| With the development of information technology, computers and internet have been playing more and more important role in our life. The security of Operation System (OS) is the key part of information security infrastrutures. Without a secure OS, the security of database, network and other applications can not be ensured.This thesis first introduces the research and developing process of secure Operation System (OS), all kinds of security models and the main evaluation standards; then analyzes the security-related kernel structure, subjects and resources of Linux OS. It does some research about the security mechanism.There are three mile-stones in the research of the system's security policy, including single security policy, multiple security policies and dynamic multiple security policies. GFAC (Generalized Framework for Access Control) is the important research achievement, while Flask is the representative of dynamic multiple security. The paper introduces and researches the design principle and implementation of the GFAC and Flask.In the research and development field of multiple security policies, Linux Security Module (LSM) is very important, for its special design and implementation method. Before LSM, most of the frameworks support multiple security policies through Linux loadable kernel modules. In order to support a new security policy or remove an existing policy, the user needs to compile the whole Linux kernel. LSM supports the adding or removing of security policies in the form of kernel module with the least effect to the system. The design principle, system architecture and enforcement of LSM are illustrated in the paper. To realize the function of POSIX.1e Capabilities, LSM provides an independent module.Based on the understanding of the principle of the major multi-policy supporting frameworks and Metapolicies mechanism, the thesis designs the Metapolicies Multi-policy Consistence Supporting System. Different from the traditional framework that supports multiple... |
PDF Full Text Request