èŠ‚ç‚¹æ–‡çŒ®

é¢å‘æµè§ˆå™¨çš„æ²™ç›’ç³»ç»Ÿçš„åˆ†æžä¸Žè®¾è®¡

Analysis and Design to Browser-Based Sandbox System

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ èµµé•¿æž—ï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ åŒ—äº¬é‚®ç”µå¤§å¦ ï¼Œ ä¿¡æ¯å®‰å…¨ï¼Œ 2012ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ è¿›å…¥21ä¸–çºªä»¥æ¥,éšç€Googleã€Facebookã€ç™¾åº¦ç‰äº’è”ç½‘å…¬å¸çš„è¿…çŒ›å‘å±•,äº’è”ç½‘å’Œäººä»¬çš„ç”Ÿæ´»è¶Šæ¥è¶Šåˆ†ä¸å¼€,å¦‚ä½•ä¿è¯Webçš„å®‰å…¨å·²ç»æˆä¸ºä¿¡æ¯ç§‘å¦å‘å±•çš„æ–°æŒ‘æˆ˜,Webå®‰å…¨ä¹Ÿæˆä¸ºè¿‘å‡ å¹´é£žé€Ÿå‘å±•çš„æŠ€æœ¯,å› ä¸ºWebå®‰å…¨ä¸ä»…å½±å“äººä»¬çš„éšç§å®‰å…¨ã€é‡‘èžå®‰å…¨,ç”šè‡³è¿˜å½±å“äº†æ”¿åºœå’Œå›½é˜²çš„å®‰å…¨ã€‚çŽ°æœ‰çš„è®¸å¤šWebå®‰å…¨æŠ€æœ¯ä¸»è¦é‡‡ç”¨ä¼ ç»Ÿçš„ä¸»åŠ¨é˜²å¾¡æŠ€æœ¯,è¿™äº›æŠ€æœ¯éƒ½å»ºç«‹åœ¨å¯¹å·²çŸ¥çš„æ¼æ´žå’Œæ”»å‡»çš„é˜²å¾¡ä¹‹ä¸Š,è€Œå¯¹äºŽæœªæ¥æ–°çš„å®‰å…¨é—®é¢˜å´æŸæ‰‹æ— ç–ã€‚éšç€WebæŠ€æœ¯çš„è¿…é€Ÿå‘å±•,ç½‘ç»œä¸Šçš„ä¿¡æ¯é‡å‘ˆçˆ†ç‚¸å¼åœ°å¢žé•¿,æ–°çš„å®‰å…¨é—®é¢˜å’Œæ¶æ„æ”»å‡»ä¹Ÿå‘ˆæŒ‡æ•°çº§å¢žåŠ ,ä¼ ç»Ÿçš„ä¸»åŠ¨é˜²å¾¡æŠ€æœ¯æ ¹æœ¬æ— æ³•åº”å¯¹ã€‚é¢å¯¹è¿™ä¸€æƒ…å†µ,æ–‡ä¸è®¾è®¡å‡ºäº†é¢å‘æµè§ˆå™¨çš„æ²™ç›’ç³»ç»Ÿ,ä½¿ç”¨æ²™ç›’æŠ€æœ¯æ¥ä¿è¯Webçš„å®‰å…¨ã€‚æ²™ç›’æŠ€æœ¯ä¸Žä¸»åŠ¨é˜²å¾¡æŠ€æœ¯åŽŸç†æˆªç„¶ä¸åŒ[1]ã€‚ä¸»åŠ¨é˜²å¾¡æ˜¯å‘çŽ°ç¨‹åºæœ‰å¯ç–‘è¡Œä¸ºæ—¶ç«‹å³æ‹¦æˆªå¹¶ç»ˆæ¢è¿è¡Œï¼›æ–‡ä¸è®¾è®¡çš„é¢å‘æµè§ˆå™¨çš„æ²™ç›’ç³»ç»Ÿåˆ™æ˜¯è®©ç–‘ä¼¼ç—…æ¯’ç¨‹åºçš„å¯ç–‘è¡Œä¸ºåœ¨æµè§ˆå™¨è™šæ‹Ÿçš„â€œæ²™ç›’â€é‡Œå……åˆ†è¿è¡Œ,â€œæ²™ç›’â€ä¼šè®°ä¸‹å®ƒçš„æ¯ä¸€ä¸ªåŠ¨ä½œ,å½“ç–‘ä¼¼ç—…æ¯’å……åˆ†æš´éœ²äº†å…¶ç—…æ¯’å±žæ€§åŽ,â€œæ²™ç›’â€å°±ä¼šæ‰§è¡Œâ€œå›žæ»šâ€æœºåˆ¶,å°†ç—…æ¯’çš„ç—•è¿¹å’ŒåŠ¨ä½œæŠ¹åŽ»,æ¢å¤ç³»ç»Ÿåˆ°æ£å¸¸çŠ¶æ€,ä»Žè€Œä¿è¯Webå®‰å…¨[2]ã€‚æ–‡ä¸é¦–å…ˆæ˜¯ä»Žå®‰å…¨é¢†åŸŸå’Œè½¯ä»¶å¼€å‘é¢†åŸŸå¯¹çŽ°æœ‰çš„æ²™ç›’åº”ç”¨è¿›è¡Œäº†åˆ†æž,å¹¶å¦ä¹ è¿™äº›æ²™ç›’åº”ç”¨ä¸ä¼˜ç§€çš„è®¾è®¡åŽŸç†,ä¸ºè®¾è®¡å‡ºé¢å‘æµè§ˆå™¨çš„æ²™ç›’ç³»ç»Ÿåšäº†ç†è®ºå‡†å¤‡å’ŒçŸ¥è¯†å‡†å¤‡ã€‚ç„¶åŽæ ¹æ®å‰é¢åˆ†æžæŽŒæ¡çš„çŸ¥è¯†,ç»“åˆåˆ°æµè§ˆå™¨è¿™ä¸€ç‰¹æ®Šè¿ç”¨åœºæ™¯,ä»Žç®—æ³•ç†è®ºå’ŒWindowsæ“ä½œç³»ç»Ÿç¼–ç¨‹ä¸¤ä¸ªæ–¹é¢å¯¹é¢å‘æµè§ˆå™¨çš„æ²™ç›’ç³»ç»Ÿçš„å¯è¡Œæ€§å’Œè®¾è®¡åŽŸç†è¿›è¡Œäº†åˆ†æž,å¹¶é‡ç‚¹åˆ†æžäº†è¿›ç¨‹é—´é€šä¿¡ã€ä»¤ç‰Œã€ä½œä¸šå¯¹è±¡ã€å¯æ›¿ä»£æ¡Œé¢ã€å®Œæ•´æ€§çº§åˆ«å’Œç–ç•¥è¿™å‡ ä¸ªæ–¹é¢ã€‚éšåŽæ–‡ç« æ ¹æ®å‰é¢çš„åˆ†æž,è®¾è®¡å‡ºäº†é¢å‘æµè§ˆå™¨çš„æ²™ç›’ç³»ç»Ÿã€‚æ•´ä¸ªé¢å‘æµè§ˆå™¨çš„æ²™ç›’ç³»ç»Ÿç”±ç›®æ ‡è¿›ç¨‹å’Œä»£ç†è¿›ç¨‹é€šä¿¡æ¨¡å—ã€ä»¤ç‰Œæ¨¡å—ã€ä½œä¸šå¯¹è±¡æ¨¡å—ã€å¯æ›¿ä»£æ¡Œé¢æ¨¡å—ã€å®Œæ•´æ€§çº§åˆ«æ¨¡å—å’Œç–ç•¥é…ç½®æ¨¡å—ç»„æˆ,æ–‡ä¸ç»™å‡ºäº†æ¯ä¸€ä¸ªæ¨¡å—çš„å·¥ä½œåŽŸç†ã€æµç¨‹å›¾æˆ–ä¼ªä»£ç è®¾è®¡ã€‚æœ€åŽ,æ–‡ç« å¯¹å‰é¢çš„åˆ†æžä¸Žè®¾è®¡å·¥ä½œè¿›è¡Œäº†å……åˆ†çš„éªŒè¯å·¥ä½œ,é‡‡ç”¨ç”±åˆ†åˆ°åˆçš„éªŒè¯åŠžæ³•,å…ˆéªŒè¯å„ä¸ªå°æ¨¡å—çš„è®¾è®¡çš„æ£ç¡®æ€§,æœ€åŽå†éªŒè¯æ•´ä¸ªé¢å‘æµè§ˆå™¨çš„æ²™ç›’ç³»ç»Ÿçš„è®¾è®¡çš„æ£ç¡®æ€§ã€‚é€šè¿‡è¿™äº›éªŒè¯,è¿›ä¸€æ¥å¢žå¼ºäº†è®ºæ–‡çš„æ£ç¡®æ€§å’Œè¯´æœåŠ›ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ Since the beginning of 21st century, as the rapid development of Internet companies such as as Google, Facebook, Baidu and so on, the Internet and peopleâ€™s lives are increasingly inseparable, how to ensure that Web security has become the new challenges in the development of information science, Web security has also become a rapidly developing technology in recent years, because the Web security not only affect peopleâ€™s privacy, financial security, and even affect the Governmentâ€™s security and defense.Many existing Web security technology is mainly made of traditional active defense technology, these technologies are based on known vulnerabilities and attacks and helpless for new security issues for the future. With the rapid development of Web technologies on the Web to grow the amount of explosive, new security and malicious attacks are exponential increases, traditional active defense technology simply cannot cope with. Faced with this situation,in this paper put forward browser-oriented sandbox system, using the sandbox technology to guarantee the security of Web.Sandbox technology distinct from the active defense technology principle. Active defense is to discover a suspicious program behavior blocks and terminate immediately when run. sandbox technology let suspected virus program of suspicious behavior in browser virtual of " sanbox " in full run, "sandbox " will note it of each a action; when suspected virus full exposure its virus property, "sandbox" will implementation "back roll" mechanism,wipe out traces and action of virus, regenerate system to normal state, and guarantee Web security.First in this paper analysis on existing sandbox applications and learn about these principles of good design in the application sandbox from the area of security and software development in the field, to design a browser-oriented sandbox system did a theory-oriented preparation and knowledge. And then follow the preceding analysis of knowledge, combined with the application to the browser, a special scene, from the theory of algorithms and system calls two aspects of the Windows operating system to analyze the browser-oriented sandbox system, and focused analysis of interprocess communication, tokens, job objects, alternative desktop, integrity levels, and policy aspects.In the end, this paper based on the preceding analysis, designed for browser sandbox system. Entire browser sandbox system by goal-oriented processes and communications modules, the agent process token and job object modules, alternative desktop module, the module integrity levels, and policy configuration modules, of each module are given in the text flow chart design or code.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ æ²™ç›’ç³»ç»Ÿï¼› æµè§ˆå™¨å®‰å…¨ï¼› ä¸»åŠ¨é˜²å¾¡ï¼› è™šæ‹Ÿï¼› æ²™ç›’åº”ç”¨ï¼›
ã€Key wordsã€‘ sandbox systemï¼› Browser securityï¼› Active defenseï¼› Signature matchingï¼› Virtualï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ åŒ—äº¬é‚®ç”µå¤§å¦

ã€åˆ†ç±»å·ã€‘TP393.08
ã€è¢«å¼•é¢‘æ¬¡ã€‘5
ã€ä¸‹è½½é¢‘æ¬¡ã€‘316
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

é¢å‘æµè§ˆå™¨çš„æ²™ç›’ç³»ç»Ÿçš„åˆ†æžä¸Žè®¾è®¡

Analysis and Design to Browser-Based Sandbox System

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

é¢å‘æµè§ˆå™¨çš„æ²™ç›’ç³»ç»Ÿçš„åˆ†æžä¸Žè®¾è®¡