| The development of network and the spread of its application bring the frangibility and complexity to network, and presents higher requirements on Network Security protection. Currently, protection measures adopted for network security control mostly work in the application layer, which obviously can not satisfy these rigorous requirements. The security of network should rely on a variety of protection measures provided by the bottom layer of operating system. As a self-developed secure operating system, Galaxy Kylin has implemented a number of important security control mechanisms, and enhanced the system security in many respects. However, Kylin hasn't provide enough support for network security, thus it is urgent that new access control mechanisms should be added to fulfill network security control in Kylin.This thesis is doing a researh and comparison on access control techniques. The TE-based security strategy provides a fine-grained access control,which make it capable to accommodate the security principle of isolated access right and minimum privillege. This strategy is adopted in Kylin to support the network access control.This thesis makes a study of network access technique, proposes a network access control model which realizes the completeness of network access control.This thesis analyses the insuffiency of already-have TE module, and improves the Kylin TE security module for network access control; defines security classes and correlative permissions.Then it uses improved TE model to provide network access control and guarantee the validity of network access.At last, this thesis implements the security network access control in Kylin OS which is based on both the network access control model and the improved TE model. and has accomplished the completeness and validity of network access control in Kylin.The research is vital and practical. We realized the access control of the Galaxy Kylin network system, which greatly enhanced the security of the Kylin operating system. |
PDF Full Text Request