| With the development of information technology and the widespread application of internet, information system is playing an important role in human society. As operating system is the base of information system, and manages the computer resources directly, the security of operating system is the base of the security of information system. SELinux sub-system can enforce a policy based on robust Mandatory Acess Control and provide flexible secturity policy configuration, which ensure the overall system security. As a result, SELinux is good reference for us to research and develop security independent operating systems. In particular, the complicated policy configuration limited the widely used of SELinux in some degree. Therefore, this paper does some research on the SELinux security policy configuration as well as automic analysis method about the integrity and effectiveness of the policy.The reference policy structure has been selected as the basic research object to analyse SELinux security policy in this paper. Firstly, access control mechanism, system security architecture and policy description language are introduced. SELinux security policy analysis methods of access control space, information flow and colored Petri nets are discussed. On this basis, the access control space analysis method and information flow analysis method are seclected as the basic method of integrity and effectiveness analysis, respectively, building and improving the security policy automatic analysis prototype. At the same time, we design the student-teacher system, and use its security policy configuration module as the case to test the analysis method and prototype. The test results are nearly satisfactory.Finally, the existed issues in the research procedure are summed up and the further work directions are pointed out to improve the analysis method for SELinux security policy. |
PDF Full Text Request