Research And Implementation On A New Access Control Model Based On User's Intention

Among various information attacks, file-attacking is the most popular and destructive one. Furthermore, the transmission and attacking mechanism of malware are developing along with the rapid spreading of Internet. However, Current widely used anti-malware technologies are passive, because they can not defend unknown malwares.As a result, user's files are facing great menace. And How to defend information stealing and destroying has become a challenge in the field of information security research.Firstly, this dissertation discussed the current prevalent access control policies.It pointed out that the rights of the process always inherit from the user logged on the system, which makes process violate the least privilege principle and makes malware steal or destroy files easily.Then, the dissertation analyzed the deficiency of the traditional definition of virus, and pointed out what a malware does is not consistent with what the user expects it to do. Basing on this viewpoint, the dissertation proposed a formal definition of file-attacking malware based on user's intention. Further, the dissertation proposed a new access control policy based on user's intention (briefly IBAC) to defend malwares that steal or destroy files in personal computers. IBAC's basic idea is: Program is not the agent of user, but only an executor of user's intention; program's access to file can be performed only if it conforms with the user's intention; A program is a malware if it access file without user's permission. IBAC has many good properties, and the most important ones are: IBAC can defend known and unknown explicit file-attacking malwares timely and accurately; IBAC satisfies the least privilege principle of program.The key issue to apply IBAC is the trustful transmission of user's intention. To ensure the intention information is transmitted to kernel trustfully, the dissertation analyzed the structure of event-driven operating system and its security leaks. Then, the dissertation presented two corresponding models. One is an evaluation model for security based on event list. This model solves the leak caused by the dissevering of inherent relation among some events. The other is an evaluation model for trustworthiness based on event source. The model solves the leak caused by ignoring the different trustworthiness between events issued by different generators. On the basis of the two models, the dissertation constructed the infrastructure of trusted event-driven system and discussed the implementation technology on Windows.Finally, the dissertation introduced an implementation of trusted event-driven system and a prototype of IBAC on Windows. The testing results show that the protype of IBAC, based on trusted event-driven system, has good security performance and good usability.