A Secure Access Control Mechanism against Internet Crackers
Internet servers are always in danger of being ``hijacked'' by various
attacks like the buffer overflow attack. We propose the process
cleaning technique for making an access control mechanism secure against
hijacking. To minimize damages in cases where the full control of the
servers is stolen, access restrictions must be imposed on the servers.
However, designing a secure access control mechanism is not easy because
that mechanism itself can be a security hole. Process cleaning prevents
malicious code injected by a cracker from illegally removing access
restrictions from a hijacked server. In this paper, we describe the
access control mechanism of our Compacto operating system using process
cleaning. According to the results of our experiments, process cleaning
can be implemented with acceptable performance overheads.