Main page www.securesize.com  
Main page GeSWall BOWall Resources  
Main
 
Overview
 
Security framework
 
Related works
 
Downloads
 
Contact us
GeSWall
 

GeSWall (General Systems Wall) is the Windows security project implementing flexible mandatory access policy which provides OS integrity and data confidentiality transparently and invisible for a user. Mandatory access policy is based on established multilevel security models. Originally those models provide assured security but too restrictive for general-purpose systems. So they are adjusted by mitigation of access decisions through dynamic isolation rules. The rules prevent modification of trusted system resources and stealing a data through network.

How it works

All system resources are divided into trusted and untrusted. Resources are files, named pipes, devices, registry keys, processes and etc. Trusted resources are operation system and applications components installed by a trusted user. Untrusted are any resources created by an untrusted user. Processes constituted only from trusted executables (.exe, .dll, etc.) are trusted processes, all others are untrusted processes. Rules of operation are following:

  • Trusted processes may modify any resources
  • Untrusted processes can not modify trusted resources and access a network

If a trusted process tries to access network it becomes half-trusted as it might be vulnerable to network attacks. So the process considered as threat point and dynamically isolated by restricting modification of trusted resources. That restriction is redirecting all modifications to the process's local copy of a resource. Therefore such potentially vulnerable process activity does not affect trusted resources. Also GeSWall distinguishes confidential resources - files with a confidential data. Confidential resources can be accessed only by trusted processes.

GeSWall implementation is based on security framework. The framework is general and might be used for implementation of wide range of Windows 2000/XP/2003 security policies.

Key features

  • Addresses the complete set of general security threats: malicious software damage, software vulnerabilities and misconfigurations
  • Provides mandatory security
  • Transparent and invisible for the end-user
  • Do not require administration or complicated installation, works with default settings
 
© 2003-2008 Andrey Kolishchak
Designed by a.shoshin