The Research And Implementation Of Hiding And Protecting Data In Kylin Operating System

The security environment of information become more and more complexly . How to ensure the security of information has become a major strategic issue. As the basis of information security, the Operating System's safety is very important. Now, almost all of the systems have enhanced safety, both Windows and linux, all use a variety of security policies to enhance the safety of system.Kylin is Role-based Authorization system .Kylin design security policy to ensure that only the security administrator could access the Safety-related data structures in the kernel and the Role-related configure file. But the security policy could not protect the other important security data. ACL mechanisms could not control administrator to access private files. so it is not security enough to protect the private files.To address the above problems and shortcomings, we design and implemente the SPD(Security Protected Data) security module to ensure the safety of security data and private data in systems. We implement SPD security module based on RBA framework. SPD consists of two parts: SSPD (System Security Protected Data)security policy to ensure the safety of security data and USPD (User Security Protected Data)security policy to ensure the safety of private data. SSPD provides many security policies such as control hiding and accessing data based on role to ensure the safety of critical systems data, meet the principle of least privilege, preventing a role to abuse of authority which may threat the safety of data. USPD also provides many security policies such as control fine-grained hidden and access rules to private data, it can control hiding and accessing private data based on all users(root, etc.), special user and special user-group. This paper test the performance of SPD module, SPD module meets the needs of Kylin system to protect the critical data. Security Administrator can use SSPD to protect critical data, prevent illegal role to access the critical data. Users can use USPD to protect private data, set hidden and access rules for anyother user.At last we use UnixBench to test the performance of the OS with and without SPD module, and then discusse system performance overhead by analyzing testing data.