Access Control Security Researching And Realizing Based On Linux System

In the aspect of the operating system security, the access to control is extremely important; its function is that it can control the visiting jurisdiction from subject to the object by the demonstration, thus preventing the illegal visit, the interpolation and the other illegal operations.This article carries on the summary to the research of access control at present; the Discretionary Access Control and the Useage Contorl Model which is called"the next generation access control"will be emphatically researched.The main research work of this paper is as follows:(1) Research on discretionary access control: It has analyzed the discretionary access control research condition, it points out the existing discretionary access control model existence insufficiency, and aims at improving these insufficiencies , it also proposes one kind of perfect discretionary access control model - period discretionary access control tree model (PDACDTM).Not only PDACDTM has introduced the period, but also it proposes the delegation tree model for the permission delegation. Through the delegation depth, the delegation breadth limits the dissemination of the delegation permission. Meanwhile, it's supported complex permission delegation. PDACDTM used structure tree to depict the spread of permission delegation, that makes the relationship of delegation more clearly, comprehensive, flexible and more easily to be maintain. At the same time, we also described how to implement the PDACDTM in Linux kernel and ACL Library elaborated.(2) Research on useage control: it introduces and analyzes the Useage Control Model (UCOM) and the research condition. In this paper, based on the analysis of traditional access control we have introduced an new mode—C_UCON, which based on the UCON and has the ability to judge the character of accessing. By the way of introducing assure obligations, unsure obligations, assure conditions, unsure conditions, characters and active rules to make the C_UCON has the ability to judge accessing subjectively, thereby it can reduce or exclude those threats form the illegal users who has permission. Finally, we take an example to prove the validity of C_UCON.