Study Of The Security Problems Of Linux Operating System

At present, Linux is a kind of popular and widely used Operating System. This paper gives a research on how to improve its security.The paper firstly points out the limitations of Linux in access control, then emphasizes on two ways of improving the security of Linux OS. One is to use and manage the OS from the point of view of safety, the other is to upgrade the system to improve its security thoroughly. In the end the merits and shortcomings of the system is discussed, and the future development direction of secure OS is probed into.As to the first way, this paper first points out the hidden troubles that exist in actual use, management and operation, then explains in detail the methods we should carry out.As to the second way, this thesis will improve the security of Linux Operating System from the point of view of enhancing the access control function of OS. At the same time, this paper will also consider how to implement various security policies with flexibility. In access control, such improvements will be done as following:Self-protection mechanism of system resource will be added to existing security policies: password protection, and this is the research focus of this paper: password access control mechanism based on self-protection password.In order to ensure the usability and flexibility, it is necessary to assign different levels to the protection behavior of the self-protection password. Whether or not the users set the password protection of files or directories is permitted. And when a user sets the password protection of files or directories, he or she may set different protection levels according to different situations.The entire system is composed of two modules. Firstly, access control enhanced module of file system : it implements the self-protection mechanism of file/directory in kernel by the means of designing new data structures to save self-protection password and level information of file/directory and changing file-system-related system calls. Secondly, the tools for configuring and managing the access control policies: it provides configuring and managing tool in command line for ordinary users to set access control and self-protection policy for protected files in the system.The scheme will be implemented by modifying the kernel source program code directly and using the technology of LKM(LKM: Loadable Kernel Module) to extend...