| The security technology of operation system is the low level foundation to resolve security problem of computer system. But the research is a process moving from military area to commercial area, so at present, domestic research have not enough items on the security OS architecture for primary commercial using. With the fast development of network technique and with the emergence of diversification security threats, traditional design theory and structure of security OS can't solve the secure problems in actual world. In this paper, security OS, secure enhanced technology and its prototype are studied. Based on these knowledge,distributed architecture of security OS is the point content to be presented.First, security problems faced by mainstream OS that haven't enhanced security mechanism are analyzed in detail, and the limit of traditional design theory is concluded too. Then, it is useful to introduce mostly evaluation criteria and security model, which guide the design of secure OS; Deep study to the primary security techniques is the following work. Whereafter, I parse the architecture of overseas typical prototype Flask/Fluke and research the security operation system SELinux that is published recently and its source code is free as well. Lastly, I thorough study the main security technology of security OS include discretionary access control and mandatory access control,security kernel technic and its layering design method and loop separate design method. Secure attribute and its revoke mechanism and the implement of security policy are deep studied too.This paper points on the distributed architecture. Upon the based of Flask/Fluke and LSM security common framework and according to the theory of composite security model, the idea to extend traditional architecture of security OS is suggested; To prevent illegal activity in network, layering access control model should bind with the structure of protocol such as TCP/IP and should use agent to mediate access from "distrust" hosts. This paper puts forth distribute architecture of security OS based on security agent; Traditional reference monitor should expands its operational scope. And the bound of large imaginary resource is given; Structure of agent and the logic structure of layering access control mechanism are designed. The layered access control is a component of agent. This architecture makes the security OS can develop the larger effect under distribute network environment. Article finally summarizes all research work and indicates orientation of next step. |
PDF Full Text Request