Research On Access Control In Security Linux

With the development of computer science and communication technology, information security is becoming more and more important, and the security of operating system is very necessary for computer security. Linux is gained free source code and can be analysed, amended, added with new functions with the help of Free Software Foundation. The development of international free software provides a good opportunity for development of our country system software of our own. It is of great importance to make Linux secure operating system as a prototype come true by holding the opportunity.The access control is one of the most important characteristics in the secure operating system. The security of existing Linux operating system can not satisfy with the actual need in the high secure situation, such as excessive thickness of discretionary access control jurisdiction's granularity, which cannot effectively prevent attacks from "the Trojan horse", and lacks flexibility of access control. In order to strengthen security rank of the Linux operating system, this paper conducts research and improvement in the Linux kernel from these two aspects, Discretionary Access Control and Role Based Access Control, through analysis and research on the current domestic and foreign secure operating system technology.Main contents:①Analyse the basic idea of Discretionary Access Control and the most commonly used Discretionary Access Control mechanisms, and based on Access Control List and Capability List.②Introduce the core thought of RBAC model and the classics RBAC96 model family, and emphasis on the basic model RBAC0, role hierarchical structural model RBAC1, restrictive model RBAC2 and merge model RBAC3.③Propose design idea and the realizing goal of access control to the security Linux, and designs the overall framework structure which is based on Flask system structure and LSM access control framework. Then, making the improvement to the Discretionary Access Control, namely extended the existing Linux access control list. On this foundation, the paper designs the discretionary access control overall framework and the security check Algorithm. Finally, the paper implements a loadable ACL module with the hooks inserted into kernel by the Linux Security Module (LSM) for the extended permission, and provides control console command, and enhances usability of the discretionary access control mechanism.④However, these frameworks can not be understood well by system developers because the models are too abstract or focus on application-oriented solutions. This paper makes the improvement to RBAC3 model in RBAC96 model family, and extends the concept of"session", and introduces "active role", achieves the access control module, the strategy implementation module and the strategy engine module and finally produces the module interface for easily implement for development.⑤Testing task is done with performance of the discretionary access control and based on the role access control, the testing indicated that in this paper improving the access control not only enhances the system security of the existing Linux system, but also brings little loss to the system performance and meets the needs of the high secure.