| Research Abstract |
Our research examined functionalities that an operating system should have when used in an open environment. Along with that we have also developed fundamental technologies to realize the functionalities. In particular, our research focused on resource management, and attempted to solve security problems by enriching the core functionalities offered by the resource manager. We summarize the main contributions of our research as follows
(1)Secure.Software Circulation System SoftwarePot
In our research, we developed a system, SoftwarePot, that can handle security problems that arise when circulating software in an open environment such as Internet. In the SoftwarePot system, software circulates in a "SoftwarePot" (or "pot") where the "pot" holds programs and data required for the execution. When a user executes software encapsulated within the pot, it is executed securely because the Pot and the host environment are isolated from each other. Moreover, our current research improves upon the previous SoftwarePot system. In particular, we increased its performance by a kernel module. We also applied SoftwarePot to host virtual services
(2)Dynamic Security Policy
We developed a system that can change access rights that a program has during run-time dynamically. Our mechanism enables one to make security policy descriptions in a fine-grained manner in order to minimize the damage of successful attacks. For example, even if an attacker takes over the execution control of a program, our system can minimize the damage by limiting its access rights
|
