Sandbox System Based on Role and Virtualization

被引:1
作者
Li, Zhen [1 ]
Tian, Jun-Feng [1 ]
Wang, Feng-Xian [1 ]
机构
[1] Hebei Univ, Coll Math & Comp, Baoding, Peoples R China
来源
IEEC 2009: FIRST INTERNATIONAL SYMPOSIUM ON INFORMATION ENGINEERING AND ELECTRONIC COMMERCE, PROCEEDINGS | 2009年
关键词
intrusion detection; sandbox; role; virtualization;
D O I
10.1109/IEEC.2009.77
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We present a sandbox system based on role and virtualization applied to intrusion detection, which overcomes some drawbacks of traditional sandbox system: heavy workload of administrating user's access control information, imprecision of access control, security hidden and inconvenient trace record of intrusion in the event of denial of system call, low performance after being incorporated to the original system, etc. We define meta-permission and present role sandbox and virtualization sandbox based on introducing role. This ensures the strong function of intrusion detection based on host. The tests show that the sandbox system can protect system security effectively without imposing heavy performance impact upon operating system.
引用
收藏
页码:342 / 346
页数:5
相关论文
共 11 条
[1]  
Acharya A, 2000, USENIX ASSOCIATION PROCEEDINGS OF THE NINTH USENIX SECURITY SYMPOSIUM, P1
[2]  
Garfinkel T., 2003, P ISOC S NETW DISTR
[3]  
Garfinkel T., 2004, P 11 ANN S NETW DIST
[4]  
GOLDBERG I, 1996, P 1996 USENIX SEC S
[5]   Data sandboxing: A technique for enforcing confidentiality policies [J].
Khatiwala, Tejas ;
Swaminathan, Raj ;
Venkatakrishnan, V. N. .
22ND ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2006, :223-+
[6]  
Kurchuk A, 2004, INT FED INFO PROC, V147, P473
[7]  
Miwa S., 2007, PROCEEDING 2007 USEN
[8]  
Oyama Y., 2005, P 19 IEEE INT PAR DI
[9]  
Provos N, 2003, USENIX ASSOCIATION PROCEEDINGS OF THE 12TH USENIX SECURITY SYMPOSIUM, P257
[10]  
SHIOYA T, 2007, SANDBOX DYNAMIC POLI, P297
12