The Windows Vista operating system implements an interesting model of multi-level integrity. We observe that in this model, trusted code can be blamed for any information-flow attack; thus, it is possible to eliminate such attacks by static analysis of trusted code. We formalize this model by designing a type system that can efficiently enforce data-flow integrity on Windows Vista. Typechecking guarantees that objects whose contents are statically trusted never contain untrusted values, regardless of what untrusted code runs in the environment. Some of Windows Vista's runtime access checks are necessary for soundness; others are redundant and can be optimized away.
翻译:Windows Vista 操作系统采用了一个有趣的多层次完整性模型。 我们观察到,在这个模型中,任何信息流攻击都可以归咎于可靠的代码; 因此,可以通过对信任代码进行静态分析来消除这种袭击。 我们通过设计一个能够有效地在 Windows Vista 上执行数据流完整性的型号系统来正式确定这一模式。 输入可以保证静态信任的物体不会包含不可靠的值, 不论在环境中运行的代码为何。 Windows Vista 运行中的一些运行时访问检查对于正确性是必要的; 其它的系统是多余的, 可以优化 。
相关内容
微信扫码咨询专知VIP会员