Fine-grained protection domain model in a process and its implementation
进程内细粒度保护域模型及其实现

A fine-grained protection domains method was proposed to address the problem of dynamically changing a process's capabilities. According to a process's different access mode of its address space and system resources in its different executing phases, this model partitions it into multiple protection domains. Then it sets up access mode of address space for each of them, which makes it feasible to resist code injection attacks. Meanwhile, it integrates Mandatory Access Control (MAC) framework into it to provide the access control of system resources, which meets the security requirement of the system.