A Multi-level Security Container Mechanism Based On Lightweight Virtualization Environment

The multi-level security mechanism is always used in military affairs,government,national defense and the areas need to be classified by security.This mechanism allows users at different security-level to find the corresponding information,which offers a very effective way to control information access.Traditional multi-level security mechanism which has finally been proved to be not practical usually has a high requirement in hardware and software,depends on security of operating system,and even needs to add additional equipment.In addition,with the development of a new virtualization technology,the research on multi-level security mechanism of the virtual environment has become more and more important.Therefore,this paper proposed 'Multi-level security container mechanism based on lightweiglht virtualization environment,based on the independence of characteristics of lightweight virtualization platform through comparing with the characteristics of traditional virtualization technology and lightweight virtualization technology based container.The main works are as follows.(1)The formal design of multi-level security container mechanism:based on the design of' multilevel security container,two core problems need to be solved are pointed out.One is how to define the subject and object in the system,and the other is how to develop the multi-level security policy according to the definition.In order to solve these problems,this paper proposes the multi-level security requirements for confidentiality based on literatures,and then defines the subject and object according to the system characteristics of the lightweight virtualization environment.Finally,this paper proposed the security policy of multi-level security mechanism.(2)The security analysis of multi-level security container mechanism:in order to ensure the correctness of the security policy and improve the user's confidence level at the same time,this paper has verified that the multi-level security policy satisfy the definition of multi-level security requirements for confidentiality.(3)The realizability analysis of multi-level security container mechanism:the basic technology and implementation scheme of the mechanism are put forward.Then this paper has analyzed the realizability of multi-level security container mechanism by using formalized methods.Finally,the realization of multi-level security container mechanism was presented.The multi-level secure container mechanism has solved the problem of poor feasibility of the traditional multilevel security mechanism and can be directly applied to the majority of commercial systems.This method achieves the distribution of security level based on the container as the basic unit.It can provide more fine-grained and precise multi-level security services,because of its tiny scale compared with the virtual machine.This method is simple to realize,can meet the requirement of different multi-level security and has a very strong practical significance.