Research Of The Mandatory Integrity Control Mixed Biba With TE Policy

Integrity is the credibility of the datas or resources, which is one of the three basicpoints of the information security, and also one of the three elements of the operatingsystem security service. Along with the computer and network application of rapidgrowth, problems become more and more serious in the field of information security.Network intrusion, malicious software, and user errors can lead to the destruction ofdata integrity. An operating system, as the most important part to ensure the normaloperation of information systems, faces with more and more threats. People should paymuch more attention to protect the integrity of systems and data.At present, some integrity control models and mechanisms to realize data integrityprotection have been proposed, improved, and widely used on varieties of secureoperating systems. However, there are still some problems and shortcomings inpractical application, such as over strict integrity level of the subject and object, limitedcompatibility and usability, unauthenticated trusted subjects, coarse-grained accesscontrol.In view of the above problems, this paper proposes a mandatory integrity control(MICBiTE), which mixed Biba with TE (Type Enforcement) policy. With MICBiTE,the integrity control is carried out based on Biba Strict Integrity Policy and the accesspermissions and access ranges of subjects are confined through TE policy. Theadvantages of MICBITE are good compatibility and usability, and fine-grained accesscontrol.First of all, the paper discusses the necessity of integrity control in operatingsystems and the significance of the project. The existing integrity control models andmechanisms are given an introduction and their advantages and problems are analyzed.These provide abundant theoretical basis and technical background for this topic.Second, according to the existing integrity control policy and access controlmechanism, this paper proposes a new mandatory integrity control mechanism anddesigns it detailly.And then, based on the analysis of the SELinux (Security-Enhanced Linux)mandatory access control mechanism, the MICBiTE model and mechanism is designedand implemented in SELinux platform, and also an example policy is provided.At last, the performance overhead is tesed and the security is analyzed. In addition,MICBiTE applied in a web server is exemplified.