Zhiyong Shan

Zhiyong Shan

Today, security threats to operating systems largely come from network. Traditional discretionary access control mechanism alone can hardly defeat them. Although traditional mandatory access control models can effectively protect the security of OS, they have problems of being incompatible with application software and complex in administration. In this paper, we propose a new model, Suspicious-Taint-Based Access Control (STBAC) model, for defeating network attacks while being compatible, simple and maintaining good system performance. STBAC regards the processes using Non-Trustable-Communications as the starting points of suspicious taint, traces the activities of the suspiciously tainted processes by taint rules, and forbids the suspiciously tainted processes to illegally access vital resources by protection rules. Even in the cases when some privileged processes are subverted, STBAC can still protect vital resources from being compromised by the intruder. We implemented the model in the Linux kernel and evaluated it through experiments. The evaluation showed that STBAC could protect vital resources effectively without significant impact on compatibility and performance.

Zhiyong Shan, Bin Liao

In recent years, the emerged network worms and attacks have distributive characteristic, which can spread globally in a very short time. Security management crossing network to co-defense network-wide attacks and improve efficiency of security administration is urgently needed. This paper proposes a hierarchical distributed network security management system (HD-NSMS), which can centrally manage security across networks. First describes the system in macrostructure and microstructure; then discusses three key problems when building HD-NSMS: device model, alert mechanism and emergency response mechanism; at last, describes the implementation of HD-NSMS. The paper is valuable for implementing NSMS in that it derives from a practical network security management system (NSMS).