| 安全操作系统中的权能管理模型 |
| |
| 引用本文: | 龚育昌,吴明桥,张晔,朱建民. 安全操作系统中的权能管理模型[J]. 小型微型计算机系统, 2006, 27(1): 126-130 |
| |
| 作者姓名: | 龚育昌 吴明桥 张晔 朱建民 |
| |
| 作者单位: | 中国科学技术大学,计算机科学技术系,安徽,合肥,230027 |
| |
| 基金项目: | 中国科学院资助项目;安徽省自然科学基金 |
| |
| 摘 要: | 最小特权和责任分离原则要求安全操作系统能够提供细粒度的访问控制.基于权能的安全操作系统可以满足这种需求,但现有的权能管理模型不能同时解决权能控制的客体有限、权能撤销机制不够完善以及访问检查的速度太慢的问题.本文提出一种新的权能管理模型(GYC模型),较好的解决了上述三个问题.该模型已被应用到安全操作系统Minicore中,实验结果表明,与典型的Redell模型相比,GYC模型在整体性能上更好.
|
| 关 键 词: | 权限 权能 权能传播树 安全操作系统 |
| 文章编号: | 1000-1220(2006)01-0126-05 |
| 收稿时间: | 2004-08-03 |
| 修稿时间: | 2004-08-03 |
Capability Management Model in Capability-Based Secure Operating Systems |
| |
| GONG Yu-chang,WU Ming-qiao,ZHANG Ye,ZHU Jian-min. Capability Management Model in Capability-Based Secure Operating Systems[J]. Mini-micro Systems, 2006, 27(1): 126-130 |
| |
| Authors: | GONG Yu-chang WU Ming-qiao ZHANG Ye ZHU Jian-min |
| |
| Affiliation: | Department of Computer Science and Technology, University of Science and Technology of China, Hefei 230027, China |
| |
| Abstract: | An essential design requirement for secure systems is the principle of least privilege and separation of duty. So the secure operating system must provide fine-grained access control which is suitable to capability-based secure operating system. But there are no perfect solutions to the following three questions up to now: (1) the limited object type which can be controlled by capability; (2) the imperfect capability revocation mechanism; (3) the large cost of checking permissions with capabilities. This paper presents a new capability management model (GYC model) which solves the three questions simultaneously. The model has been applied to Minicore which is a secure operating system we developed. The experimental results testify that the GYC model has the advantage over the Redell model in whole performance. |
| |
| Keywords: | permission capability secure operating system capability propagation tree |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
