototype system is entirely developed from beginning for the i386 architecture.

Key words: operating system security, kernel structure, separation mechanism, computer security

中图分类号: 

版权所有 © 2021 四川计算机应用杂志社有限公司
蜀ICP备 05010208 号-3 新出网证(川)字026号
技术支持:北京玛格泰克科技发展有限公司
访问总数:
今日访问: