학술논문
A secure access control mechanism against Internet crackers
Document Type
Conference
Author
Source
Proceedings 21st International Conference on Distributed Computing Systems Distributed computing systems Distributed Computing Systems, 2001. 21st International Conference on.. :743-746 2001
Subject
Language
Abstract
Internet servers are always in danger of being "highjacked" by various attacks, like the buffer overflow attack. We propose a process cleaning technique for making an access control mechanism secure against hijacking. To minimize damage in cases where the full control of the servers is stolen, access restrictions must be imposed on the servers. However, designing a secure access control mechanism is not easy, because that mechanism itself can be a security hole. Process cleaning prevents malicious code injected by a cracker from illegally removing access restrictions from a hijacked server. In this paper, we describe the access control mechanism of our Compacto operating system using process cleaning. According to the results of our experiments, process cleaning can be implemented with acceptable performance overheads.