Research And Implement Of Operating System Access Control

Operating system security is the cornerstone of computer system security, access control mechanism has an important meaning for the operating system, but at present the majority of the operating system access control mechanisms are designed for a single system, and to implement access control mechanisms on other systems we need to re-implement it,which is a waste of a lot of work and makes the security configurations of different systems differs. The main objective of this paper is to design a access control system that can be applied to a number of operating systems, to avoid t duplication of efforts.This paper first describes the security threats to the operating system, security systems, basic theory and related systems. On this basis, this paper's work and the main characteristics are as follows:1. Research of the differences of operating systems, as well as platform-independent access control framework designAfter analysis, this paper argues that the difference between the operating system mainly concentrated in the operation set, the kernel object, the kernel API and different important system resources. This paper analyzes the Generalized Framework for Access Control (GFAC) and divides GFAC into operating system related / unrelated parts, and accordingly put forward a platform-independent framework for access control (PIFAC).2. The Design and Implementation of core security serverBased on PIFAC, with reference to the popular framework for the realization of access control, this paper designed a the core security server (CSS), CSS can be applied to multiple systems. CSS cache through the realization of a decision-making to achieve a dynamic multi-strategy support, using a combination of RBAC and TE of the security model,with highly configurability.3. SecRtem Embedded Security System Design and ImplementationSecRtems is security embedded real-time operating systems based on Rtems. Subject to SecRtems's file system the realization of its Discretionary Access Control mechanism only supports 8 users, 16 groups and access control 9Bit pattern. SecRtems implements a Multi-strategy Mandatory Access Control through the realization of a basic security model and expansion strategy, and supports dynamic strategy. The security module of SecRtems uses up to 50KB of memory, if the expansion of the mandatory access control model is not opened, it only needs 15KB of memory, in line with the needs of SecRtems.4. Linux, Windows System Security ReinforcementFor Linux system this paper use LSM framework to load CSS; Reference to the LSM ,our project team designs and implements windows access-control enforcement facility, referred to as WAEF, which monitoring the process, file, registry, IPC, such as operation and successfully load the CSS.