| With the development of computer networks,the security of application information is closely related to national security and personal privacy.The operating system provides an operating environment for application software,and its security features are crucial.Detecting security features is an important part of realizing a safe operating system.At present,the detection points of existing detection tools are all piecemeal,and most of them are performed manually by testers,which is inefficient and error-prone.Therefore,it is necessary to design a test tool for operating system applications to support security features.According to the requirements for application support in the existing national safety standards,the test items are divided into three categories: independent operating environment testing,application security protection mechanism testing and application interface support testing.The independent operating environment module includes the independence of local physical resources and the independence of accessing network resources.Determine the independence of local physical resources by observing whether the control group can control and separating the resources of the process or process group.The independence of accessing network resources includes the independence of network services and network ports.Set barrier points through Cyclic Barrier to enable multiple hosts to connect to a service at the same time to access object resources to see whether they affect each other and whether they affect the successful connection to determine the independence of network service connections;application security protection mechanism modules include Canary protection Mechanism,non-executable protection mechanism and address space layout randomization mechanism detection,from the two perspectives of security function detection and simulated attack bypassing the security mechanism.Use Linux’s delayed binding mechanism to obtain the corresponding address to construct the attack load.By attacking the payload to modify the return address of the function to achieve the goal of bypassing the security mechanism.Application interface support module includes audit interface and encryption interface detection.By detecting whether the audit system can generate audit information during normal use and generate alarm information during abnormal use to detect the support provided by the operating system to the audit interface;encryption interface detection is based on existing encryption algorithms,extended encryption algorithms,and keys and keys The ring is tested in three aspects.The operating system provides an encryption algorithm related API in the kernel,and loads the encryption interface call file to the kernel through modular programming to detect the encryption interface.The results of testing the Ubuntu operating system show that the testing tool can detect the security features supported by operating system applications,and basically achieve automated testing. |
PDF Full Text Request