Lsm-based Security Mechanism

Posted on:2007-09-12

Degree:Master

Type:Thesis

Country:China

Candidate:B Lai

Full Text:PDF

GTID:2208360182978660

Subject:Computer software and theory

Abstract/Summary:

PDF Full Text Request

Today more and more enterprises want to provide corporation users with the unified access entry for the information resource and build unified, role-based and individual information access platforms by establishing enterprise layer single sign-on system and safe protection system. With the single sign-on function, users could access different application systems based on relevant rules via once login which enhances system's security and stability. Under the above background, after researching into the security actuality of Linux operation system, the paper point out that, at one hand, people are attaching importance to implementation of unified authentication and single sign-on with any other kinds of operation systems etc. At the other hand, linux's traditional Discretionary Access Control (DAC) can not satisfy people's desire for centralized management of access control, A new access control need to be introduced to Linux operation system.With modularization design, PAM framework allows for new authentication technologies to be plugged-in. PAM separates applications from special authentication mechanism and thus the system doesn't need to modify the application to change authentication mechanism .To do this ,the administrator only need to configure the authentication module, which enhances the authentication mechanism's flexibility and commonability. Users can load third-party PAM authentication service modules to change identity authentication mechanism. The paper describes in detail how to design and carry out a third-party PAM authentication module to replace original module and thus Linux single sign-on function is implemented.Otherwise, Linux's discretionary access control (DAC) mechanism has obvious weaknesses, such as coarse-grained access control etc. The Linux Security Modules (LSM) itself doesn't provide any security policy, but provides a general access control framework for security modules and the security policy is implemented by security modules. The implementation brings neither obvious losses nor extra system performance overhead to Linux operation system. The paper describes in detail how to designs and carry out a role-based access control (RBAC) mechanism to implement centralized management of access control.

Keywords/Search Tags:

Single Sign-on, Identity Authentication, Pluggable Authentication Module (PAM), Access Control, Linux Security Module (LSM)

PDF Full Text Request

Related items

1	The Research And Design Of The EISSP Identity Authentication Platform
2	Design And Implement Of The New Architecture Of Unified Identity Authentication System In The CERNET
3	Application Research Of The Java Authentication And Authorization Service
4	Uniform Identity Authentication System Design And Implementation
5	The Research Of Enterprise's Network Authentication Platform
6	The Design And Implementation Of Multi-Domain Single Sign-on System
7	Research And Implementation Of Unified Identity Authentication In Multiple Information Systems
8	Study And Design Of Identity Authentication System
9	Research And Application Of The Key Technology Of CAS-based Single Sign-On
10	Unified Security Authentication Platform Design And Implementation