| The secure operating system is the base of information system security, and access control is a significant secure mechanism of operating system. Due to the difference of environment and the complexity of threaten, it's difficult for single secure policy to satisfy the wide range of user requirements. So many general access control frameworks supporting multi secure policies are proposed and developed.The thesis firstly introduces some familiar access control mechanisms and secure policies. Role-Based Access Control is increasingly popular for its properties of "policy-neutral", "Least Privilege", " Separation of Duties", and convenient administration. The thesis focus on the NIST industry standard of RBAC: ANSI/INCITS 359-2004, approved on Feb. 19, 2004.GFAC and FLASK are general access control frameworks used widely, but none of them is accepted by the mainstream operating system. Because of lack of consensus, they are only patches to Linux kernel. Linux Security Modules (LSM) provides a general framework for access control by adding opaque security fields to kernel data structures and placing security hook functions at vital point in the kernel code. The secure policy user required must be implemented in the individual secure module, since LSM doesn't provide any security policies. It's facility for users to implement any desired model of security by loadable kernel modules based on LSM. Presently, the LSM has been integrated into Linux kernel-2.6.The thesis builds a LSM-based security module that implements the RBAC mechanism to Linux root account . The module achieves the division of root privilege and promotion privilege of ordinary user by rbac_su command, avoiding the centralization of root permissions but lack of permissions for ordinary user.
|
PDF Full Text Request