| Operating system security is an import aspect of information security. Access control technology is very import for information security, as an import factor of operation system security. Current access control strategies are always designed to fit certain security goals, while security demand of information system typically is multifaceted, so, it’s difficult for single access control strategy to meet security requirements. Access control framework is an important research area, which allows multiple security strategies coordinate work together. Currently, there are GFAC, Flask and LSM etc, that are being used widely, and of which, LSM is becoming a most import research area because of its advantage of lightweight generalduty and so on.LSM allows multi access control strategies to be loaded into system like a stack as security modules, although it doesn’t provide any strategy itself. LSM guarantees system secuiry by inserting security fields into key data struct of system kernel which store security information and inserting hook functions before system calls which are implemented by certain security modules and called before system calls to judge the security information stored in security fields. But LSM is flawed. Firstly, only one security module is allowed by security fields to be loaded to LSM, and only through the first loaded module,can other multi modules be loaded to LSM; Secondly, LSM is unable to synthesize results returned by security modules and only through the first loaded security module, can LSM finish that process.This paper researches principle and shortage of multi security modules for LSM, and implementates a module named LEM. LEM expands security fields, multi-module management and security decision, which makes LSM more complete on safty. Paper also tests the performance of LEM module and give an improvement. |
PDF Full Text Request