Linux通用访问控制框架的设计

The Design of Linux General Framework of Access Control

访问控制是用来处理主体和客体之间交互的限制,是安全操作系统最重要的功能之一。Linux系统中所采用的访问控制是传统UNIX的基于访问模式位的单一的自主访问控制,在实现这一功能时,系统的访问控制代码散列在核心中,没有形成统一的访问控制模块和相应的接口,不支持策略与机制的分离,缺乏相应的灵活性、扩充性以及易维护性,无法定制化系统的访问控制策略。而在当前以分布式计算作为主导计算模式的背景之下,Linux系统中原有的访问控制是无法满足信息处理系统的日益多样化安全需求。针对上述Linux系统中访问控制机制的缺陷,该文引入了一种通用的访问控制框架称之为Linux通用访问控制框架。该框架是一种与具体的访问控制策略无关的体系结构,支持系统的访问控制策略和机制的分离,与传统的Linux访问控制相比,它借助于在Linux核心系统中得到广泛应用的框架式抽象数据类型,提供了一个一致的、抽象的访问控制接口从而对多种访问控制策略如强制访问控制、基于角色的访问控制等加以支持。在该框架之下,用户甚至可以提供自己的访问控制策略模块,以获得具有更高的灵活性、扩充性和易维护性的系统访问控制机制。同时,由于该框架的引入,系统的访问控制策略模块可以与系统其它部分相分离,从而有利于系统访问控制的结构化?

Access control,which handles the restrictions on the interaction between the subjects and the objects,is one of the significant functions of a security operating system and also an important criteria of security system evaluation.In Linux,the traditional UNIX access-mode-bits based access control mechanism is currently supported.In implementation,the codes of system access control are mixed up with the rest of the kernel,no unified access control modules and interfaces are provided in the Linux kernel and no separation of policy and mechanism is supported.All above makes Linux lack of flexibility,scalability,maintainability and customizability in system access control when constructing a security operating system with Linux.As the distributed computing is widely accepted and employed,the Linux traditional access control mode,which was introduced in the centralized time-sharing mainframe ,cannot meet the diverse security requirements of information processing system.In this paper,a specific-policy-independent architecture of access control-General Framework of Access Control-is introduced in Linux kernel system.It supports the separation of policy and mechanism and provides a unified abstract interface to system access mechanism under the help of the thought of abstract data type that is widely accepted in the Linux kernel construction and,thus,supports multiple access control policies,say mandatory access control,role based access control etc.It helps gain great flexibility,scalability and maintainability in system access control mechanism compared with that of traditional Linux.Under such a frame ,a system user could provide some specific access control modules to meet his own specific security requirements.Meanwhile,the frame separates the system access control from the rest of the kernel by means of modules and could help with the structure protection for the access control subsystem in order to obtain higher security assurance of the system as whole.