research-article

Research on Operating System Kernel Security Based on Mandatory Behavior Control Mechanism (MBC)

Authors:

Shen GuiquanAuthors Info & Claims

ICCIR '21: Proceedings of the 2021 1st International Conference on Control and Intelligent Robotics

Pages 67 - 73

https://doi.org/10.1145/3473714.3473727

Published: 13 August 2021 Publication History

Abstract

The current operating system security is mainly achieved by controlling the access to the operating system, which cannot effectively ensure the kernel security and leads to a large amount of data redundancy in the system kernel due to the need to review and other judgments on all access operations in turn. To address these problems, we study the kernel security of operating systems based on the mandatory behavior control mechanism (MBC). Partition management of the kernel is achieved by partitioning the system kernel for isolation and setting inter-partition communication. The kernel functions are divided into three parts: security detection, storage management, and read management, to facilitate modular kernel management. After building the framework of the control The comparative experimental data show that the OS kernel data redundancy ratio is less than 13% and has good security when applying this OS security scheme.

References

[1]

Kuo H C, Chen J, Mohan S, et al. Set the Configuration for the Heart of the OS: On the Practicality of Operating System Kernel Debloating[J]. Proceedings of the ACM on Measurement and Analysis of Computing Systems, 2020, 4(1):1--27.

Digital Library

[2]

Jun C, Wei L, XiaoL L, et al. Research on Microkernel-based Power Dedicated Secure Operating System[J]. 2019, 91(10): 1127--1136.

[3]

Donghai Tian, Rui Ma, Xiaoqi Jia, et al. KEcruiser: A novel control flow protection for kernel extensions[J]. Future Generation Computer Systems, 2019, 100: 1--9.

Digital Library

[4]

MeiLing Chiang, WeiLun Su, ShuWei Tu, et al. Memory - aware kernel mechanism and policies for improving internode load balancing on NUMA systems[J]. Software: Practice and Experience, 2019, 49(10): 1485--1508.

[5]

Yauhen Klimiankou. Design and Implementation of Port-Mapped IO Management Subsystem and Kernel Interface for True Microkernels on IA-32 Processors[J]. Programming and Computer Software, 2019, 45(6): 319--323.

[6]

Woo Y, Kim S, Kim C, et al. Catnap: A Backoff Scheme for Kernel Spinlocks in Many-Core Systems[J]. IEEE Access, 2020, PP(99):1.

[7]

Septiasari Rycka, Restu Pramadi Yogha. A study on windows-based ransomware implications on linux operating system using compatibility layer wine based on dynamic analysis[J]. IOP Conference Series: Materials Science and Engineering, 2020, 1007(1): 012120.

[8]

Janaina Antonino Pinto, Prashant Kumar, Marcelo Félix Alonso, et al. Kriging method application and traffic behavior profiles from local radar network database: A proposal to support traffic solutions and air pollution control strategies[J]. Sustainable Cities and Society, 2020, 56:102062.

[9]

Konstantina Michalopoulou. Mandatory Corporate Governance Rules and Auditor Behavior: The Case of Greece[J]. The International Journal of Accounting, 2019, 54(04): 43.

[10]

Jinghui Yuan, Mohamed Abdel-Aty, Qing Cai, et al. Investigating drivers' mandatory lane change behavior on the weaving section of freeway with managed lanes: A driving simulator study[J]. Transportation Research Part F: Psychology and Behaviour, 2019, 62: 11--32.

[11]

Building certified concurrent OS kernels[J]. Communications of the ACM, 2019, 62(10):89--99.

Digital Library

[12]

Maxime Compastié, Rmi Badonnel, Olivier Festor, et al. From virtualization security issues to cloud protection opportunities: An in-depth analysis of system virtualization models[J]. Computers & Security, 2020, 97:101905.

[13]

Kapil Netaji Vhatkar, Girish P. Bhole. Improved rider optimization for optimal container resource allocation in cloud with security assurance[J]. International Journal of Pervasive Computing and Communications, 2020, 16(3): 235--258.

[14]

Kerem Kucuk, Dawson Msongaleli, Orhan Akbulut, et al. Self-adaptive medium access control protocol for aggregated VLC--RF wireless networks[J]. Optics Communications, 2021, 488(6): 126837

[15]

Wang P, Zhou X, Lu K. Sabotaging the system boundary: A study of the inter-boundary vulnerability[J]. Journal of Information Security and Applications, 2020, 54(1):102496.

[16]

H Kuzuno, Yamauchi T. MKM: Multiple Kernel Memory for Protecting Page Table Switching Mechanism Against Memory Corruption[J]. 2020, 12231:97--116.

[17]

Bera Basudeb, Das Ashok Kumar, Sutrala Anil Kumar. Private blockchain-based access control mechanism for unauthorized UAV detection and mitigation in Internet of Drones environment[J]. Computer Communications, 2021, 166: 91--109.

[18]

Kai Lei, Junjie Fang, Qichao Zhang, et al. Blockchain-Based Cache Poisoning Security Protection and Privacy-Aware Access Control in NDN Vehicular Edge Computing Networks[J]. Journal of Grid Computing, 2020, 18(6): 1--21.

[19]

Shafiq Muhammad, Singh Pankaj, Ashraf Imran, et al. Ranked Sense Multiple Access Control Protocol for Multichannel Cognitive Radio-Based IoT Networks.[J]. Sensors (Basel, Switzerland), 2019, 19(7):1703.

[20]

Kayes A S M, Han Jun, Rahayu Wenny, et al. A Policy Model and Framework for Context-Aware Access Control to Information Resources[J]. The Computer Journal, 2019, 62(5): 670--705.

Cited By

Mahfud ASabila MWibowo NRhamdhan APriambodo D(2023)A Systematic Literature Review on Operating System Security: Distribution and Issues2023 3rd International Conference on Electronic and Electrical Engineering and Intelligent System (ICE3IS)10.1109/ICE3IS59323.2023.10335475(70-75)Online publication date: 9-Aug-2023
https://doi.org/10.1109/ICE3IS59323.2023.10335475

Index Terms

Research on Operating System Kernel Security Based on Mandatory Behavior Control Mechanism (MBC)
1. Security and privacy
  1. Systems security
    1. Operating systems security
      1. Trusted computing

Recommendations

Operating System Security
Understanding the Security of Linux eBPF Subsystem
APSys '23: Proceedings of the 14th ACM SIGOPS Asia-Pacific Workshop on Systems

Linux eBPF allows a userspace application to execute code inside the Linux kernel without modifying the kernel code or inserting a kernel module. An in-kernel eBPF verifier pre-verifies any untrusted eBPF bytecode before running it in kernel context. ...
Computer operating system logging and security issues: a survey

Logging has become a fundamental feature within the modern computer operating systems because of the fact that logging may be used through a variety of applications and fashion, such as system tuning, auditing, and intrusion detection systems. Syslog ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICCIR '21: Proceedings of the 2021 1st International Conference on Control and Intelligent Robotics

June 2021

807 pages

ISBN:9781450390231

DOI:10.1145/3473714

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Chongqing Univ.: Chongqing University

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 August 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICCIR 2021

ICCIR 2021: 2021 International Conference on Control and Intelligent Robotics

June 18 - 20, 2021

Guangzhou, China

Acceptance Rates

ICCIR '21 Paper Acceptance Rate 131 of 239 submissions, 55%;

Overall Acceptance Rate 131 of 239 submissions, 55%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
143
Total Downloads

Downloads (Last 12 months)43
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mahfud ASabila MWibowo NRhamdhan APriambodo D(2023)A Systematic Literature Review on Operating System Security: Distribution and Issues2023 3rd International Conference on Electronic and Electrical Engineering and Intelligent System (ICE3IS)10.1109/ICE3IS59323.2023.10335475(70-75)Online publication date: 9-Aug-2023
https://doi.org/10.1109/ICE3IS59323.2023.10335475

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents