Research And Implement Of Flexible Role Management In KYLIN OS

Access control is a hot research problem for the security of operating system. KYLIN OS implemented the role-based mandatory access control framework (RBA) in the kernel to protect the safety of the system. To reduce the complexity of policy configuration, in the RBA, the user associates with the role, and the role decides the capability. The relationship between the role and the various access control policies can be determined by professionals. Easy management, and does not require professional knowledge. However, the role decides the capabilities that bring the convenience, but also increase the burden of the use.The role determines the user's permission, when users need to perform certain restricted operations, whether before certified, you need to log in again choose another role. Secondly, the existing KYLIN OS did not strictly define the relationship between user and role that easily cause the system confusion. Therefore, this article extends the existing role management strategies in KYLIN OS, and proposes a flexible role management method, which contains two major areas of research.(1)To solve the repeated login problems for the role, we extended the RBAC model; propose a DRT-RBAC model that supports dynamic role transition. DRT-RBAC model based on authentication trustworthiness reasoning model, associated with the role transition, according to the authentication trustworthiness to determine the current range that the role can be converted. Meanwhile, the paper proposes an invisible role transition method based on diversity measurement. By importing AHP to measure the diversity of the roles, the role will be broken down into fine-grained system privilege-capability, according to the importance of capability, capabilities is divided into different types, construct pairwise comparison matrix in capability layer, calculate the priority of each type. According to the different number of capabilities in each type between the roles, construct pairwise comparison matrix in role layer, at the same time, based on the priority of each type, calculating the diversity of the two roles.(2)This paper presents a consistency check of relationship method. Classify the role of systems by establishing two active role lists in the kernel; avoid multiple users associated with the same key role. Meanwhile, design a method of TOKEN role transfer, which can solve the problem due to the left of the user associated with the key role.In conclusion, this paper effectively solved the problem, which is role dynamic transition and role relationship check, and further improved the role management strategies in KYLIN OS.