期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于LSM的动态多策略研究与实现 被引量:2

Research and implementation of dynamic and multiple security policies on LSM
下载PDF
导出
摘要 安全需求多样化对操作系统提出支持大量广泛的安全策略灵活性要求。这些灵活性需要支持控制访问权限的转移,执行细粒度的访问控制和撤消之前许可的访问权限。传统操作系统把对安全策略的支持分散到系统相关功能模块中,难以满足这种需求。通过对操作系统中策略相关功能部件的研究,介绍并分析了一种基于通用访问控制框架LSM的动态多策略安全体系结构,阐述了如何把主流Flask体系结构和LSM合理有效的结合以及在Linux上的实现。 the research of all the facilities related to security policy in the system, a security architecture is introduced and analyzed based on dynamic and multiple security policies, a general access control framework LSM, and how to adopt Flask and LSM reasonably and effectively is discussed and implemented based on Linux.
作者 佘影 陈蜀宇
机构地区 重庆大学计算机学院 重庆大学软件学院
出处 《计算机工程与设计》 CSCD 北大核心 2007年第17期4108-4111,共4页 Computer Engineering and Design
基金 教育部"新世纪优秀人才支持计划"基金项目(NCET-04-0843)
关键词 动态多策略 安全模块 安全体系结构 安全域 安全操作系统 dynamic and multiple security policy LSM security architecture secure fields secure operating system
分类号 TP316 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献8

  • 1石文昌,孙玉芳.安全操作系统研究的发展(下)[J].计算机科学,2002,29(7):9-12. 被引量:24
  • 2Schneiderl F B.Enforceable security policies[J].ACM Trans on Information and System Security,2000,3(1):30-50.
  • 3Amon Ott.The rule set based access control (RSBAC) Linux kernel security extension[C].Proceedings of the 8th International Linux Kongress,2001:51-64.
  • 4Loscocco P,Smalley S.Integrating flexible support for security policies into the Linux operating system[C].USENIX Annual Technical Conference,2001:23-40.
  • 5Wright C,Cowan C,Smalley S,et al.Linux security modules:General security support for the linux kernel[C].San Francisco:USENIX Security Symposium,2002.
  • 6Edwards A,Zhang Xiaolan,Jaeger Y.Using CQUAL for static analysis of authorization hook placement[C].San Francisco:USENIX Security Symposium,2002.
  • 7Linux security module[EB/OL].http://lsm.immunix.org/.
  • 8单智勇,孙玉芳.安全操作系统安全属性即时撤消研究[J].计算机研究与发展,2002,39(12):1681-1688. 被引量:9

二级参考文献94

  • 1[1]M D Abrams. Renewed understanding of access control policies. The 16th National Computer Security Conf, 1993
  • 2[2]DTOS generalized security policy specification. Secure Computing Corporation. Tech Rep: DTOS CDRL A019, 1995
  • 3[3]P Loscocco et al. The inevitability of failure: The flawed assumption of security in modern computing environments. The 21st National Information Systems Security Conf, Crystal City, Virginia, 1998
  • 4[4]DARPA/ISO. Research challenges in operating system security. 1997. http:∥www.ito.arpa.mil/Proceedings/OS Security/challenges/challenges long.html
  • 5[5]Feustel, Mayfield. The DGSA: Unmet information security challenges for operating system designers. Operating Systems Review, 1998, 32(1): 3~22
  • 6[6]R Spencer, S Smalley, P Loscocco et al. The flask security architecture: System support for diverse security policies. The 1999 USENIX Security Symposium, Denver, CO, 1999
  • 7[7]Information technology-security techniques-evaluation criteria for IT security. ISO/IEC 15408, International Standards Organization, 1999. http:∥csrc.nist.gov/cc
  • 8[8]E I Organick. The MULTICS System: An Examination of Its Structure. Cambridge, Massachusetts and London, England: MIT Press, 1972
  • 9[9]D Redell, R Fabry. Selective revocation of capabilities. The Inernational Workshop on Protection in Operating Systems, 1974
  • 10[10]L Gong. A secure identity-based capability system. The 1989 IEEE Symp on Security and Privacy, Dakland, California, 1989

共引文献31

同被引文献21

  • 1沈昌祥,张焕国,王怀民,王戟,赵波,严飞,余发江,张立强,徐明迪.可信计算的研究与发展[J].中国科学:信息科学,2010,40(2):139-166. 被引量:252
  • 2ORGANICK E I. The Muhics system: An examination of its structure[M]. Cambridge, USA: MIT Press, 1972.
  • 3MAZIERES D, KAASHOEK M. Secure applications need flexible operating systems[C]//The 6th Workshop on Hot Topics in Operating Systems. Washington DC: Computer Society Press, 1997:56 -61.
  • 4AMON O. The rule set based access control Linux kernel security extension [ EB/OL]. [ 2008 - 11 - 25 ]. http:// www. rsbac, org/ doc/media/openweekend/openweekend-handout, pdf.
  • 5SMALLEY S, FRASER T. A security policy configuration for the security-enhanced Linux[ R]. NAI Labs, 2001.
  • 6LOSCOCCO P, SMALLEY S. Meeting critical security objectives with security-enhanced Linux[ R]. NAI Labs, 2000:45 - 50.
  • 7SPENEER R, SMALLEY S, LOSCOCCO P, et al. The flask security architecture: system support for diverse security policies[ C]// Proceedings of the 8th USENIX Security Symposium. Denver, CO, USA: USENIX Association, 1999:123 - 139.
  • 8KARGER P. New methods for immediate revocation[ C]// The IEEE Symposium on Security and Privacy. Oakland, CA, USA: IEEE Computer Society, 1989:48 -55.
  • 9REDELL D, FABRY R. Selective revocation of capabilities[ C]// Proceedings of the International Workshop on Protection in Operating Systems. Paris, France: [ s. n. ], 1974:192 -209.
  • 10GONG L. A secure identity-based capability system[ C]// Proceedings of the 1989 IEEE Symposium on Security and Privacy. Washington DC: IEEE Computer Society, 1989:56 -65.

引证文献2

二级引证文献11

计算机工程与设计
2007年 第17期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部