- 1、本文档共81页,可阅读全部内容。
- 2、原创力文档(book118)网站文档一经付费(服务费),不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
- 3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考,付费前请自行鉴别。如您付费,意味着您自己接受本站规则且自行承担风险,本站不退款、不进行额外附加服务;查看《如何避免下载的几个坑》。如果您已付费下载过本站文档,您可以点击 这里二次下载。
- 4、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“版权申诉”(推荐),也可以打举报电话:400-050-0827(电话支持时间:9:00-18:30)。
查看更多
Explicit Information Flow in the HiStar OS在操作系明确的信息流3.
Explicit Information Flowin the HiStar OS Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, David Mazieres Too much trusted software Untrustworthy code a huge problem Users willingly run malicious software Malware, spyware, ... Even legitimate software is often vulnerable Symantec remote vulnerability No sign that this problem is going away Can an OS make untrustworthy code secure? Example: Virus Scanner Goal: private files cannot go onto the network Information Flow Control Goal: private files cannot go onto the network Buggy scanner leaks private data Must restrict sockets to protect private data Buggy scanner leaks private data Must restrict scanner’s ability to use IPC Buggy scanner leaks private data Must run scanner in chroot jail Buggy scanner leaks private data Must run scanner with different UID Buggy scanner leaks private data Must restrict access to /proc, ... Buggy scanner leaks private data Must restrict FSes that virus scanner can write Buggy scanner leaks private data List goes on – is there any hope? Whats going on? Kernel not designed to enforce these policies Retrofitting difficult Need to track potentially any memory observed or modified by a system call! Hard to even enumerate HiStar Solution Make all state explicit, track all communication HiStar: Contributions Narrow kernel interface, few comm. channels Minimal mechanism: enough for a Unix library Strong control over information flow Unix support implemented as user-level library Unix communication channels are made explicit, in terms of HiStars mechanisms Provides control over the gamut of Unix channels HiStar kernel objects HiStar kernel objects HiStar: Unix process Unix File Descriptors Unix File Descriptors Tainted process only talks to other tainted procs Unix File Descriptors Lots of shared state in kernel, easy to miss HiStar File Descriptors HiStar File Descriptors All shared state is now explicitly labeled Just need segment read/write checks Taint Tracking Stra
您可能关注的文档
- Definition Western Cape Governmen西开普政府的定义.ppt
- Definitions of vriables People Server at UNCW变量在uncw人服务器定义.doc
- Definition of the Derivative LeTourneau University拉托纽大学的数的定义.ppt
- Definition Poetry Valdosta tate University定义诗歌瓦尔多斯塔州立大学.ppt
- Defintion of Gabriele & Company, A Professional Recruiting 定义加布里埃&;公司,一家专业招聘.doc
- Definition Scial Modernity University of Aberdeen定义社会现代性阿伯丁大学.ppt
- Defintion The RP Group定义了RP组.ppt
- Definition of Health Translations y native speakers以英语为母语的人对健康的定义翻译.ppt
- Dengue Shock Syndrome Announcements Hubert Yeargan 登革休克综合征休伯特耶根公告.ppt
- Demonstrae Basic Presentation Concepts Surry County Schools演示演示萨里县学校基本概念.ppt
- 中国国家标准 GB/T 18233.4-2024信息技术 用户建筑群通用布缆 第4部分:住宅.pdf
- GB/T 18233.4-2024信息技术 用户建筑群通用布缆 第4部分:住宅.pdf
- GB/T 18978.210-2024人-系统交互工效学 第210部分:以人为中心的交互系统设计.pdf
- 《GB/T 18978.210-2024人-系统交互工效学 第210部分:以人为中心的交互系统设计》.pdf
- 中国国家标准 GB/T 18978.210-2024人-系统交互工效学 第210部分:以人为中心的交互系统设计.pdf
- GB/T 16649.2-2024识别卡 集成电路卡 第2部分:带触点的卡 触点的尺寸和位置.pdf
- 《GB/T 16649.2-2024识别卡 集成电路卡 第2部分:带触点的卡 触点的尺寸和位置》.pdf
- 中国国家标准 GB/T 16649.2-2024识别卡 集成电路卡 第2部分:带触点的卡 触点的尺寸和位置.pdf
- GB/T 17889.4-2024梯子 第4部分:铰链梯.pdf
- 《GB/T 17889.4-2024梯子 第4部分:铰链梯》.pdf
文档评论(0)