| With the development of information technology and the widespread application of internet,information system is playing an important role in human society.Furthermore, operating system is the base of information system,and also manages the computer resources directly,so the security of operating system is the base of the security of information system.Associated with other companies,NSA has developed the Linux security enhanced module(SELinux) which could implement the MAC(Mandatory Access Control) efficiently to ensure the security of the system.However,the configuration and management of security policies are so hard that they became the block of the popularity of SELinux.So it is really need to construct an automatic or semiautomatic tool to help the administrator to analyze the security consistency of policies.The main target of this paper is to study how to analyze the hole of security policies automatically or semi automatically.Against the bad readability of policy language and huge number of complicated policies,this paper describes a method of analyzing security policies based on analyzing Linux access control mechanism. Analyzing the possible integrity violations exist in policies according to the idea of Biba model,RBAC model and TE model.To achieve this goal,a tool to analyzing security policies is designed and implemented,it extracts the information of subjects and objects, correlative permissions of security policies and it analyzes relationships among security information.Then access control space is constructed for each subject to analyze holes in security policies and some results are computed for administrator to simplify the management of security policies and improve the validity of security policies.Finally,the prototype is tested and related results are analyzed while further research directions are summarized. |
PDF Full Text Request