2006 Fiscal Year Final Research Report Summary
On a secure software execution environment
| Project/Area Number |
16300003
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (B)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
Software
|
|---|
| Research Institution | University of Tsukuba |
|---|
Principal Investigator |
KATO Kazuhiko University of Tsukuba, Graduate School of System and Information Engineering, Professor, 大学院システム情報工学研究科, 教授 (90224493)
|
|---|
| Project Period (FY) |
2004 – 2006
|
| Keywords | Computer Security / System Software / Reference Monitor / Sandbox / Intrusion Detection System / Virtual Private Server |
|---|
| Research Abstract |
As open network environments become popular, the number of security incidents through attacks on vulnerabilities in software, which are often exploited through e-mail attachments with carefully-crafted communication messages and data files, is increasing. Many researchers and research institutes have been making efforts to prevent such security incidents. The objective of this research is to advance security enhancement techniques when using software with possible vulnerabilities by improving and combining existing approaches. In this research, we particularly focus on security systems that are utilized during runtime of software, including intrusion detection systems and sandboxing systems.
With regards to intrusion detection systems, we proposed and developed a novel scheme to build a behavioral model of software. Our proposed model has both characteristics of a vector-based model and a network-based model. Regarding sandboxing systems, we developed a scheme to introduce access contro
… More
l functionalities into the sandboxing environment and also developed a virtual private server system based on our sandboxing technique.
As well as advancing individual security systems, we also made efforts to realize a framework that enables the combination of multiple security systems. Runtime security systems, including intrusion detection systems and sandboxing systems, use a functional capability called 'reference monitor,' which is provided by popular operating systems. Reference monitors enable a program to control execution states of another program, as well as to give access to memory space allocated to the monitored program. However, such functional capabilities in existing operating systems do not allow multiple programs to monitor a single process at one time. This prevents one to combine multiple security systems simultaneously, for example, both intrusion detection systems and sandboxing systems. Therefore, in this research, we proposed and developed a scheme to enable such combinations through virtualizing the reference monitor interface. This virtualization is realized by re-forwarding signal messages from operating system to monitoring programs. Less
|
Research Products
(26 results)
