Improvement Of User Management In SELinux And Study And Implementation Of Its Integration With IPsec

The security of operation system is the foundation of whole information system. Study and development of secure operating system is an important means to enhance the security of computer information system and has important significance. Security-Enhanced Linux (SELinux) is the implementation of Flask mandatory access control architecture in Linux. In SELinux, we can configure security policy according to the security requirement of our system. thus, SELinux breaks through the lacking flexibility limitation of traditional mandatory access control. SELinux is an excellent reference for us to study and develop our secure operating system with independent copyright. It' s necessary to analyze it and make related study on it.This paper firstly introduces and analyzes the related contents (mainly include SELinux summarization, SELinux access control mechanism, the implementation of SELinux security server, etc.) of SELinux mandatory access control mechanism. On the basis of the introduction and analysis, the paper mainly completes the following two work:1. Improve SELinux user management through the introduction of the concept of group in Linux into SELinux, and give implementation of the improvement. Thus, the problems of non-flexibility in assignment mode of same role set between users and non-flexibility and non-security that may be easily caused in transition mode between different role sets for user in SELinux are solved.2. Implement the unimplemented function in network access control in SELinux, which labels IP packet and provides related control for the packet according to the label, through the study of integration of SELinux with IPsec. mainly includes two steps: 1) Design and implement the labeling of IP packet according to security policy by recurring to IPsec; 2) Implement the control on IP packet according to the label of the packet by adding LSM hook functions into kernel, adding the specific implementation to these LSM hook functions in SELinux security module and adding related SELinux security policies.