Research Of Interactive Access Control Of Operating System

With the widely use of Internet in the manufacture and our daily life, the information network system are facing more and more ordeal. The intrusion attacks are endless, and the loopholes of the operating system and application programs are the primary way to attack the system by the attacker. Because the design of the security issues of the application program are controlled by them, so the operating system is going to take the responsibility of in charge of the security. The general way to attack the operating system is to obtain the privilege of the user by making use of some loopholes of the system. The next step is to plant some back door to the system. But the ultimate goal is to steal the important documents of the system. This paper is here to make sure that the important documents will never be leaked even the user's privilege is stolen by controlling the access of the documents.The mechanisms of access control on security operating system are designed to solve the following problems. The access control should be real-time which can let the user adjust the access control policy according to the result of the access control system. The simplification and efficiency of the code are needed; Based on the enhanced security system, we want to make sure that the documents specified by the user will never be malicious theft stolen even the privilege of the user is stolen.; We should not take the coarse-grained mechanism on access control of network system. Not only base on IP policy, but also make use of the specific policy according to the different protocol to make sure the pertinence of the access control.This thesis focuses on research on access control mechanism of operating system. It presents an interactive access control method to make sure the security of the system. Its contributions and novelties are mainly in the following aspects:1) We present a programmable access control model to assure the user can control the system in real-time.2) We present an enhanced access control method to deal with the problem of file system. We have the policy of adding the access control method of authenticating the integrity of the program file to ensure that even the malicious user rights inthe case of theft, and ensure file system access control mechanisms robust.3) We present a different access control method for specific application-levelprotocol to deal with network access control system, enabling users to usedifferent policies to deal with different types of protocols.