Protecting Mobile Codes Using the Decentralized Label Model
For protection of the confidentiality and integrity of the mobile codes, this paper proposes a new decentralized label model and a implementation of this model in Linux system, MCGuard. Using MCGuard, the owners can flexibly define their security policies to control the dissemination of their mobile codes just by labelling them. By intercepting system calls, MCGuard inserts an interposition layer between the processes and system calls to control the data flows of mobile codes and guarantee them not to be transmitted to insecure channels and manipulated by malicious principals. In MCGuard, the labelling and control of the mobile codes and their transmitting channels is performed at the level of standard operating system abstractions, and the labels can migrate between hosts. This makes the MCGuard applicable in mobile code systems composed of the stock Linux OS and existing mobile codes.
YE Jian-Wei FANG Bin-Xing SHI Jin-Qiao Wu Zhi-Gang
School of Computer Science and Technology,Harbin Institute of Technology No.92,West Da-Zhi Street,Ha Institute of Computing Technology of the Chinese Academy of Sciences No.6 Kexueyuan South Road Zhong
国际会议
The Ninth International Conference on Web-Age Information Management(第九届web时代信息管理国际会议)(WAIM 2008)
张家界
英文
2008-07-20(万方平台首次上网日期,不代表论文的发表时间)