【摘 要】
:
In order to enforce the least privilege principle in the operating system, it is necessary for the process privilege to be effectively controlled; but this is v
【机 构】
:
Engineering Research Center for Information Security Technology
论文部分内容阅读
In order to enforce the least privilege principle in the operating system, it is necessary for the process privilege to be effectively controlled; but this is very difficult because a process always changes as time changes. In this paper, based on the analysis on how the process privilege is generated and how it works, a hierarchy implementing the least privilege principle with three layers, i.e. administration layer, functionality control layer and performance layer, is posed. It is clearly demonstrated that to bound privileges working scope is a critical part for controlling privilege, but this is only mentioned implicitly while not supported in POSIX capability mechanism. Based on analysis of existing control mechanism for privilege, not only an improved capability inheritance formula but also a new complete formal model for controlling process based on integrating RBAC, DTE, and POSIX capability mechanism is introduced. The new invariants in the model show that this novel privilege control mechanism is different from RBACs, DTEs, and POSIXs, and it generalizes subdomain control mechanism and makes this mechanism dynamic.
其他文献
Currently, most anomaly detection pattern learning algorithms require a set of purely normal data from which they train their model. If the data contain some in
The goal of this paper is to take a further step towards an ontological approach for representing requirements information. The motivation for ontologies was di
Interaction of antiworms with a worm population of e.g. hosts of worm infected and hosts of antiworm infected must be considered as a dynamic process. This stud
A new surfacing electrode is developed with cracking resistance and wearability based on high microhardness of TiC and VC, carbides of Ti and V are formed in de
Nickel-based catalyst [N,N]NiBr2, in which [N,N] stands for N-(2,6-diisopropylphenyl)pyridine-2-carboxaldimine, shows high activity for ethylene polymerization
The super high strength aluminum alloy ingots with 100 mm in diameter were cast by the process of low-frequency electromagnetic horizontal continuous casting (L
GP algorithm of correlation dimension computation is ameliorated which overcomes the shortage of traditional one. Improved process of GP algorithm takes the inf
The use of aluminum, particularly for engine blocks, has grown considerably in the past ten years, and continues to rise in the automotive industry. In order to
The half-wave potentials of disperse dyes with different structures are measured, the relationship between half-wave potentials and their discharge properties i
The spheroidiser is a necessary additive to manufacture ductile iron. Sometimes with the same hot metal,spheroidisers and treated technology, reactions differ g