Research On Selinux Confidentiality Detection Model And Algorithm Based On Path Conversion

For an operating system,the confidentiality of the system directly determines the security of the files in the system.As the manager of all the resources in the computer,the security of the operating system directly determines the security of the information system.In SELinux system,the security of the system is guaranteed by enforcing the mandatory access control rules.However,due to the complexity of its security policy configuration,the system security administrator cannot get the relevant information elements from the security policy file,and it is difficult to manage the security policy effectively.If it is directly checked by manual work,the workload is too large.In order to solve this problem,it is necessary to intuitively display the relevant information of the security policy to the system security administrator,and prompt the possible rules in the system to destroy the confidentiality of the system.This thesis takes the detection of confidentiality leakage rules in the SELinux system security policy file as the main goal.First,the SELinux system security policy is analyzed,and a policy source file parsing tool is designed to solve the problem of poor readability and complexity of security policy statements.Then,combined with the type conversion rules in the system,a confidentiality detection method based on type conversion path is proposed,and then a confidentiality detection algorithm based on the BLP security model is designed according to the model,which realizes the SELinux system the detection of the security policy configuration in the internal security policy source file that may destroy the confidentiality of the system.In the end of this thesis,the security policy source file in SELinux system is used as a test case to implement the confidentiality detection in this paper.Through this prototype,the security policy in the system can be intuitively presented to the system security administrator,the detection of different types of transformation paths in the system is realized,and good confidentiality detection effect is demonstrated when compared with the traditional BLP model and DBLP model.