摘要： 可执行恶意代码严重危害操作系统的安全，它通过进程实现对系统造成危害，能否控制进程的安全是可执行恶意代码防御中的关键问题。该文以安全操作系统的访问控制思想为基础，根据可信计算的思想和原则，提出一个防御可执行恶意代码体系中的URPP访问控制模型。该模型以进程作为核心，对进程启动进行可信度量以及最小权限的约束。实践证明，URPP模型能够有效地抑制可执行恶意代码对系统造成的危害。

关键词: 可执行恶意代码, URPP访问控制模型, 基于角色的访问控制, 可信度量

Abstract: The harm which is done by executable malicious codes through controlling the processes becomes more and more severe to operating systems. So ensuring the security of process is the key to the operating system security. Based on theory and conception of secure operating system and trusted computing, an access control model named URPP is shown, which can defend operating system against the harm done by executable malicious code. URPP takes the process as a core element, measures the reliability and restricts the minimized privilege to the initializing processes. The URPP model applied to operating system security reinforces production successfully, and defends operating system against the executable malicious code effectively.

Key words: executable malicious code, URPP access control model, role-based access control, trust measurement

中图分类号: 

• TP393