2007 Fiscal Year Final Research Report Summary
Cooperation Scheme of Operating Systems that Merges Upper Layer Functions for Endhanced Security Infrastructure
| Project/Area Number |
17300024
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (B)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
Computer system/Network
|
|---|
| Research Institution | Institute of Information Security |
|---|
Principal Investigator |
TANAKA Hidehiko Institute of Information Security, Graduate School of Information Security, Professor (60011102)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
HIDENORI Tsuji Institute of Information Security, Graduate School of Information Security, Associate Professor (90398975)
KIM Mira Institute of Information Security, Graduate School of Information Security, Assistant Professor (60387107)
|
|---|
| Project Period (FY) |
2005 – 2007
|
| Keywords | Operating System / Distributed System / Security / Policy / Capability |
|---|
| Research Abstract |
Information systems are growing up to be a social infrastructure today, so its dependability is a very important element for our sound lives. For this reason, much research is widely done for the secure infrastructure including new technologies in intrusion detection systems, encryption algorithms, authentication schemes, information forensics and so on ; however, it is tacitly assuming that the basic layer on which these technologies work can be trusted. This basic layer is what we call operating systems and these technologies can be useless if the operating systems are vulnerable. In addition, information systems are frequently constructed as distributed systems, but security mechanisms for these systems still are designed to work as a single-host system manner and lacks a view as a multiple-host system. So, we clarified some requirements for functions in terms of operating systems as a social infrastructure that work cooperatively as a multiple-host system, and proposed a policy-based scheme for distributed access control in multiple-host systems. Our proposal has two components : one is the policy-description system that can assign sufficient authorities for each principal of least privilege, the other is the mechanism that can control any access to enforce policy-based information flow.
|
