基于本体的操作系统安全策略生成模型

随着操作系统安全问题增多，用户对于操作系统的安全需求不断涌现，但是目前能够将用户的安全需求转换成现有操作系统上可配置的安全策略的方法很少。通过建立安全属性和系统调用的匹配关系，将安全属性作为授权系统调用的约束，提出一种基于本体的面向目标的操作系统安全策略生成模型。该模型可支持以白名单形式描述的安全需求的细化，将安全分析者的经验加入到模型中，在推理机的支持下，帮助执行从用户安全需求到具体安全策略的推理，和安全策略一致性检测。具体应用案例说明了该方法的可行性。

Security policy generation model of operating system based on ontology

With the increase of operating system security problems, the user’s security requirements toward operating system are increasing constantly, but at present there are few methods to translate user’s security requirements into security policies of current security model. By establishing matching relationship between security attributes and system calls, the security attributes are used as the constraint of authorization in system. An ontology based goal oriented model for the security policy generation of operating system is proposed. The model can support the refinement of security requirements which are described in terms of the white-list, the experience of security analysts will be added to the model. And the translation between users’ security requirements and specific security policies, and the consistency of security policy can be drawn via an OWL reasoner. The feasibility of the method is illustrated by a concrete study case.