Enhancing Access Control with SysGuard, Reference Monitor Supporting Portable and Composable Kernel Module

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Yasushi Shinjo Articles by Kotaro Eiraku Articles by Atsushi Suzuki Articles by Kozo Itano Articles by Calton Pu

Ninth Pacific Rim International Symposium on Dependable Computing (PRDC'02)

Tsukuba, Japan

December 16-December 18

ISBN: 0-7695-1852-4

	ASCII Text	x
	Yasushi Shinjo, Kotaro Eiraku, Atsushi Suzuki, Kozo Itano, Calton Pu, "Enhancing Access Control with SysGuard, Reference Monitor Supporting Portable and Composable Kernel Module," Pacific Rim International Symposium on Dependable Computing, IEEE, pp. 167, Ninth Pacific Rim International Symposium on Dependable Computing (PRDC'02), 2002.

	BibTex	x
	@article{ 10.1109/PRDC.2002.1185635, author = {Yasushi Shinjo and Kotaro Eiraku and Atsushi Suzuki and Kozo Itano and Calton Pu}, title = {Enhancing Access Control with SysGuard, Reference Monitor Supporting Portable and Composable Kernel Module}, journal ={Pacific Rim International Symposium on Dependable Computing, IEEE}, volume = {0}, year = {2002}, isbn = {0-7695-1852-4}, pages = {167}, doi = {http://doi.ieeecomputersociety.org/10.1109/PRDC.2002.1185635}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Pacific Rim International Symposium on Dependable Computing, IEEE TI - Enhancing Access Control with SysGuard, Reference Monitor Supporting Portable and Composable Kernel Module SN - 0-7695-1852-4 SP EP A1 - Yasushi Shinjo, A1 - Kotaro Eiraku, A1 - Atsushi Suzuki, A1 - Kozo Itano, A1 - Calton Pu, PY - 2002 KW - null VL - 0 JA - Pacific Rim International Symposium on Dependable Computing, IEEE ER -

Yasushi Shinjo, University of Tsukuba

Kotaro Eiraku, University of Tsukuba

Atsushi Suzuki, University of Tsukuba

Kozo Itano, University of Tsukuba

Calton Pu, Georgia Institute of Technology

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/PRDC.2002.1185635

To install security modules o reference monitors into operating system kernels is a common and effective way fo enhancing access control for networks. However, security modules in conventional kernel-level reference monitors are usually not portable to other kernels and require detailed knowledge about kernel internals .Furthermore, different security modules are often not composable and conflict with each other. This paper describes a reference monitor called SysGuard that addresses these problems. SysGuard uses modules called guards that are invoked before or after the execution of system calls. Unlike kernel-specific security modules, guards are attached to standard system calls that enhance their portability.The guard scoping on a per-process basis improves composability of individual guards, and it is implemented efficiently by using per-process jump table of system calls. This paper describes the implementation of restricted execution environments for networks by composing simple and portable guards, and shows the advantages of the SysGuard security framework.

Citation:

Yasushi Shinjo, Kotaro Eiraku, Atsushi Suzuki, Kozo Itano, Calton Pu, "Enhancing Access Control with SysGuard, Reference Monitor Supporting Portable and Composable Kernel Module," prdc, pp.167, Ninth Pacific Rim International Symposium on Dependable Computing (PRDC'02), 2002

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.