Research On Authentication And Access Control Technologies Based On Trustworthiness In Secure Operating System

Secure operating system plays a significantly important part in the whole security of computer systems. Yet, in open network environment, there exists a new problem in current secure operating system: the system can not satisfy the requirement that the users passing authentication mechanisms with different strength will obtain different accessing rights of the system. So, we begin our research in three aspects: how to embody the users passing authentication mechanisms with different strength; how to emody to what degree policies in access control framework will affect the decision of an access request; how to tightly couple authentication and access control mechanisms so that users passing authentication mechanisms with different strength will obtain different accessing rights.Research in this thesis focuses on the authentication and access control technologies based on trustworthiness in secure operating systems, which mainly include authentication technology based on trustworthiness, access control technology based on trustworthiness, and the coupling technology that organically associates authentication with access control mechanisms in secure operating systems by means of trustworthiness.Aiming at the problem that how to embody the users passing authentication mechanisms with different strength, a reasoning model based on authentication trustworthiness was proposed in this thesis, and the trustworthiness measurement for the uncertainties in authentication system was given. For the uncertainties of authentication rules, we give the definition of authentication success trustworthiness factor and authentication failure trustworthiness factor, in order to measure the two authentication results: successful or failed. Because secure operating systems must provide several authentication mechanisms to authenticate users, we give a method to calculate the user's authentication trustworthiness after he has passed multiple authentication mechanisms. Then, we extend the authentication trustworthiness-reasoning model from threshold constraint and weighted factor aspects, so that the new models can satisfy the requirement of various application scenarios. By means of introducing authentication trustworthiness into authentication system, we can describe those uncertainties in authentication system in a better way, and well enhance the security of systems of high security levels under the condition of multiple authentication mechanisms. Based on the authentication trustworthiness-reasoning model, we put forward a new PAM framework based on authentication rules, which can better satisfy the needs of real systems.In access control framework, different policy will have different effect on the final access control decision, therefore we put forward an access request trustworthiness-reasoning model in weighted policy framework. In this framework, we give weighted factors to access control policies to express its importance, give policy enhancing factor and weakening factor to embody the effect of the relative changing degree of an accessing request's trustworthiness on the final decision. We give an algorithm to calculate the final trustworthiness of access request in weighted policy framework, then compare this value with the threshold of access request authorization, and finally make the authorization decision. In this model, authorization decision is given according to the calculation of request trustworthiness, which is more flexible for authorization than traditional methods, and can better satisfy the...