| 安全操作系统中的安全管理增强功能 |
| |
| 引用本文: | 郭玮 茅兵 谢立. 安全操作系统中的安全管理增强功能[J]. 计算机科学, 2004, 31(1): 165-169 |
| |
| 作者姓名: | 郭玮 茅兵 谢立 |
| |
| 作者单位: | 南京大学计算机软件新技术国家重点实验室,南京,210093;南京大学计算机软件新技术国家重点实验室,南京,210093;南京大学计算机软件新技术国家重点实验室,南京,210093 |
| |
| 基金项目: | 国家863高科技项目基金(课题编号2001A144010,课题名称:基于Linux的操作系统安全增强技术的研究与开发) |
| |
| 摘 要: | 针对一般操作系统在自保护和管理控制机制薄弱方面的缺陷,本文介绍了由笔者等设计开发的一个基于特权分化模型PDM(Privilege—Divided Model),该模型依据最小特权原则,将原有系统中超级用户的特权集合加以细分,由多个管理员取代单个超级用户,同时采用了Capability机制和引进了Voting机制。最后介绍了在安全增强操作系统SoftOS上从管理层到核心层的特权细化实现工作。
|
| 关 键 词: | 安全操作系统 安全管理 分权 Capability |
Enhancement of Security Management in Security Operating System |
| |
| GUO-Wei MAO-Bing XIE-Li. Enhancement of Security Management in Security Operating System[J]. Computer Science, 2004, 31(1): 165-169 |
| |
| Authors: | GUO-Wei MAO-Bing XIE-Li |
| |
| Abstract: | The common operating systems have some shortcomings in self-protecting and control of management. In this paper, a Privilege-Divided Model (PDM) designed by the author and his collegues is introduced in detail. According as the Least-privirege principle,PDM divides the privilege set of the former super-user into fractions and substitute the single super-user as several manager. PDM also adopts the mechanism of Capability and Voting. The inplementation of privilege-divided from management layer to kernel layer in a security enhanced operating system SoftOS will also be presented. |
| |
| Keywords: | Operating system Security management Privilege-divided Capability |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
点击此处可从《计算机科学》下载全文 |
