基于安全需求分析的内核保护方法研究

项目名称： 基于安全需求分析的内核保护方法研究

项目编号： No.61572248

项目类型： 面上项目

立项/批准年度： 2016

项目学科： 自动化技术、计算机技术

项目作者： 曾庆凯

作者单位： 南京大学

项目金额： 16万元

中文摘要： 项目研究基于安全需求分析的操作系统内核保护方法，包括内核的安全需求分析、适应性的轻量级保护等方法，以支持对内核实施精确、适度的安全保护。目前的保护方法通常按照功能组件确定保护对象，本方法通过分析内核保护需求来确定细分的保护单元，从而将粗粒度的重量级笼统保护，转化为由安全需求指导的轻量级精确保护。分析保护需求时，不仅识别内核资源内在的安全需求，而且考虑面对潜在的外来攻击时内核单元的作用，识别出对内核发动攻击时的关键路径，以便实施准确适当的保护措施。全面的安全需求分析，可使得对内核实施的保护策略具有针对性、准确性和适应性。研究将在操作系统安全增强和安全操作系统的设计开发等方面发挥积极的促进作用，并为操作系统的安全模型与保护策略等研究提供参考。

中文关键词： 内核保护；安全敏感性分析；轻量级保护；；

英文摘要： To address the issue of protecting OS kernels, we will research the approach to protecting kernels, including kernel security requirements analysis and adaptive and lightweight protection, to support precise, moderate protection for kernels. Different from existing methods of protecting kernels, which take functional components as the coarser-grained protective objects, the methods presented in this project chose finer-grainedprotective objects by analyzing security requirement of kernels. In this way,lightweight precise protection methods, instead of heavyweight approximate protection methods, can be achieved to meet security requirements.In analyzing security requirement of kernels, not only inherent security requirements, but also effectson outside attack are considered. The critical paths for attacking kernel identifiedin this process are beneficial to protect kernel with a proper policy.Thorough investigating on security requirements of kernels makes protecting plans of kernel moreappropriate, precise and adaptive. This approach could be applied not only in enhancing security of OS kernels and designing a secure OS, but also in studying security models and protection strategies.

英文关键词： Kernel protection；sensitivity analysis of security；lightweight protection；；