| The Information System Security has been becoming a focus of attention in Computer Science field. In the past few years, the research refering to Secure Operating System that is the basic of the information system has been ascending by degree. Access Control is the main component of the OS's security mechanism. Consequently, the research on secure OS is mainly focused on the Access Control enhancement. On the other hand, the construction of secure information system has been coming up with the importance of the information system security testing. Nowadays, the security testing is done manually by the testing engineers. There are kinds of problems, like too strong subjectivity, high workload and long testing cycle, that are very hard to control. A solution is automatic testing. In one sentence, it is significant to study the implementation and automatic testing of Mandatory Access Control.This paper studied the theory and related research about Mandatory Access Control in Secure OS based on what I enhanced the MAC mechanism on Linux. This MAC mechanism can support the multi-level security polices defined in a modified BLP module. The structure of the mechanism has referred to GFAC and LSM Accsess Control modules. It was developed with placing "hooks" in access control related system calls and LKM. This MAC is also the target of the automatic testing system which is developed by me. The automatic testing system can do the testing on both the whole set of the file system related system calls and single system call according to the testing engineers'reqirements. Based on these pratices, the key technologies to implement the secure OS and its automatic testing were studied in this papar.The main creation of my work is the MAC targeted automatic testing system. There is still a long way to complete the automatic testing system of the entire OS. |
PDF Full Text Request