中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
安全操作系统中动态策略管理技术的研究与实现
作者: 顾昊
答辩日期: 2007-05-29
授予单位: 中国科学院软件研究所
授予地点: 软件研究所
学位: 博士
关键词: 安全操作系统 安全策略语言 ; 动态策略 ; 策略管理 ; 强制访问控制
其他题名: Design and Implementation of Dynamic Policy Management in Secure Operating System
摘要: 本文以CAS‐Earth 安全操作系统的实际开发过程为基础,以SEBSD 安全机制为主要讨论平台,对安全操作系统中动态策略管理的关键技术进行了研究。本文是CAS‐Earth 安全操作系统研究课题的一个重要工作内容,特别是对SEBSD 部分的工作进行了全面总结,取得的主要研究成果有: 第一,在CAS‐Earth 的开发过程中,对SEBSD 安全子系统的功能进行了全面的改进,添加了对动态策略机制的进一步的支持,提高了安全系统的易用性和可用性。我们添加了三个方面的安全策略动态调节机制,包括以支持策略调整开关项为目标的条件策略语言,以低耦合、高内聚重组策略使策略对应于功能加载的可加载策略模块技术,和以动态设定目标文件系统安全标记的文件系统加载时上下文设定技术。这些动态机制能够有效地提高整个安全系统的可用性与易用性。 第二,给出了一种基于Webmin 的实施web 图形化安全策略调整的方案,使用该系统,用户可以远程查看SEBSD 系统当前的运行状况,并可实时对策略控制开关项进行控制。第三,提出了一种安全策略部署与更新的设计方案,以本地策略服务器为基础,通过应用服务软件包自带策略的方式进行策略部署,通过建立远程策略服务器的方式进行策略的更新。给出了基于最小特权和元策略的策略更新保护技术的研究成果,并讨论了模块连接时的依赖关系处理。第四,以Apache位具体实例,对如何使用SEBSD 安全机制对上层应用服务进行安全保护作出了总结。给出对当前web 服务安全问题了分析,展示了SEBSD 策略设计与开发的细节,实现了对web 服务可调节的安全保护。 总之,本文的研究成果解决了安全操作系统中动态策略管理技术中的一些关键问题,为开发适应复杂计算环境的高等级安全操作系统提供了丰富而重要的参考。
英文摘要: With the experiments of implementing CAS-Earth secure operating system, research on the key technologies of dynamic policy management in secure operating system is conducted in this paper, with SEBSD as the main discussion platform. Work in this paper is an important part of CAS-Earth secure operating system project, and it presents a comprehensive discussion about SEBSD sub-system in CAS-Earth. AS a result, four principal achievements have been obtained. First, in development process of CAS-Earth, the functions of SEBSD sub-system are fully improved, and the further supports of dynamic policy mechanism are added, which enhances the system’s usability. Three major dynamic policy mechanisms are presented, including conditional policy language for supporting policy toggle items, policy loadable module for re-struct the whole policy by function, and secure context on filesystem mount. Second, a Webmin-based secure policy adjust method with web GUI is presented. Using this system, users could remotely view running status of SEBSD, and conduct real-time control over policy bool toggle items. Third, a design of secure policy deployment and updating is presented, which is based on local policy server, combined with software package management system to deploy secure policy, updating policy by constructing remote policy server. The security issues in policy update are also discussed based on least privileges and meta-policy, and the problem of policy module dependency is mentioned too. Fourth, with Apache as a specific example, the method of using SEBSD security mechanism to protect application services is summarized. The security issue of web server is analyzed, and the details of SEBSD policy design and implementation are also presented, which realize the user-controlled protection of web server. In summary, the research achievements of this paper is useful to dynamic policy management problem in secure operating system, and is also as a good reference in development high level secure operating system for complex computing environments.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/6752
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
10001_200428015029106顾昊_paper.pdf(669KB)----限制开放-- 联系获取全文

Recommended Citation:
顾昊. 安全操作系统中动态策略管理技术的研究与实现[D]. 软件研究所. 中国科学院软件研究所. 2007-05-29.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[顾昊]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[顾昊]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace