LOG-BASED RECOVERY SCHEME FOR EXECUTING UNTRUSTED PROGRAMS
In this paper, a recovery scheme for safe execution of untrusted programs is presented.In this scheme, when the effects of untrusted program execution is undesirable, system can be easily rolled back to the initial state where the checkpoint is set before the program executed.In high level security systems, only the trustworthy programs, whose names are listed in a whitelist, are allowed to execute.However forbidding all the anonymous programs is unacceptable.In order to reduce the risk of running the uncertified program, many solutions has been proposed to solve the problem, most of which can be categorized into three kinds: detection, protection or recovery.As a recovery scheme, the system doesnt change the program and its context at runtime, and just monitors the process of its execution, records the access it made to system resources, and simultaneously backs up the modification it made to file system.When the record shows the effect of the program is unexpected, the administrator can undo what the program has modified to the file system according to the record.We have implemented a prototype system for Linux operating system using Linux Security Modules (LSM), which can be integrated into other security modules seamlessly.Key advantages of our scheme are that it requires no changes to the untrusted programs or its execution context; it doesnt do anything to hinder the execution process, and only has negligible performance overhead.
Log-based recovery Untrusted programs LSM
HUI-JUN L(U) SHU-ZHEN LENG
School of Computer, National University of Defense Technology, Changsha, 410073, China Unit 91851, PLA Navy, Huludao, 125001, China
国际会议
2007 International Conference on Machine Learning and Cybernetics(IEEE第六届机器学习与控制论国际会议)
香港
英文
2136-2139
2007-08-19(万方平台首次上网日期,不代表论文的发表时间)