Proceedings of the seventeenth ACM symposium on Operating systems principles
Efficient Kernel Support of Fine-Grained Protection Domains for Mobile Code
ICDCS '99 Proceedings of the 19th IEEE International Conference on Distributed Computing Systems
| Hi-index | 0.00 |
Abstract: Internet servers are always in danger of being "hijacked" by various attacks like the buffer overflow attack. We propose the process cleaning technique for making an access control mechanism secure against hijacking. To minimize damages in cases where the full control of the servers is stolen, access restrictions must be imposed on the servers. However, designing a secure access control mechanism is not easy because that mechanism itself can be a security hole. Process cleaning prevents malicious code injected by a cracker from illegally removing access restrictions from a hijacked server. In this paper, we describe the access control mechanism of our Compacto operating system using process cleaning. According to the results of our experiments, process cleaning can be implemented with acceptable performance overheads.