A Review Of Secure Operating System And Its Realizing Technology

With the convenience contributed by rapid development of information technology and network, numerous secure problems have been introduced, such as well-known computer virus and the attacks of hacker etc. Therefore, the research of security in computer information system has arose the attention and recognition increasingly, because operating system is the footstone and key of all the computer information system, the research and implement of the secure operating system has important meanings, especially the design and implement of the secure operating system with our own property, high security and high reliability has important realism meanings for security of our country and defense.This paper first summarizes the research results of the field in secure operating system from the sixties of the twentieth century, and points out the trends in the future, and presents five basic requirement of computer system security: confidentiality, integrality, usability, the ability of control and audit, and analyzes causations compromising operating system. Then describes criterias for information technology security evaluation including TCSEC of America, CC standard and GB17895-1999 of China, and explores the security kernel and its corresponding concept, analyzes the security mechanism and implement methods.Security policy model is foundation of designing and implementing secure operating system, this paper explores representative security policy model, and analyzes its strongpoint and disadvantage. Supporting multi-policies and dynamicial policies is the research trends of the secure operating system, so then this paper analyzes the popular architecture supporting it, such as GFAC, DGSA, DTOS and Flask etc.Linux operating system has become well platform of implementing our own independent secure operating system because of its performance and open source. This paper explores security mechanism of Linux operating system and its limitation, and describes a lightweiht, general purpose, access control framework for Linux kernel——LSM(Linux Security Module).A secure operating system model named NisecLinux has been presented and implemented at the end of the paper. NisecLinux has the mandatory access control mechanism based on network access; its ability of security has been greatly enhanced by an intrusion detection system related with a firewall; the security of data transfer has been ensured via the technology of virtual private network; the integrity of log has been ensured by adopting digital watermark log as the technology of security audit; the performance of the NisecLinux has been improved by condensing the kernel and file system.