A Secure Access Control Mechanism against Internet Crackers
Internet servers are always in danger of being "hijacked" by various
attacks like the buffer overflow attack. To minimize damages in cases
where full control of the servers are stolen, imposing access
restrictions on the servers is still needed. However, designing a
secure access control mechanism against hijacking is not easy because
that mechanism itself can be a security hole. In this paper, we
describe the access control mechanism of our Compacto operating system.
Compacto uses our new technique called the process cleaning so
that malicious code injected by a cracker cannot illegally remove
access restrictions from a hijacked server. According to the results
of our experiments, the process cleaning can be implemented with
acceptable performance overheads.