A Secure Access Control Mechanism against Internet Crackers

Internet servers are always in danger of being "hijacked" by various attacks like the buffer overflow attack. To minimize damages in cases where full control of the servers are stolen, imposing access restrictions on the servers is still needed. However, designing a secure access control mechanism against hijacking is not easy because that mechanism itself can be a security hole. In this paper, we describe the access control mechanism of our Compacto operating system. Compacto uses our new technique called the process cleaning so that malicious code injected by a cracker cannot illegally remove access restrictions from a hijacked server. According to the results of our experiments, the process cleaning can be implemented with acceptable performance overheads.