2014 Fiscal Year Final Research Report
Resource access control system for security-enhanced OS as the next-generation platform of information systems
Project/Area Number |
24300009
|
Research Category |
Grant-in-Aid for Scientific Research (B)
|
Allocation Type | Partial Multi-year Fund |
Section | 一般 |
Research Field |
Software
|
Research Institution | Institute of Information Security |
Principal Investigator |
TANAKA Hidehiko 情報セキュリティ大学院大学, その他の研究科, 教授 (60011102)
|
Co-Investigator(Kenkyū-buntansha) |
TSUJI Hidenori 情報セキュリティ大学院大学, 情報セキュリティ研究科, 客員教授 (90398975)
HASHIMOTO Masaki 情報セキュリティ大学院大学, 情報セキュリティ研究科, 准教授 (10582158)
|
Co-Investigator(Renkei-kenkyūsha) |
TOSHIHARU Harada 株式会社NTTデータ, 技術開発本部
|
Project Period (FY) |
2012-04-01 – 2015-03-31
|
Keywords | 情報セキュリティ / アクセス制御 / オペレーティングシステム |
Outline of Final Research Achievements |
In this research, we proposed a new operating system technology to implement a defense-in-depth strategy to information systems, which is based on a strict and secure access control mechanism achieved by the cooperation between applications and its infrastructure. Specifically, the main achievements of this research are followings; i) a proposal of a mechanism that gives the minimum access rights dynamically in consideration of the execution status of applications, ii) its robust implementation, and iii) a proposal of a simple and clear policy description language and its management system to make the implementation fit for practical use. The key feature of the research is to solve the problem of general operating systems in terms of insufficiency of compartment function caused by its coarse-grained access control systems, while it can solve the problem of MAC operating systems in terms of impracticality caused by its fine-grained access control systems, at the same time.
|
Free Research Field |
情報セキュリティ
|