摘要
针对系统应用中嵌入式系统的安全问题,该文在Linux操作系统内核层中采用改进/增强的开发方法。基于在Linux内核中加入强制访问控制机制(MAC)的方法,针对apache的进程访问进行SElinux安全策略配置,改进了对内核对象和服务的访问控制,改进了对apache服务器应用进程初始化、继承和程序执行的访问控制,严格定义其访问对象及访问权限,从而在保证进程正常运行的前提下,不仅防止了应用程序重要信息的泄漏,也最大限度地增强了访问控制的安全性,加强了网络服务的安全性,其安全级别可以达到B1级。
For security system applications in embedded systems,this paper use improved/enhanced developmentmethods in Linux operating system kernel layer,joining the mandatory access control mechanism(MAC)in the Linux kernel for analysis,carried out for the Apache process to access SElinux security policy configuration,that improved the access control on kernel objects and services,improved access control performedon the apache server application process initialization,inheritance and procedures,defined strictly accessobjects and access rights,so the premise of guaranteeing the process of running,not only to prevent an importantapplication information leakage,but also to maximize the enhanced access control security,to strengthenthe security of the network services and the security level can be reached B1level.
作者
吴聪
刘伟洋
陈侃松
Wu Cong;Liu Wei-yang;Chen Kan-song(Institute of Internet of Things,School of Computer Science and Information Engineering,Hubei University,Hubei Wuhan 430062)
出处
《电子质量》
2017年第4期53-57,共5页
Electronics Quality
