Research On Key Technologies Of High Level Secure Operating System

With the development of e-commerce and online payment, people pay more and more attention to the safety of the operating system. However, the virus of variation and the attacks of the hacker makes impairment loss of people. Therefore, it has important significance to research the key technologies for developing high level secure system.First, the reverent theory is analyzed about the key technologies for developing high level system. According to the six kinds of security requirement for system, three class of computer security evaluation criteria is researched. And then, on the base of analysis for the fourth level of GB17859-1999, not only the access control model is studied for protecting the confidentiality and integrity of information, but also the Linux security module is researched.Second, the key technology of security tags under Linux is researched to develop high level security operating system. According to the analysis of MIS model, TE model and RBAC model, the design of those security tags such as task, superblock, et al. is researched with the help of analysis for Linux kernel objects and Linux hook function. This paper not only discuss the realization of static security tags of task, super block, entry and inode, but also analyze the realization of dynamic security tags of those kernel objects.Third, the key technology of realization of access control model is discussed according to the security requirement for security model of fourth level of GB17859-1999. An improved Biba model based on trusted computing is proposed with the analyses of Biba model. The confidence interval is introduced to denote the infected subject. The integrity level is adjusted according to the result of subject measurement after the operation. Then the theorem of closed interval is adopted to approach the accurate integrity level. The model slows down the decline rate of integrity level of subject and prolongs the system life time. In addition, the realization of TE model and the improved Biba model is discussed. An experiment about the security of TE model is make, and the comparison between low-water-mark policy of Biba model and the improved modelis make to prove the advantages of the improved model. These research and experiment makes the security property of system on the fourth level of GB17859-1999.Finally, the security audit technology is explored based on the security requirement about audit of fifth level of GB17859-1999. The audit content size, the audit method and the location of the audit content collection module is analyzed mainly, and the communication module and the log record module is researched. These make the security property of system above the fourth level of GB17859-1999.