Research On Automatic Generation Mechanism For Security Policy Based On Trusted Computing

With the development of network and computer technology, informationtechnology benefits the whole society greatly.However,computer system securitymeet serious challenges at the same time.The operating system holds the resources ofcomputer system,controlling the operating of the whole system.It provides the userswith aceess.It’s also the base of software.Thus,the operating system is the base of thecomputer system security.The security policy determines the specific securityfunctions of the secure operating system. The TCSEC (Trusted Computer SystemEvaluation Criteria) standard and our country’s Level protection standards claimsecurity policy model which is based on multi-level mandatory access controlmechanism.At present, the SELinux system used in the Linux environment is basedon the DTE model,and can support multi-level security policy model. But all kindsof security policy model exists problems during the configuration process,like PolicyConfiguration methodological difficulties，Strategic security is difficult to judge，Affect the application of normal operation and so on.This topic research is based on a level four character of security operatingsystem environment. Basis of digesting and absorbing the latest researchachievements of the current security policy model at home and abroad, the authorproposes a security policy automatically generated mechanism. The mechanism formulti-level security policy model and DTE model as the security policyframework.With an initial set of security policies according to the system securitypolicy and application requirements, repeated test application operation and attacktest process. Gets the repeated test and attack test‘s results through the systemaudit mechanism, and conducts automatic analysis. According to the analysisresults to adjust the strategy, in order to generate not only ensure applicationavailability, but also effectively resist the attacks of security policy, to solve theproblem of security policy configuration.In this dissertation,using Debian5.0Linux operating system as a platform andbased on kernel version2.6, do some security policy configuration and generation toachieve the security needs for Grade Four protection system.so first is a briefintroduction of the technology of the access control at home and abroad, andintroduce some security model, such as the BLP security model, Biba security model,also introduce the role based access control model and DTE access control model. Inorder to put the security policy design comprehensively, this dissertation also introduces and analyzes the related contents about SELinux mandatory accesscontrol mechanism,mainly include the security architecture and security policymodel,and then make a brief introduction to the strength and weakness.In view ofthese models in the open network environment applications exist some shortcomings,combined with the technology of multilevel security policy model, this dissertationintroduced the research of trusted computing technology to enhance securityoperating system, apply the security policy and implementation methods to thedevelopment of the actual secure operating system,and test operation, to develop apractical support trusted strategy for multiple security.