Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Method for Discovering Vulnerabilities of Operating System Access Control Based on Model Checking

A technology of access control and operating system, applied in platform integrity maintenance, instrumentation, computing, etc., can solve problems such as lack of applications, difficulty in ensuring security policy determinism, and high level of abstraction

Active Publication Date: 2021-10-19
ZHEJIANG UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although scholars at home and abroad have proposed some access control improvement schemes to deal with various security threats and exploit attacks, under the current situation of serious system fragmentation, access control schemes that rely on system versions have exposed application limitations, and the implementation of the scheme is lacking. Theoretical analysis and verification, the certainty of its security policy is difficult to guarantee, so the completeness and correctness of the rules cannot be guaranteed
Part of the work uses formal methods to assist in analyzing the vulnerability of the system. However, these methods have a high level of abstraction and lack of application in real systems.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Method for Discovering Vulnerabilities of Operating System Access Control Based on Model Checking
  • A Method for Discovering Vulnerabilities of Operating System Access Control Based on Model Checking
  • A Method for Discovering Vulnerabilities of Operating System Access Control Based on Model Checking

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0022] Step 1: Analyze the operating system access control security requirements, define access control rules and security attributes, and describe the security attribute specification conditions by analyzing the system specification and system dynamic behavior, and give a strictly defined security specification including form and semantics to achieve Describe the specification of the operating system access control mechanism at a higher level; security attributes are used to formally describe security rules, as one of the implementation methods, it includes atomic security attributes and resource security attributes, atomic security attributes include permission definition, access Location, user type; resource security attributes include subject security attributes and object security attributes.

[0023] Step 2: Formally abstract the access control module of the operating system, define the basic abstract machine and its elements, analyze and reason the formal specification, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for discovering the vulnerability of operating system access control based on model detection. The method analyzes the security attributes of the operating system access control, provides system security regulations, constructs an access control model, and uses theorem proof to conduct security analysis on access control. , through the model checking tool to check the consistency of the abstract machine specification and the correctness and completeness of the components, and realize the vulnerability discovery of the access control of the operating system. This method provides theoretical and technical support for the research on operating system security protection.

Description

technical field [0001] The invention relates to the field of operating system access control vulnerability discovery, in particular to a method for discovering operating system access control vulnerability based on model detection. Background technique [0002] The operating system uses a variety of access controls for system protection, but there are still many security holes exposed in access control granularity and authorization management, such as privilege escalation and privilege leakage. Although scholars at home and abroad have proposed some access control improvement schemes to deal with various security threats and exploit attacks, under the current situation of serious system fragmentation, access control schemes that rely on system versions have exposed application limitations, and the implementation of the scheme is lacking. Theoretical analysis and verification, the certainty of its security policy is difficult to guarantee, so the completeness and correctness ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57G06F21/60
CPCG06F21/577G06F21/604G06F21/554G06F21/575
Inventor 常瑞苗新亮张卓若任奎
Owner ZHEJIANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products