| 一种灵活的强制完整性访问控制策略 |
| |
| 引用本文: | 徐,锋,魏立峰,张国印.一种灵活的强制完整性访问控制策略[J].计算机工程与科学,2014,36(5):836-841. |
| |
| 作者姓名: | 徐 锋 魏立峰 张国印 |
| |
| 基金项目: | 信息保障技术重点实验室开放基金资助项目(KJ 13 105) |
| |
| 摘 要: | 完整性保护是计算机安全的一项重要内容,虽然绝大多数安全操作系统都设计实现了完整性保护机制,但仍存在着系统的完整性被破坏以及完整性策略不够灵活的不足。在实施完整性保护的基本原则下,提出了一种灵活的完整性访问控制策略FIC,并给出了在LSM框架下的实现过程。FIC定义了主完整级和辅助完整级,通过访问控制规则、进程再标记规则和新建客体标记规则,实现了系统的完整性保护以及进程执行的灵活完整性保护控制。最后分析了实现效果,并指出了进一步可扩展性研究需求。
|
| 关 键 词: | 完整性 访问控制 安全操作系统 LSM |
| 收稿时间: | 2013-08-02 |
| 修稿时间: | 2014-05-25 |
A flexible mandatory integrity access control policy |
| |
| XU Feng,WEI Li feng,ZHANG Guo yin.A flexible mandatory integrity access control policy[J].Computer Engineering & Science,2014,36(5):836-841. |
| |
| Authors: | XU Feng WEI Li feng ZHANG Guo yin |
| |
| Affiliation: | (1.College of Computer Science and Technology,Harbin Engineering University,Harbin 150001;
2.College of Computer,National University of Defense Technology,Changsha 410073,China) |
| |
| Abstract: | Integrity protection is an important content of computer security. Most of security OSes supported integrity protection mechanism, but integrity also may be destructed, and the protection mechanism is not flexible enough. Based on the principle of integrity protection, FIC (Flexible Integrity Control) policy is proposed and implemented under LSM (Linux Security Module). Integrity level and integrity auxiliary level is defined, FIC defines many rules including access control rules, process re label rules and new objects labeled rules, FIC policy can protect system's integrity and process execution's flexible integrity protection. Implementation effect is analyzed, scalable requirement is pointed out. |
| |
| Keywords: | integrity access control security OS Linux security module(LSM) |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《计算机工程与科学》浏览原始摘要信息 |
|
点击此处可从《计算机工程与科学》下载全文 |
|
