| The secure operating system is the base of operation system security, and access control is a significant secure mechanism of operating system. Process Based Access Control is proposed for the purpose of enhancing the secure of current operation system, its rudiment is according to the role of process, the process privilege is assigned and managed in more detail. It enhances information confidentiality, integrity and controllability, and reduces the malicious code threat to the computer system.The thesis overview the DAC, MAC, RBAC theory, and analyze their mechanism respectively, research the Flask, GFAC and LSM execution. Then, giving the design and accomplishment of PBAC in SoftOS v1.2 service security operating system.Main achievements include: first, comparing with DAC and MAC, analyzing PBAC in detailed. Second, a formalization description about server system access control model in kernel 2.6.x is given. Third, designing PBAC model under LSM, dividing it into access rule module, security authorize module and access decide module, introducing the though of refuse access, which can bring down the module's occupancy. Fourth, accomplishing the modules above and the hook function in LSM. Fifth, designing initialization and cancel functions, which can make PBAC load into kernel as security module. |
PDF Full Text Request