Compacto Project

Overview...

Our Compacto operating system based on the Linux operating system provides novel access control pritimives, which can minimize security damages in a case that a server is compromised by a malicious client. A unique feature of Compacto is that it allows to remove access restrictions from a process at runtime without security risks, using a new technique called process cleaning.

With process cleaning, Compacto cleans a process up before removing access restrictions and eliminates injected malicious code for compromising the server. This means that even a compromised server is recovered to be sane. First, programmers save the whole state of a server process when they can guarantee that the server is still sane. Then, Compacto restores that saved state when access restrictions are removed so that the state illegally modified by a cracker is recovered and thereby the server becomes sane.

Availability...

A kernel patch is now available (Sep. 14, 2001). A supplemental program is available.

Publications...

A Secure Mechanism for Changing Access Restrictions of Servers

Kenichi Kourai and Shigeru Chiba
Journal of Information Processing Society of Japan,
Vol.42, No.6, pages 1492--1502, June 2001.
(in JAPANESE)

A Secure Access Control Mechanism against Internet Crackers

Kenichi Kourai and Shigeru Chiba
In Proc. of the 21st IEEE International Conference on Distributed Computing Systems (ICDCS-21),
pages 743--746, April 2001.

A Secure Access Control Mechanism against Internet Crackers (long version)

Kenichi Kourai and Shigeru Chiba
Technical Report 01-176, Institute of Information Sciences and Electronics, University of Tsukuba,
January 2001.

A Safe Mechanism for Dynamically Removing Access Control Rules

Kenichi Kourai and Shigeru Chiba
SIG notes of Information Processing Sciety of Japan (2000-OS-85),
pages 55--62, August 2000.
(in JAPANESE)

[Last Updated: Sep. 14, 2001]

Kenichi Kourai
kourai@csg.is.titech.ac.jp