Abstract
With the rapid development of information technology, the secrutiy problems of information systems are being paid more and more attention, so the Chinese government is carrying out information security classified protection policy in the whole country. Considering computer application systems are the key componets for information system, this paper analyzes the typical security problems in computer application systems and points out that the cause for the problems is lack of safe and valid isolation protection mechanism. In order to resolve the issues, some widely used isolation models are studied in this paper, and a New Application Security Isolation model called NASI is proposed, which is based on trusted computing technology and the least privilege principle. After that, this paper introduces the design ideas of NASI, gives out formal description and safety analysis for the model, and finally describes the implementation of the prototype system based on NASI.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Lampson, B.: A Note on the Confinement Problem. Communications of the ACM 16(10), 613–615 (1973)
Campione, M., Walrath, K., Huml, A.: and the Tutorial Team: The Java Tutorial Continued: The Rest of the JDK. Addison-Wesley, Reading (1999)
Gong, L., Mueller, M., Prafullchandra, H., Schemers, R.: Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2. In: Proceeding of the USENIX Symposium on Internet Technologies and Systems, pp. 103–112 (December 1997)
Thomsen, D.: Sidewinder: Combining Type Enforcement and UNIX. In: Proceedings of the 11th Annual Computer Security Application Conference, pp. 14–20 (December 1995)
Goldberg, I., Wagner, D., Thomas, R., Brewer, E.: A Secure Environment for Untrusted Helper Applications: Confining the Wily Hacker. In: Proceedings of the 6th USENIX Security Symposium, pp. 1–13 (July 1996)
Jain, S., Shafique, F., Djeric, V., Goel, A.: Application-level Isolation and Recovery with Solitude. In: EuroSys 2008, Glasgow, Scotland, UK, April 1-4 (2008)
Goguen, J., Meseguer, J.: Inference control and unwinding. In: Proc. Of the IEEE Symposium on Research in Security and Privacy, pp. 75–86 (1984)
Rushby, J.: Noninterference, Transitivity and Channel-Control Security Policies: Technical Report CSL-92-02, Computer Science Laboratory, SRI International, Menlo Park, CA (December 1992)
U.S. Department of Defense. Trusted Computer System Evaluation Criteria. DoD 5200.28-STD (1985)
Yu, Y., Guo, F., Nanda, S., Lam, L.-c.: A Feather-weight Virtual Machine for Windows Application. In: ACM Conference on VEE 2006, Ottawa, Ontario, Canada (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Gong, L., Zhao, Y., Liao, J. (2011). Research on the Application Security Isolation Model. In: Lai, X., Gu, D., Jin, B., Wang, Y., Li, H. (eds) Forensics in Telecommunications, Information, and Multimedia. e-Forensics 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 56. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23602-0_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-23602-0_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23601-3
Online ISBN: 978-3-642-23602-0
eBook Packages: Computer ScienceComputer Science (R0)