2nd International ICST Workshop on e-Forensics Law and Judicial

Research Article

Research on the Application Security Isolation Model

  • @INPROCEEDINGS{10.1007/978-3-642-23602-0_29,
        author={Lei Gong and Yong Zhao and Jianhua Liao},
        title={Research on the Application Security Isolation Model},
        proceedings={2nd International ICST Workshop on e-Forensics Law and Judicial},
        keywords={Information security classified protection Application security Security model Application isolation},
  • Lei Gong
    Yong Zhao
    Jianhua Liao
    Year: 2012
    Research on the Application Security Isolation Model
    DOI: 10.1007/978-3-642-23602-0_29
Lei Gong,*, Yong Zhao1,*, Jianhua Liao2,*
  • 1: Beijing University of Technology
  • 2: Peking University
*Contact email: gonglei_sky@sohu.com, zhaoyonge_mail@sina.com, liao_jh@139.com


With the rapid development of information technology, the secrutiy problems of information systems are being paid more and more attention, so the Chinese government is carrying out information security classified protection policy in the whole country. Considering computer application systems are the key componets for information system, this paper analyzes the typical security problems in computer application systems and points out that the cause for the problems is lack of safe and valid isolation protection mechanism. In order to resolve the issues, some widely used isolation models are studied in this paper, and a New Application Security Isolation model called NASI is proposed, which is based on trusted computing technology and the least privilege principle. After that, this paper introduces the design ideas of NASI, gives out formal description and safety analysis for the model, and finally describes the implementation of the prototype system based on NASI.