Research On Some Key Technologies Of Secure Operating System

Based on design and implementation of a practical secure operating system, this paper mainly focuses on some key technologies and four principal achievements obtained during the development of the system.First of all, based on analysis of various criteria on secure audit and several mainstream audit models, this paper presents the design and implementation of an audit subsystem. It meets the 3rd Security Level - Security Label Protection defined in GB17859-1999 and now it is copyrighted. This subsystem can collect data systematically by mounting audit points in the kernel layer as well as in the application layer. By setting up audit policy on objects and subjects, the configuration is flexible and easy to use, and the performance is enhanced greatly by optimizing buffer management.Secondly, this paper introduces a new subclass of Petri Net, named temporal Petri Net, to model the schemes of audit subsystems. Therefore, we can analyze and verify the properties of system safety and liveness. The method of using temporal logic definitely breaks up the limitations which are inherent in Petri Nets and unable to describe the temporal relationships between system events. At the same time, this method also utilizes the advantages of Petri Nets so that it can effectively describe and analyze the concurrent and physical structural properties of the system, for the purpose of system verification. By doing so, some beneficial contributions are made toward the formal verification of high level secure operating systems.Thirdly, after doing deep research on the intrusion detection systems based on system-calls, this paper proposes a new model named "AUDIDS" , which was based on audit event vectors. Not only does the new model retained the previous good points, but also it obtains richer semantics and higher efficiency compared to other models. Based on this model, this paper presents a few mechanisms in the real-time alert system implemented in SecLinux and improves the storing and matching methods of normal databases.Finally, the design and implementation of privilege-management system is presented. Based on analysis of the classical role-management model - RBAC, least-privilege management is implemented in SecLinux. The idea of least privilege is that administrators are given no more privileges than is necessary to enable them to do their jobs, so in our system the super user's privileges are separated into several groups of fine-gained privileges and are given to administrators based on specific task. The inheritance and constrain of roles are implemented in application layer.In summary, this paper presents several key technologies in the design and implementation of a secure operating system. The principal achievements and experiences obtained contributes to the research of our country's own secure operating systems significantly.