Font Size: a A A

Research On And Enforcement Of Secure Operating System Supporting Multiple Security Policy

Posted on:2003-03-29Degree:DoctorType:Dissertation
Country:ChinaCandidate:H L LiangFull Text:PDF
GTID:1118360092970731Subject:Computer software and theory
Abstract/Summary:PDF Full Text Request
With an experiment of implementing a practical secure operating system in accordance with the consideration of a variety of information threats and security requirements, research on and enforcement of the security policy in secure operating system(SOS). As a result, six principal achievements have been obtained. First, the security policies fit for SOS are determined. And related security models and security mechanisms is classified, discussed and analyzed systematically at the first time. A comprehensive perspective of the evolution process of security policies and models is presented, which lays the ground for the overall knowledge of the state of the art of security policies and models. Second, research on the refinement of security policy is conducted and the essential properties of multiple security policy are presented, which provides helpful guides for the later development of security policy. Third, based on the Linux system, the security goal, services and mechanisms of operating system kernel are analyzed systematically at the first time, the map of security services and mechanisms is proposed, and the resident problems of the Linux kernel together with corresponding improvement suggestions is presented. Fourth, by introducing the metapolicy and decision cache concepts into the operating system kernel, a security architecture of SOS, named SOSSA, is constructed, which can support multiple security policy and improve the implement performance in a SOS kernel. A SOS based on the main stream Linux system, named RFSOS, is produced successfully according to the SOSSA. The system has passed the 3rd level certification against the China Classified Criteria for Security Protection of Computer Information System. Fifth, a common framework of multilevel sensible labels (MLSLCF) is proposed, which overcomes the problem existed in previous SOS that a subject only access objects in same level during a session. Based on MLSLCF, the multilevel confidential and integrity access control are simultaneously implemented in RFSOS. Last but not least, the specification of security policy is - v - 中国科学院软件研究所博士学位论文支持多安全政策的安全操作系统的研究和实施studied and a specification language for security policy (SPSL) is presented. With SPSL, multiple security policies, such as discretionary access control policy, multilevel access control policy, Chinese wall policy and type enforcement policy can be specified. In a word, the principal achievements of this thesis are helpful to the development of novel security policy and models, and to the construction of secure operating system platforms for computer security of applications in the real world...
Keywords/Search Tags:security policies and models, secure operating system, security architecture, multilevel security, specification of security policy
PDF Full Text Request
Related items