| With a mass of practical work in researching and developing a commercial secure Operating System (OS) in accordance with the newest achievements related to studing in Framework for Multi-Policies (FMP),security models and secure OS, research on theory of FMP and it's enforcement in secure OS is conducted in this dissertation. As a result, six principal achievements have been obtained:1. A two-level-caches mechanism is brought in the Generalized Framework for Access Control (GFAC) based on a three levels model of access, and is implemented in Red-Flag Secure OS (RFSOS). Experiments has proved that the two-levels-cache mechanism can effectively improve performance of the GFAC. We suggest International Standards Organization (ISO) adopt it as an optional component in the standard of ISO/IEC 10181-3:1996 for upgrading performance of access control framework when supporting multi-policies.2. An Operating System odented RBAC model is presented at the first time and implemented in release version of RFSOS. This work is also the first time to implement directly a RBAC model holding the most of characteristics descripted in the draft standard of RBAC proposed by NIST in the OS kernel.3. Nowadays, flexible and adaptive policies must be enforced into Automated Information Systems (AIS) to cope with the complex and capricious security environment. Based on the development of RFSOS and study of FLASK and DTOS, an environment-adaptable FMP -Guards is put forward at the first time and compared with FLASK according to the nine criteria descripted in the dissertation.4. Providing complete security attributes revocation function in secure OS is r equired b oth b y F MP a nd C ommon C riteria (CC), b ut a 11 the relevant research on international are imperfect. Found on the analysis of security attributes revocation in secure OS, a security attributes revocation framework is brought forward and implemented in RFSOS. Especially, the problem of in-progress-operations revocation is solved by a mechanism built on in-progress-operations list.5. Security Administration (SA) is an important part of secure OS and how to develop a SA for secure OS accordance with CC is a problem worth to discuss. In this paper, a SA framework for secure OS named SAMSOS, which follows EAL3 class of CC, is put out andimplemented in release version of RFSOS.6. How to support multi-policies in secure information systems was a research hotspot in recent years. In this paper, FMP studies were divided systematically in three classes: based on policy language,based on security attributes and based on uniformed security model. Typical FMPs of each class were analyzed and compared.In summary, the principal achievements of this dissertation are helpful to the exploration of FMP theory and the development of secure OS.
|
PDF Full Text Request