一个安全标记公共框架的设计与实现

标记是实现多级安全系统的基础,实施强制访问控制的前提.如何确定和实现标记功能并使其支持多种安全政策是研究的目的.提出了一个安全标记公共框架,该框架基于静态客体标记和动态主体标记,引入了访问历史的概念,并给出了一个完备的标记函数集合.基于此框架,既可以实施多等级保密性安全政策,又可以实施多等级完整性安全政策.该框架在一个基于Linux的安全操作系统中的实现结果表明,基于该框架的安全系统在保证安全性的同时,还具有相当的灵活性和实用性.

Design and Implementation of a Security Label Common Framework

Labels are the foundation for implementing multilevel systems and the prerequisite of enforcing mandatory access control in secure systems. How to define and enforce label functions which support multiple security policies is the focus here. A security label common framework (SLCF) based on static object label and dynamic subject label is put forward. SLCF introduces the notation of access history and provides a complete label funtions set. Based on SLCF, both multilevel confidential policy and multilevel integrity policy can be expressed and enforced. SLCF is implemented in a secure operating system based on Linux, the experimental results show that the system based on SLCF is flexible and practicable.