This component is used to monitor individual access control rules change. A reference monitor all the basic rule is, that is, all access must be here to mediate. However, the general approach in the high-level system calls to accomplish this is to have the resources consumption. System call will have about 30% of the waste of resources. In order to reduce this consumption, we propose a more efficient way is based on system call interception system kernel to implement the reference monitor function. Our method can minimize changes in the local operating system will not change the official within the operating system interface. UNIX-like systems, there are other open source operating system. Our aim is to create a reference monitor to intercept the system calls the wife, and the intercepts system calls and access control database for comparison to determine whether it was legal system calls and parameters.
ESP protocol data unit format of three parts, in addition to the head, part of the encrypted data, but in the implementation of certification Shihai contains an optional tail. Head has two domains: the security policy index and serial number. To communicate securely using the ESP before the communicating parties need to consult a group of good encryption strategy to be adopted, including the use of the algorithm, key and key is valid and so on. "Security policy index" used to identify which group the sender is the use of encryption policy to deal with IP packets, when the receiver will know that this number of received IP data packet should be handled. "Serial Number" is used to distinguish the same set of data packets of different encryption policy. In addition to encrypt the data portion of the original IP packet contains the payload, padding field contains the rest of the time in transit is encrypted. The "next header" is used to point out that part of the protocol payload, may be transport layer protocol, it may or IPSec protocol.