Telecom Self-service Terminal Access Control Applied Research

Telecom self-service is the application of self-service in telecommunication industry.With the development of information technology, telecom self-service becomes more and more popular in network and more diversified in function, thus directly results in increasing threats to its security.The design of security in the telecom self-service system studied has not offered enough protection on self-service's terminal, which will cause whole system's secure problem.This thesis researches how to enhance the security of self-service terminal on an access control prospective.Two methods with different characteric are put forward to solve the problem.One method is to adopt exsisting SELinux control mechanism. In this method, a set of access control rules whose design is according to the features of terminal systems are applied to enhance the terminal's security.The results of tests and analysises prove that those rules can protect the terminals well.This method has many advantages but the design of rules is complicate and it wastes more storage.Another method which gets rid of the problems exsisting in the first method is to implement a modified BLP model with LSM mechnism.The BLP model are more often applied in military fields rather than for commercial use because it promises the confidentiality of the information,not the integrity of the information. But as self-service terminals, which are mainly interactive with background servers, the BLP model is proper. For the main function of terminals is interacting with host, not the storing of the data. But the BLP model has two major problems. One problem is that BLP model is not able to protect the integrity of the system security and fails to restrict covert channel effectively.The other problem is that the credible subject is not controlled by the *-property, which may cause damages of the system.Because of these problems, an improved BLP is adopted.Then based on comparisons and analysises of two mechanisms supporting security--SELinux and LSM, and with consideration to save the treaurable memory resources of telecom self-service terminals, LSM is selected to implement the access control model.