摘要
Linux作为开源操作系统,被广泛应用于各个领域。针对Linux操作系统的安全问题,特别是Linux操作系统把"一切皆当做文件",提出了结合可信计算技术,通过Linux安全模块(LSM)机制,基于Linux的系统调用过程,使用钩子函数完成对文件保护的方法。该文件保护机制建立在信任链之上,保证了被保护文件的可信性和完整性,并且具有动态恢复和审计功能。该文件保护机制的设计与实现,证明了该方法的可行性和实用性。
As an opensource operating system, Linux is widely applied in various fields. For the security issue, especially everything is a file for Linux, this paper designed a method protecting file, which used the hooks of Linux Security Module (LSM) intercepting system calls, combined with trusted computing. The design protects the credibility and integrity of file, based on trust chain, and has a dynamic recovery and audit functions. The design and implementation of mechanism demonstrate the feasibility and practicality.
出处
《计算机应用》
CSCD
北大核心
2014年第A01期57-59,共3页
journal of Computer Applications
