| Project/Area Number |
17300024
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (B)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
Computer system/Network
|
|---|
| Research Institution | Institute of Information Security |
|---|
Principal Investigator |
TANAKA Hidehiko Institute of Information Security, Graduate School of Information Security, Professor (60011102)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
HIDENORI Tsuji Institute of Information Security, Graduate School of Information Security, Associate Professor (90398975)
KIM Mira Institute of Information Security, Graduate School of Information Security, Assistant Professor (60387107)
|
|---|
| Project Period (FY) |
2005 – 2007
|
| Project Status |
Completed (Fiscal Year 2007)
|
| Budget Amount *help |
¥9,380,000 (Direct Cost: ¥8,600,000、Indirect Cost: ¥780,000)
Fiscal Year 2007: ¥3,380,000 (Direct Cost: ¥2,600,000、Indirect Cost: ¥780,000)
Fiscal Year 2006: ¥2,900,000 (Direct Cost: ¥2,900,000)
Fiscal Year 2005: ¥3,100,000 (Direct Cost: ¥3,100,000)
|
|---|
| Keywords | Operating System / Distributed System / Security / Policy / Capability / OSセキュリティ / 分散ケイパビリティ |
|---|
| Research Abstract |
Information systems are growing up to be a social infrastructure today, so its dependability is a very important element for our sound lives. For this reason, much research is widely done for the secure infrastructure including new technologies in intrusion detection systems, encryption algorithms, authentication schemes, information forensics and so on ; however, it is tacitly assuming that the basic layer on which these technologies work can be trusted. This basic layer is what we call operating systems and these technologies can be useless if the operating systems are vulnerable. In addition, information systems are frequently constructed as distributed systems, but security mechanisms for these systems still are designed to work as a single-host system manner and lacks a view as a multiple-host system. So, we clarified some requirements for functions in terms of operating systems as a social infrastructure that work cooperatively as a multiple-host system, and proposed a policy-based scheme for distributed access control in multiple-host systems. Our proposal has two components : one is the policy-description system that can assign sufficient authorities for each principal of least privilege, the other is the mechanism that can control any access to enforce policy-based information flow.
|
