| Project/Area Number |
13480075
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (B)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
計算機科学
|
|---|
| Research Institution | University of Tsukuba |
|---|
Principal Investigator |
KATO Kazuhiko University of Tsukuba, Institute of Information Science and Electronics, Associate Professor, 電子・情報工学系, 助教授 (90224493)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
松原 克弥 筑波大学, 電子・情報工学系, 助手 (70302396)
|
|---|
| Project Period (FY) |
2001 – 2003
|
| Project Status |
Completed (Fiscal Year 2003)
|
| Budget Amount *help |
¥14,100,000 (Direct Cost: ¥14,100,000)
Fiscal Year 2003: ¥4,600,000 (Direct Cost: ¥4,600,000)
Fiscal Year 2002: ¥4,600,000 (Direct Cost: ¥4,600,000)
Fiscal Year 2001: ¥4,900,000 (Direct Cost: ¥4,900,000)
|
|---|
| Keywords | Software Pot / Virtual File System / Security / Internet / Virtual hosting / Security Policy / オペレーティング・システム / カーネルモジュール / Linux / サンドボックス / ファイルシステム / グラフィカルユーザインターフェース / ソフトウェア流通 |
|---|
| Research Abstract |
Our research examined functionalities that an operating system should have when used in an open environment. Along with that we have also developed fundamental technologies to realize the functionalities. In particular, our research focused on resource management, and attempted to solve security problems by enriching the core functionalities offered by the resource manager. We summarize the main contributions of our research as follows
(1)Secure.Software Circulation System SoftwarePot
In our research, we developed a system, SoftwarePot, that can handle security problems that arise when circulating software in an open environment such as Internet. In the SoftwarePot system, software circulates in a "SoftwarePot" (or "pot") where the "pot" holds programs and data required for the execution. When a user executes software encapsulated within the pot, it is executed securely because the Pot and the host environment are isolated from each other. Moreover, our current research improves upon the previous SoftwarePot system. In particular, we increased its performance by a kernel module. We also applied SoftwarePot to host virtual services
(2)Dynamic Security Policy
We developed a system that can change access rights that a program has during run-time dynamically. Our mechanism enables one to make security policy descriptions in a fine-grained manner in order to minimize the damage of successful attacks. For example, even if an attacker takes over the execution control of a program, our system can minimize the damage by limiting its access rights
|
