Font Size: a A A

Research And Implementation Of Enhanced Access Control Technology Based On Linux

Posted on:2009-11-29Degree:MasterType:Thesis
Country:ChinaCandidate:L WangFull Text:PDF
GTID:2178360278480788Subject:Military Equipment
Abstract/Summary:
The security of Operating System is the footstone and key part of computer information system,and access control is the main component of Operating System securiry,consequently,the research on secure Operating System is mainly focused on access control enhancement.In this paper,we mainly discuss the research and implementation of enhanced access control technology of Linux Operating System,the main contributions and innovations are summarized as follows:1.The research results of access control field from the sixties of the twentieth century are summarized,the principle and technology of access control is analyzed, the limitations exist in access control mechanism is pointed out, the provement of support access control developing is expounded, after that we research LKM mechanism in depth and analyze LSM framework and Flask architecture in detail.2.Present a new modified model based on the flaws exist in BLP and its modified model by introducing in a medial judge value and separating the read and write sensitive label of subject into discrete parts according to its problems, in this way,the highest level of write up and the lowest level of read down can be confined, the problem of unreasonable dynamic change of subject's sensitive lable can be solved, the leakiness of sensitive information can be prevented and the validity of security policy can be assured. Then the designing scheme,rules description,the correctness provement and the security analyzing are given out,at last a compound security policy by combining SABLP model and DTE model is implemented.3.This paper studied the theory and technology about mandatory access control, and base on the characteristic of supporting multiple dynamic policies and separating access control into decision part and enforcement part in Flask architecture and the standard programming interface and modularized implementing method of LSM framework,I have designed and implemented an enhanced access control system named LBEACS which is of portable,fine-grained and high security. The enhanced system is implemented on the technology of LKM, It is developed with placing "hooks" in system calls relate with security,which will dynamic capture the access request in kernel and make a decision whether the request operation can be executed according to the access control policies made by secure administrator.The result of test reveals that LBEACS does little effect to the overall performance of Linux, so it improved the protection of the system resource and the security of Linux Operating System.
Keywords/Search Tags:access control mechanism, LKM, Flask architechture, LSM framework, hook function
Related items