| 基于SELinux的三权分离技术的研究 |
| |
| 引用本文: | 杨霞,石鹏,杨姗,任飞.基于SELinux的三权分离技术的研究[J].电子科技大学学报(自然科学版),2016,45(6):958-963. |
| |
| 作者姓名: | 杨霞 石鹏 杨姗 任飞 |
| |
| 作者单位: | 1.电子科技大学信息与软件工程学院 成都 610054 |
| |
| 基金项目: | 国家核高基重大专项M1401060112ZX0103301国家科技支撑计划2012BAH44F00 |
| |
| 摘 要: | 随着Linux操作系统的广泛使用,由于root权限过大所暴露出来的安全问题逐步被引起关注。针对Linux操作系统的特权管理问题,首先建立了三权分离安全模型,将Linux系统中的特权用户分解为系统管理员、安全管理员、审计管理员3个不同的管理员角色。然后,基于SELinux的强制访问控制技术设计并实现了三权分离机制和安全策略,对每个管理员的权限进行细粒度划分和严格的访问控制。最后,基于嵌入式平台实现了一个实验原型系统,验证了三权分离方法的正确性和可行性。该方法可广泛应用于Linux操作系统,以提高系统的安全性。
|
| 关 键 词: | 强制访问控制技术 安全模型 安全策略 SELinux 三权分离技术 |
| 收稿时间: | 2015-03-29 |
Research on the Separation of Privilege Based on SELinux |
| |
| Affiliation: | 1.School of Information and Software Engineering, University of Electronic Science and Technology of China Chengdu 6100542.Science and Technology on Communication Security Laboratory Chengdu 610041 |
| |
| Abstract: | With the widespread use of Linux operating systems, security problems is gradually exposed and become a hot topic because of excessive root privileges. To solve this problem and enhance security of Linux operating system, firstly, we model the separation of privilege, which divides the privilege of Linux system into three roles, system administrator, security administrator, and auditor. Then, this paper designs and implements the separation of privilege mechanism based on the SELinux's mandatory access control technology, which can define fine-grained permissions and security policy for each role and control user's access strictly. Finally, we implement a prototype system based on the embedded platform, which verifies the correctness and feasibility of our approaches presented in this paper. These approaches presented in this paper can be used in Linux operating system to enhance system security. |
| |
| Keywords: | |
|
| 点击此处可从《电子科技大学学报(自然科学版)》浏览原始摘要信息 |
|
点击此处可从《电子科技大学学报(自然科学版)》下载全文 |
