| 基于LSM的沙箱模块设计与实现 |
| |
| 引用本文: | 程香鹏,陈莉君.基于LSM的沙箱模块设计与实现[J].计算机与数字工程,2014(8):1521-1525. |
| |
| 作者姓名: | 程香鹏 陈莉君 |
| |
| 作者单位: | 西安邮电大学计算机学院,西安710000 |
| |
| 摘 要: | 沙箱(Sandbox)技术是一种安全保护机制,其目的是通过对程序运行环境的限制来保护系统的安全性.LSM是Linux内核提供的一种轻量级访问控制框架.文中分析了Linux系统中实现沙箱模块的常用技术的不足(实现复杂且资源消耗大),提出一种基于LSM在Linux内核中实现沙箱模块的方法.基于LSM实现沙箱模块,可以减少工作量.且测试结果表明,基于LSM的内核沙箱模块加载后,对系统影响较小,系统性能最大损失约10%.
|
| 关 键 词: | 沙箱 LSM 安全 |
Design and Implementation of Sanbox Module Based on LSM |
| |
| CHENG Xiangpeng,CHEN Lijun.Design and Implementation of Sanbox Module Based on LSM[J].Computer and Digital Engineering,2014(8):1521-1525. |
| |
| Authors: | CHENG Xiangpeng CHEN Lijun |
| |
| Affiliation: | 1.School of Computer Science and Technology, Xi'an University of Posts and Telecommunications, Xi'an 710000) |
| |
| Abstract: | The Sandbox technology is a kind of security protection mechanism,which aims to protect the security of system by limiting the program running environment.The LSM is a lightweight access control framework provided by the Linux kernel.This paper analyzes the shortcomings(complex and resource consumption) of the common sandbox technology in Linux system and proposes a method to achieve the Linux kernel sandbox based on LSM.Based on LSM; Linux kernel sandbox can reduce the workload.The test results show that the Linux kernel sandbox based on LSM has little impact on Linux system performance.The maximum loss of system performance is about 10%. |
| |
| Keywords: | sandbox LSM security |
| 本文献已被 维普 等数据库收录! |
|
