A Secure Access Control Mechanism against Internet Crackers

Internet servers are always in danger of being ``hijacked'' by various attacks like the buffer overflow attack. We propose the process cleaning technique for making an access control mechanism secure against hijacking. To minimize damages in cases where the full control of the servers is stolen, access restrictions must be imposed on the servers. However, designing a secure access control mechanism is not easy because that mechanism itself can be a security hole. Process cleaning prevents malicious code injected by a cracker from illegally removing access restrictions from a hijacked server. In this paper, we describe the access control mechanism of our Compacto operating system using process cleaning. According to the results of our experiments, process cleaning can be implemented with acceptable performance overheads.