首页 | 本学科首页   官方微博 | 高级检索  
     

安全Linux内核安全功能的设计与实现
引用本文:石文昌,孙玉芳,梁洪亮,张相锋,赵庆松,单智勇.安全Linux内核安全功能的设计与实现[J].计算机研究与发展,2001,38(10):1255-1261.
作者姓名:石文昌  孙玉芳  梁洪亮  张相锋  赵庆松  单智勇
作者单位:北京中科红旗软件技术有限公司
基金项目:国家“八六三”高技术研究发展计划项目 ( 863-30 6-ZD12 -14 -2 ),国家自然科学基金项目 ( 60 0 730 2 2 ),中国科学院知识创新工 程项目 ( KGCX1-0 9)资助
摘    要:CC标准是一个新的国际标准,由于缺乏可借鉴的范例,开发符合CC标准 的安全操作系统是一项挑战性的工作。借助一项研究实验结合中国安全保护等级划分准则等3条款,讨论了安全Linux内核安全功能在CC框架下的设计与实现问题,通过CC功能需求组件给出安全功能的定义,从系统结构和安全模型方面讨论安全功能的实现方法,并测算安全机制产生的性能负面影响。研究表明,中国国家标准的要求可以通过CC标准进行描述。最后,还指出了安全操作系统进一步的研究方向。

关 键 词:Linux  安全功能  安全评价标准  内核  操作系统  计算机

DESIGN AND IMPLEMENTATION OF SECURE LINUX KERNEL SECURITY FUNCTIONS
SHI Wen Chang,SUN Yu Fang,LIANG Hong Liang,ZHANG Xiang Feng,ZHAO Qing Song,and SHAN Zhi Yong.DESIGN AND IMPLEMENTATION OF SECURE LINUX KERNEL SECURITY FUNCTIONS[J].Journal of Computer Research and Development,2001,38(10):1255-1261.
Authors:SHI Wen Chang  SUN Yu Fang  LIANG Hong Liang  ZHANG Xiang Feng  ZHAO Qing Song  and SHAN Zhi Yong
Abstract:The Common Criteria (CC) was adopted as the international standard for information security evaluation in July 1999. The newness of the CC and the lack of experiences in its application throw great challenge to the development of secure operating systems with conformance to the CC philosophy. Based on a research experiment, the design and implementation of kernel security functions for a secure Linux system named RS Linux are discussed with intention to capture some fundamental CC concepts. The clauses for a third level system of the China Classified Criteria for Security (CCCS) are taken into consideration in determining the security functions. The definition of the security functions is presented in the form of the CC security functional requirement components. The instantiation of the security functions is stated from the aspects of the security support architecture and the security models interpretation in a Linux system. An empirical means is given to estimate the negative impact of RS Linux security mechanisms on the system performance. Research shows that demands of the CCCS can be described completely with constructs provided in the CC. A direction of further research on secure operating systems is pointed out at the end of the paper.
Keywords:secure operating system  Linux  security function  security evaluation criteria
本文献已被 CNKI 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号