安全操作系统中证书认证模型的设计与实现

THE DESIGN AND IMPLEMENTATION OF THE CERTIFICATION AUTHENTICATION MODEL IN SECURE OPERATING SYSTEM

对用户进行身份认证是操作系统安全机制的关键部分。基于电子证书的身份认证方法,很好地解决了口令认证的一些缺陷,大大提高了系统安全性。在我们对linux内核的安全改造中,引入内核级、基于电子证书的身份认证方式,有效地增强了操作系统安全性,在此基础上,还可以设计实现跨平台的安全操作系统集中管理,有效提高效率,方便使用。论文对该模型涉及的证书格式、认证模型的安全性能、认证(包括远程认证和本地认证)和证书管理方法及其实现过程做了阐述。

Identify authentication is an important aspect of OS security.The authentication mechanism based on digital certificate avoids some disadvantages of identify authentication based on password mechanism.In the design and implementation of a secure OS kernel,we use this authentication mechanism firstly.In this paper,we describe certificate format,authenticate process remotely and locally,we also analyse the strength of the model's security.At last,we describe all methods about digital certification management including awarding and cancelling user's certification etc.