Research On SELinux And Improvement

Human society is going through a digitized era because of the explosion of information technology. A great lot of information has been digitized and maintained centrally by information systems. More and more valuable and critical information are being managed by information systems. Hence, the security capability of an information system is now becoming bottleneck of an information system. On the other hand,security of an operating system is the precondition to guarantee security of an information system because operating system is the base and kernel of an information system. Therefore, it is very important and necessary to study security mechanism provided by an operating system.The foremost target of infornlation security is to assure data security, which can be protected by enforcing access control. Currently, Linux is becoming one of the mos popular operating systems because of its excellent performance and open source philosophy. Since lots of individuals and enterprises are switching to Linux, access control mechanism of Linux has been improved from time to time for new security requirements. For instance, SELinux sub-system can enforce a policy based MAC and provide flexible security policy configuration. However, there are still some defects in current Linux access control mechanism.This paper firstly introduces and analyzes the related contents (mainly include Operating system security architecture and security model, SELinux Introduction, SELinux access control mechanism, the implementation of SELinux security server,etc.)of SELinux mandatory access control mechanism. On the basis of the introduction and analysis.Audit subsystem of security operating system needs to records, inspections andaudits secure related things, abstract user behavior from bottom layer data. Its mainpurpose is to detect and stop the system invasions by those illegal users, and displaysthe legitimate user's misoperations and records system status when emergence of error.Kernel is the most close contacts with hardware, we can get original audit data frombottom when we placed audit system in the kernel, it can effectively reduces thepossibility of auditing bypass.The main job including:First.Improve SELinux user management through the introduction of the concept of class in Linux into SELinux and give implementation of the improvement.Thus , the problems of non-flexibility in assignment mode of same role set between users and non-flexibility and non-security that may be easily caused in transition mode between different role sets for user in SELinux are solved.Second,In-depth study of the SELinux mandatory access control mechanisms and accesscontrol strategies, give a set of scheme to strengthen audit system's own security by use of SELinux's access control mechanism and strategy.Analysis and research existing mechanisms and codes of SELinux. Utilized security auditing theory and kernel knowledge, describing hook functions settings, the contentsof auditing and the class of audit case. Planning various components of an auditing system, research comunicate mechanism of components and give the most architecture model of auditing system.