Cbac:The Research Of A Cryptography Based Access Control Mechanism

In the age of information, along with the fast development of personal computer and internet, security problem caused by interconnect is becoming worse and worse. More and more people in the academic circles and industry realized the significance of operating system security. The leak of personal information and key data demonstrated that the confidentiality of OS security was broken. Confidentiality is so important that many confidentiality control mechanism have been proposed and implemented based on security OS. For expample, the linux security OS has provided many kinds of security strategy and mechanism. These strategy and mecanism are developed and maintaind by programmers all over the world. However, there are still some problems when refering to practical applications. For instance, the language to configure policies and control mechanisms in Linux are very complex and difficult to use; the existing mandatory access control mechanisms aren't fine grained and costed a lot; Besides they can't mix with other security policies .Inresprect to all problems above, this paper proposed a Cryptography Based Access Control mechanism . CBAC defined how a subject might access an object by the specific key. It's language to configure is simple and can be easily used and it also achieved fine-grained access control.At first, this paper introduced the history of OS security and the essentiality of developing security OS and mainly analysised the current security mechanism and access control model in linux. Based of this, analysised the advantadge and disadvantage of current model so as to provide abundant theory background.Secondly , accoding to the existing security technology this paper designed the new mandatory access control model and mechanism of CBAC in detail and gives the implementation policies. In this part, the paper designed and described the flowsheet about how a subject may access an object in CBAC mechanism. In this part, it also include the method of multiple level security.Afterwards, based on the CBAC strategy and mechanism this paper realized the CBAC model in linux. There are two major component in this part: first, insert the key into the linux kernel by pam model; second, build the CBAC module with lsm and make full use of kernel key. At the end of this chapter it provided some default configuration for the model initialization.At last, Compared with other mechanism, we tested the performance of CBAC in linux, analysised the effect,advantage and disadvantage of CBAC . Also, we provided the improve method for the futher studying.