| A Feather-Weight Application Isolation Model | |
| Liao, Jianhua ; Zhao, Yong ; Shen, Changxiang | |
| 2010 | |
| 关键词 | Security model Application isolation Access control Process constraint |
| 英文摘要 | In this paper, we introduce a new application isolation model which bases on Least-Privilege principle and Need-to-Know principle. Since this model is easy to implement, we call it the Feather-weight Application Isolation (FAI) model. This model is used to achieve the Process Permission Constraint (PPC) and classified Object Access Control (OAC). The model allows us to make application isolation depending on PPC policies and OAC policies. Compared with the existing complex isolation models such as sandboxes and virtual machines, the FAI model is simpler, and therefore it does not only meet the necessary security requirements but also increases the usability. To isolate applications and prevent classified objects of the applications from being illegally tampered, the FM model extends the traditional two-dimensional access control matrix to a three-dimensional access control matrix, which includes subjects, objects and processes. In order to support multi-level security and Mandatory Access Control (MAC), the concept of processes sensitivity level ranges is considered in the model. In this article, we first give an informal description of the model, and then introduce the formalized description and safety analysis. Finally we explain the feasibility of the model by showing the result of the engineering implementation.; Computer Science, Hardware & Architecture; Computer Science, Theory & Methods; CPCI-S(ISTP); 0 |
| 语种 | 英语 |
| 内容类型 | 其他 |
| 源URL | [http://ir.pku.edu.cn/handle/20.500.11897/293062]  |
| 专题 | 信息科学技术学院 |
| 推荐引用方式 GB/T 7714 | Liao, Jianhua,Zhao, Yong,Shen, Changxiang. A Feather-Weight Application Isolation Model. 2010-01-01. |
| 个性服务 |
| 查看访问统计 |
| 相关权益政策 |
| 暂无数据 |
| 收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论