中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
支持多安全政策的安全操作系统的研究与实施
作者: 梁洪亮
答辩日期: 2002
专业: 计算机软件与理论
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 安全政策 ; 安全模型 ; 安全操作系统 ; 安全体系结构 ; 多等级安全
其他题名: Research on and Enforcement of Secure Operating System Supporting Multiple Security Policy
摘要: 该文以一个实际的安全操作系统的开发实践为基础,针对日益变化的信息威胁和各式各样的安全需求,对支持多安全政策的安全操作系统的开发方法进行了研究,取得了六个方面的主要成果.第一,确立了适用于安全操作系统的安全政策.第二,首次结合实际安全操作系统的开发实践对安全政策的求精方法进行了研究.第三,结合Linux操作系统,首次系统地对操作系统的安全目的、安全服务和安全机制进行了全面分析.第四,提出了一个支持多安全政策的操作系统安全体系结构(SOSSA).第五,对多等级安全政策及其实现进行了研究,提出了一个多等级安全标记公共框架(MLSLCF).第六,对安全政策的规范表示方法进行了研究,提出了一个安全政策规范语言(SPSL).
英文摘要: With an experiment of implementing a practical secure operating system in accordance with the consideration of a variety of information threats and security requirements, research on and enforcement of the security policy in secure operating system(SOS). As a result, six principal achievements have been obtained. First, the security policies fit for SOS are determined. And related security models and security mechanisms is classified, discussed and analyzed systematically at the first time. A comprehensive perspective of the evolution process of security policies and models is presented, which lays the ground for the overall knowledge of the state of the art of security policies and models. Second, research on the refinement of security policy is conducted and the essential properties of multiple security policy are presented, which provides helpful guides for the later development of security policy. Third, based on the Linux system, the security goal, services and mechanisms of operating system kernel are analyzed systematically at the first time, the map of security services and mechanisms is proposed, and the resident problems of the Linux kernel together with corresponding improvement suggestions is presented. Fourth, by introducing the metapolicy and decision cache concepts into the operating system kernel, a security architecture of SOS, named SOSSA, is constructed, which can support multiple security policy and improve the implement performance in a SOS kernel. A SOS based on the main stream Linux system, named RFSOS, is produced successfully according to the SOSSA. The system has passed the 3rd level certification against the China Classified Criteria for Security Protection of Computer Information System. Fifth, a common framework of multilevel sensible labels (MLSLCF) is proposed, which overcomes the problem existed in previous SOS that a subject only access objects in same level during a session. Based on MLSLCF, the multilevel confidential and integrity access control are simultaneously implemented in RFSOS. Last but not least, the specification of security policy is studied and a specification language for security policy (SPSL) is presented. With SPSL, multiple security policies, such as discretionary access control policy, multilevel access control policy, Chinese wall policy and type enforcement policy can be specified. In a word, the principal achievements of this thesis are helpful to the development of novel security policy and models, and to the construction of secure operating system platforms for computer security of applications in the real world.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/6578
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW008662.pdf(2213KB)----限制开放-- 联系获取全文

Recommended Citation:
梁洪亮. 支持多安全政策的安全操作系统的研究与实施[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2002-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[梁洪亮]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[梁洪亮]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace