|
Published Articles >> Table of Contents >> Abstract
2002 Pacific Rim International Symposium on Dependable Computing (PRDC'02)
p. 167
Enhancing Access Control with SysGuard, Reference Monitor Supporting Portable and Composable Kernel Module
Yasushi Shinjo, University of Tsukuba
Kotaro Eiraku, University of Tsukuba
Atsushi Suzuki, University of Tsukuba
Kozo Itano, University of Tsukuba
Calton Pu, Georgia Institute of Technology
Full Article Text:
  
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/PRDC.2002.1185635
Send link to a friend
| Abstract |
|
To install security modules o reference monitors into operating system kernels is a common and effective way fo enhancing access control for networks. However, security modules in conventional kernel-level reference monitors are usually not portable to other kernels and require detailed knowledge about kernel internals .Furthermore, different security modules are often not composable and conflict with each other. This paper describes a reference monitor called SysGuard that addresses these problems. SysGuard uses modules called guards that are invoked before or after the execution of system calls. Unlike kernel-specific security modules, guards are attached to standard system calls that enhance their portability.The guard scoping on a per-process basis improves composability of individual guards, and it is implemented efficiently by using per-process jump table of system calls. This paper describes the implementation of restricted execution environments for networks by composing simple and portable guards, and shows the advantages of the SysGuard security framework.
|
 Additional Information
|
Citation:
Yasushi Shinjo, Kotaro Eiraku, Atsushi Suzuki, Kozo Itano, Calton Pu,
"Enhancing Access Control with SysGuard, Reference Monitor Supporting Portable and Composable Kernel Module,"
prdc,
p. 167,
2002 Pacific Rim International Symposium on Dependable Computing (PRDC'02),
2002
|
|
