【摘要】 在分析现有操作系统安全机制的基础上,针对空间隔离技术的不足之处,提出了功能隔离的新思想.功能隔离可以提供更细致的隔离粒度,并可使不同类别的功能请求在相互隔离的执行域中执行,从而提高系统的可靠性与安全性.详细描述了功能隔离的定义,讨论了功能划分的方法和PFI、ASFI两种功能隔离机制及其关键实现技术.实验数据说明,采用功能隔离不会明显影响系统的效率.更多还原

【Abstract】 Considering the limitations of current space isolation technique,a new security mechanism adopting function isolation is proposed.With the mechanism more delicate granularity of function can be used and different execution domains corresponding to different function requests may be isolated each other,so the safety of operating system can be improved.In the paper the principle and algorithm for function division are introduced in detail,and two kinds of isolating mechanisms PFI and ASFI are presented.Experiment results show that the overhead of function isolation wouldn’t reduce the system efficiency notably.更多还原