{"title":"高效的安全意识虚拟内存管理","authors":"Rahmatollah Amirsoufi, M. Taghiloo, Armin Ahmadi","doi":"10.1109/SoCPaR.2009.50","DOIUrl":null,"url":null,"abstract":"Virtual memory was developed to automate the movement of program code and data between main memory and secondary storage to give the appearance of a single. This technique greatly simplified the programmer’s job, particularly when program code and data exceeded the main memory’s size. In modern operating system, secure file system can protect confidential data from unauthorized access. However, once an authorized process has accessed data from a cryptographic file system, the data can appear as plaintext in the unprotected virtual memory backing store, even after system shutdown. This paper proposes new approach for adding multilevel security capability to virtual memory management. It uses partial swap encryption based on process’s security policy. Volatile encryption keys are chosen randomly, and remain valid only for short time periods. Performance comparison shows the total overhead of proposed method.","PeriodicalId":284743,"journal":{"name":"2009 International Conference of Soft Computing and Pattern Recognition","volume":"2009 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Efficient Security-Aware Virtual Memory Management\",\"authors\":\"Rahmatollah Amirsoufi, M. Taghiloo, Armin Ahmadi\",\"doi\":\"10.1109/SoCPaR.2009.50\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Virtual memory was developed to automate the movement of program code and data between main memory and secondary storage to give the appearance of a single. This technique greatly simplified the programmer’s job, particularly when program code and data exceeded the main memory’s size. In modern operating system, secure file system can protect confidential data from unauthorized access. However, once an authorized process has accessed data from a cryptographic file system, the data can appear as plaintext in the unprotected virtual memory backing store, even after system shutdown. This paper proposes new approach for adding multilevel security capability to virtual memory management. It uses partial swap encryption based on process’s security policy. Volatile encryption keys are chosen randomly, and remain valid only for short time periods. Performance comparison shows the total overhead of proposed method.\",\"PeriodicalId\":284743,\"journal\":{\"name\":\"2009 International Conference of Soft Computing and Pattern Recognition\",\"volume\":\"2009 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-12-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 International Conference of Soft Computing and Pattern Recognition\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SoCPaR.2009.50\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference of Soft Computing and Pattern Recognition","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SoCPaR.2009.50","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Virtual memory was developed to automate the movement of program code and data between main memory and secondary storage to give the appearance of a single. This technique greatly simplified the programmer’s job, particularly when program code and data exceeded the main memory’s size. In modern operating system, secure file system can protect confidential data from unauthorized access. However, once an authorized process has accessed data from a cryptographic file system, the data can appear as plaintext in the unprotected virtual memory backing store, even after system shutdown. This paper proposes new approach for adding multilevel security capability to virtual memory management. It uses partial swap encryption based on process’s security policy. Volatile encryption keys are chosen randomly, and remain valid only for short time periods. Performance comparison shows the total overhead of proposed method.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
