Journal of Information Security Reserach ›› 2022, Vol. 8 ›› Issue (11): 1111-.
Previous Articles Next Articles
Online:
2022-11-06
Published:
2022-11-03
王鹏;秦莹;高珑;李志鹏;宋连涛;丁滟;
通讯作者:
王鹏
硕士.主要研究方向为系统安全.
wangpeng.wp@nudt.edu.cn
作者简介:
王鹏
硕士.主要研究方向为系统安全.
wangpeng.wp@nudt.edu.cn
秦莹
博士,副研究员.主要研究方向为系统安全.
yingqin@nudt.edu.cn
高珑
博士,副研究员.主要研究方向为操作系统.
gaolong@yhkylin.cn
李志鹏
硕士.主要研究方向为操作系统和可信计算环境.
luxiaofenglzp@163.com
宋连涛
硕士.主要研究方向为系统安全、云计算.
songliantao@nudt.edu.cn
丁滟
博士,副研究员.主要研究方向为操作系统、系统安全、可信云计算和区块链.
yanding@nudt.edu.cn
参考文献 [1]吴振豪, 高健博, 李青山, 等. 数据安全治理中的安全技术研究[J]. 信息安全研究, 2021, 7(10): 907914[2]US Department of Defense. Department of Defense Trusted Computer System Evaluation Criteria[EBOL]. 1986 [20211115]. https:doi.org10.10079781349120208[3]Clark D D. Computers at Risk: Safe Computing in the Information Age[M]. Washington: National Academy Press, 1991: 1819[4]Bishop M. Computer security: Art and science[J]. Leonardo, 2015, 17(2): 8186[5]郭玮. 基于Linux安全增强操作系统的访问控制机制的研究[D]. 南京: 南京大学, 2004[6]McLean J. A comment on the ‘basic security theorem’of Bell and LaPadula[J]. Information Processing Letters, 1985, 20(2): 6770[7]Nelson L, Bornholt J, Krishnamurthy A, et al. Noninterference specifications for secure systems[J].ACM SIGOPS Operating Systems Review, 2020, 54(1): 3139[8]Flink C W, Weiss J D. System VMLS labeling and mandatory policy alternatives[J]. AT and T Technical Journal, 1988, 67(3): 5364[9]Goguen J A, Meseguer J. Security policies and security models[C] Proc of 1982 IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 1982: 1111[10]Biba K J. Integrity considerations for secure computer systems[R]. Bedford, Mass: USAF Electronic Systems Division, 1977[11]Clark D D, Wilson D R. A comparison of commercial and military computer security policies[C] Proc of 1987 IEEE Symp on Security and Privacy. Los Alamitos, CA: IEEE Computer Society, 1987: 184184[12]Brewer D F C, Nash M J. The chinese wall security policy[C] Proc of IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 1989: 206214[13]Sandhu R S, Coyne E J, Feinstein H L, et al. Rolebased access control models[J]. Computer, 1996, 29(2): 3847[14]Badger L, Sterne D E, Sherman D L, et al. A domain and type enforcement Unix prototype[J]. Computing Systems, 1996, 9(1): 4783[15]Yuan E, Tong J. Attributed based access control (ABAC) for Web services[C] Proc of IEEE Int Conf on Web Services (ICWS’05). Piscataway, NJ: IEEE, 2005: 561569[16]Riley S. Mandatory integrity control in Windows Vista[EBOL]. [20211125]. http:blogs.technet.combsterileyarchive2006 0721442870.aspx[17]Ray E, Schultz E E. An early look at Windows Vista security[J]. Computer Fraud & Security, 2007, 2007(1): 47[18]Microsoft. Understanding enhanced protected mode[EBOL]. [20211123]. https:docs.microsoft.comenusarchiveblogsieinternalsunderstandingenhancedprotectedmode[19]卿斯汉, 程伟, 杜超. Windows操作系统的安全风险可控性分析[J]. 信息网络安全, 2015 (4): 512[20]Wright C, Cowan C, Morris J, et al. Linux security module framework[C] Proc of Ottawa Linux Symp. 2002: 604617[21]Wright C, Cowan C, Smalley S, et al. Linux security modules: General security support for the Linux kernel[C] Proc of the 11th USENIX Security Symp. San Francisco, California, USA: USENIX Association, 2002[22]Loscocco P, Smalley S. Integrating flexible support for security policies into the Linux operating system[C] Proc of the FREENIX Track: 2001 USENIX Annual Technical Conf. Boston, Massachusetts, USA, 2001[23]Schaufler C. The simplified mandatory access control kernel[J]. White Paper, 2008: 111[24]Harada T, Handa T. TOMOYO Linux: A lightweight and manageable security system for PC and embedded Linux[C] Proc of Ottawa Linux Symp. 2007: 2730[25]Bauer M. Paranoid penguin: An introduction to Novell AppArmor[J]. Linux Journal, 2006, 2006(148): 1313[26]Ecarot T, Dussault S, Souid A, et al. AppArmor for health data access control: Assessing risks and benefits[C] Proc of the 7th Int Conf on Internet of Things: Systems, Management and Security (IOTSMS). Piscataway, NJ: IEEE, 2020: 17[27]Yama[ROL]. [20211224]. https:www.kernel.orgdocDocumentationsecurity Yama.txt, 2017[28]Spengler B. The case for grsecurity[ROL]. [20211224]. https:grsecurity.netpapers[29]卿斯汉. Android安全的研究现状与展望[J]. 电信科学, 2016, 32(10): 26, 1214[30]许艳萍, 马兆丰, 王中华, 等. Android智能终端安全综述[J]. 通信学报, 2016,37(6): 169184[31]张玉清, 王凯, 杨欢, 等. Android安全综述[J]. 计算机研究与发展, 2014, 51(7): 13851396[32]Android. Permissions on Android[EBOL]. [20211221]. https:developer.android.google.cnguidetopicspermissions overview[33]李大明. 一种操作系统增强访问控制实现技术研究[D]. 北京: 中国舰船研究院, 2012[34]卿斯汉. Android安全研究进展[J]. 软件学报, 2016, 27(1): 4571[35]Android. Application sandbox[EBOL]. [20211210].https:source.android.google.cnsecurityappsandbox[36]Smalley S, Craig R. Security enhanced (SE) Android: Bringing flexible MAC to Android[C] Proc of the 20th Annual Network and Distributed System Security Symp. 2013[37]Android. SecurityEnhanced Linux in Android[EBOL]. [20211210]. https:source.android.google.cnsecurityselinux[38]SELinux Project Wiki. Security enhancements (SE) for Android[EBOL]. [20211212]. http:selinuxproject.orgpageSEAndroid[39]Nauman M, Khan S, Zhang X. Apex: Extending Android permission model and enforcement with userdefined runtime constraints[C] Proc of the 5th ACM Symp on Information, Computer and Communications Security. New York: ACM, 2010: 328332[40]Ongtang M, McLaughlin S, Enck W, et al. Semantically rich applicationcentric security in Android[J].Security and Communication Networks, 2012, 5(6): 658673[41]Bugiel S, Davi L, Dmitrienko A, et al. XManDroid: A new Android evolution to mitigate privilege escalation attacks, TR201104[R]. Darmstadt: Technische Universitt Darmstadt, 2011[42]Bugiel S, Davi L, Dmitrienko A, et al. Practical and lightweight domain isolation on Android[C] Proc of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. New York: ACM, 2011: 5162[43]Qiu Jun, Yang Xuewu, Wu Huamao, et al. LibCapsule: Complete confinement of thirdparty libraries in Android applications[JOL]. [20211120]. https:ieeexplore.ieee.orgdocument9416775[44]Han Weili, Cao Chang, Zhou Zhe, et al. A smart framework for finegrained microphone acoustic permission management[J]. IEEE Trans on Dependable and Secure Computing, 2021, 18(6): 27052718[45]Qi Wen, Ding Wanfu, Wang Xinyu, et al. Construction and mitigation of userbehaviorbased covert channels on smartphones[J]. IEEE Trans on Mobile Computing, 2018, 17(1): 4457[46]Frank M, Dong B, Felt A P, et al. Mining Permission request patterns from Android and facebook applications (extended author version)[C] Proc of the 12th IEEE Int Conf on Data Mining. Piscataway, NJ: IEEE, 2020: 870875[47]Bugiel S, Heuser S, Sadeghi A R. Flexible and finegrained mandatory access control on Android for diverse security and privacy policies[C] Proc of the 22nd Usenix Security Symp. Berkeley, CA: USENIX Association, 2013: 131146[48]Na J S, Kim Y, Choi Y J, et al. Mandatory access control for Android application[C] Proc of the 2014 Int Conf on Information and Communication Technology Convergence (ICTC). Piscataway, NJ: IEEE, 2014: 299300[49]Enck W, Gilbert P, Han S, et al. TaintDroid: An informationflow tracking system for realtime privacy monitoring on smartphones(Article)[J].ACM Trans on Computer Systems, 2014, 32(2): 5(129)[50]Crispo B, Nguyen V, Conti M. CRePE: Contextrelated policy enforcement for Android[J]. Lecture Notes in Computer Science, 2010, 6531: 331345[51]Harmony O S. Harmony OS系统概述[EBOL]. [20211221]. https:device.harmonyos.comcndocsdocumentationguide[52]王斯梁, 冯暄, 蔡友保, 等. 零信任安全模型解析及应用研究[J].信息安全研究, 2020, 6(11): 966971[53]涂增英. 零信任架构中的统一权限管理方案[J]. 信息安全研究, 2021, 7(11): 10471051[54]申永波. 安全操作系统安全策略与可信应用环境构建研究[D]. 北京: 北京工业大学, 2010 |
[1] | . [J]. Journal of Information Security Reserach, 2022, 8(8): 736-. |
[2] | . [J]. Journal of Information Security Reserach, 2022, 8(8): 768-. |
[3] | . Endogenous Safety Protection and Attack Monitoring of Electric Power Industrial Control System Solution [J]. Journal of Information Security Reserach, 2021, 7(E1): 93-. |
[4] | . Research on Technologies of Windows Malware Detecting Based on Abnormal Behavior in KVM Environment [J]. Journal of Information Security Research, 2020, 6(6): 0-0. |
[5] | . Analysis on the Current Situation of Domestic Operating System Ecosystem Construction [J]. Journal of Information Security Research, 2020, 6(10): 0-0. |
[6] | . Survey on Mobile Web Operating System Security [J]. Journal of Information Security Research, 2018, 4(8): 689-697. |
[7] | . Research on Mobile Data Management in an Open and Integrated Environment [J]. Journal of Information Security Research, 2018, 4(8): 704-710. |
[8] | . Linux Kernel mmap Protection Mechanism Research [J]. Journal of Information Security Research, 2018, 4(12): 1135-1141. |
[9] | . An Overview of Trusted Computing Applicaiton in Operating System [J]. Journal of Information Security Research, 2018, 4(1): 45-52. |
[10] | . Application Technology of Electronic Authentication Based on USBKey in Domestic Operating System [J]. Journal of Information Security Research, 2016, 2(6): 523-526. |
[11] | . Evidence Extraction of USB Storage Device Accessing Traces under the Windows 7 System [J]. Journal of Information Security Research, 2016, 2(4): 333-338. |
[12] | . Research and Vulnerability Prevention of Information Gathering in Penetration Test [J]. Journal of Information Security Research, 2016, 2(3): 211-219. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||