Research And Improvement Of MAC For Windows

Security of computer is always a hot topic .Network security is more important point,lots of mature technology are proposed,such as network monitoring,package filtering and so on.However,the system is the casualty of Network security problems,so system security is the root of protecting devices and information. Rearchering the security problems based on the computer system becomes more important.Now,linux using as a sever often has owned its security edition:selinux(security linux).It adopts flask frame basing on mac,and implements multi levels strategy and different modles mechanism.For windows operating syetem,the same modle is also proposed later,such as Windows Access-control Enforcement Facility Framework(WAEF),which implements the access-control of system resources basing on hook mechanism that windows owning.This paper proposed a enhanced design framework and improved stability , compatibility,efficiency of the system ,by reeareching on mac and the characteristics of windows operating system.The major research and work of this paper is below down:(1) researching and analysing access-control mechanism of several different types operating syetems.Selinux has improved on several systems,by analysing the characteristics of linux and researching about the mac mechanism,for example, Fedora,Red Hat Enterprise Linux ,Debian and so on.However,for windows operating system,mac mechanism is not attached importance to,because windows is not a open-source operating system,so that implementing of mac only relys on some technology supplying by microsoft,such as Hook mechanism.But dac can't protect the security of the information of windows,only relying on other softwares to finish it,so we have to spend a lot of time researching in the syetem security.(2) proposing a enhanced design for windows syetem security access-control farmework.This paper proposed some enhanced designs on process,file and network,by studying by Windows Access-control Enforcement Facility Framework(WAEF) . As the same time,this paper also advanced a new framework named WEAEF(Windows Enhanced Access-control Enforcement Facility Framework).(3) implementing advanced framework.First of all,this paper predigests the whole framework,and breaks it into two small modles so as to improve the stability of the system.Then,this paper adopts bidirectional chain to store the sid of process,and distinguishs file and directory,and advances the disposal of network socket to implement the new WEAEF.(4) analysing the stability and compatibility and so on.Running WEAEF repeatedly to test the stability,installing in differrent syetems to test compatibility,counting the times of access database to test performance.The experiments shows that advanced edition WEAEF is more excellent on the stability , compatibility and performance.