| SELinux特权用户管理的设计与应用 |
| |
| 引用本文: | 徐宁,刘文清,孟凯凯,王亚弟.SELinux特权用户管理的设计与应用[J].计算机工程,2011,37(10):120-122. |
| |
| 作者姓名: | 徐宁 刘文清 孟凯凯 王亚弟 |
| |
| 作者单位: | 1. 解放军信息工程大学电子技术学院,郑州,450004
2. 上海中标软件有限公司,上海,200030 |
| |
| 基金项目: | 国家"863"计划基金资助项目,上海市科委基金资助项目 |
| |
| 摘 要: | 分析SELinux体系在当前Linux类操作系统中的应用,基于角色的访问控制模型与可信计算,提出新的特权用户标识定义,利用该定义给出一种安全Linux操作系统特权用户管理方案。通过UID与角色的二维标识方法解决特权用户区分的问题,以可信计算中的密码服务加强认证的安全强度,用内核安全加固解决安全模式切换问题,从而改进SELinux在Linux类操作系统中的安全性。
|
| 关 键 词: | SELinux系统 基于角色的访问控制 特权用户标识 可信认证 |
Design and Application of Privileged User Management Based on SELinux |
| |
| XU Ning,LIU Wen-qing,MENG Kai-kai,WANG Ya-di.Design and Application of Privileged User Management Based on SELinux[J].Computer Engineering,2011,37(10):120-122. |
| |
| Authors: | XU Ning LIU Wen-qing MENG Kai-kai WANG Ya-di |
| |
| Affiliation: | 1(1.School of Electronics Technology,PLA Information Engineering University,Zhengzhou 450004,China;2.Shanghai China Standard Software Co.Ltd.,Shanghai 200030,China) |
| |
| Abstract: | This paper analyzes the application of SELinux on the current Linux type operating systems,introduces the definition of new identifier for the privileged user based on Role Based Access Control(RBAC) module and trusted computing,and propose a new privileged user management based on this definition for the secure Linux operating system.To solve the problem of distinguishing privileged users through UID with the role,it enhances the security of authentication strength by trusted computing's password service,solves the problem of security mode switching by kernel enhancement,and effectively improves the secure application of SELinux in Linux system. |
| |
| Keywords: | SELinux system Role Based Access Control(RBAC) privilege user identifier trusted attestation |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
