File system is a vital import component in the operating system, which is the base of running programs. So file system security is the base of computer system security.Current security enhanced file systems just focus on enhancing security from one aspect, so leave security flaw in another. For example, SELinux(Security-Enhanced Linux) emphasize enhancing access control, insure virtual file system layer security, but have no security measure for file data in physical medium. And encryption file systems emphasize encrypting file data in the physical medium, insure physical layer security, but only have weak access control mechanism, is vulnerable to be intruded.Base on the insufficiency and security flaws of current security file systems, a new security file system is proposed and implemented by extending LSM(Linux Security Module)Framework in the paper, which can afford not only Mandatory Access Control mechanism, but also transparent file data encryption & decryption and file log recording. This new security file system integrates access control, data encryption & decryption and log recording of current security file systems, enhances file system security form many aspects and many layers, builds file system security from physical layer to virtual file system layer. |