基于多重身份授权检查机制的操作系统安全模型

An Operating System Security Model Based on Multi-identities Authorizing and Inspecting Mechanism

操作系统安全模型包括许多重要安全组件,如组、账号、访问控制列表、日志等,而把这些组件有机地联系在一起的则是安全机制,因此安全机制是安全模型的核心,如果安全机制存在缺陷,那么这种模型所能提供的安全特性将是有限的。当前流行的安全机制从身份使用的角度可命名为单重身份授权检查,虽然该机制有许多优点,但是其中也存在一些缺陷,且这些缺陷的危险性不容忽视。本文提出一种新的安全机制——多重身份授权检查,同时说明该机制所具有的安全特性和所能提供的安全解决方案。

OS security model includes many important components, such as groups, accounts, access con- trol lists, logs etc, but it＇s the security machanism that links all of them, so the security machanism is the kernel of security model, if there have some defects in it, then the security capabilities of this model are limited. From the view of identity using, current popular security mechanism could be named single-identity authorizing and inspecting, though it has many strongpoints, but has a little defects, which fatalness can not be ignored. So we raise a new security mechanism—multi-identities authorizing and inspecting, while introduces the specialities which owns and security solutions which provided.