Hic: The Design And Implementation Of A Hybrid Integrity Control

Along with the fast development of computer applications, security problem in information field is becoming worse. Software developers realize that the integrity of operating system (OS) is very important. And data losing and hostile code attack are examples of destroy of OS integrity. Many integrity control models of OS have been proposed presently, and many integrity control mechanism have been implemented based on those models. However, there are still some problems when being put in practical applications. For instance, the language to configure policies of integrity control mechanisms in Linux is very complex and difficult to use, and the existing OS integrity access control mechanisms aren't fine grained and don't mix different policies together.Against these shortages, this paper proposed a Hybrid Integrity Control (HIC) which consisted of integrity level, domain and integrity access control list. HIC aimed at default security, simple language to configure, ease of use and fine-grained access control.First of all, this paper introduced the need of OS integrity control and basic situations of this work. And then it researched and analyzed many OS integrity control models and mechanisms in domestic and overseas so as to analyze the strengths and weaknesses which provided abundantly academic and technical background.And then this paper designed the model integrity access control and mechanism of HIC in detail. In this part, the paper designed the policies of integrity access control and some default configurations by formalizing HIC model.Afterwards, this paper implemented HIC as integrity control subsystem complying with Linux Security Module (LSM) frame based on HIC model. Besides that, this paper implemented some utilities outside kernel so as to configure HIC policy.At last, this paper tested the performance of OS with and without HIC module by using UnixBench, and then it discussed system performance overhead by analyzing testing data. In the end, this paper constructed a web forum with security vulnerabilities by using Apache, MySQL and PHPwind. With that, it tested and verified the expectant functions of HIC module by preventing network attack.