中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
多安全政策支持框架研究及其在安全操作系统中的实践
作者: 单智勇
答辩日期: 2002
专业: 计算机软件与理论
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 多安全政策支持框架 ; 安全操作系统 ; 安全政策 ; 安全模型 ; 安全管理 ; 网络安全
其他题名: Research on the Framework for Multi-Policies and Practice in Secure Operating System
摘要: 该文以一个商品化安全操作系统的大量实际开发工作为基础,结合国内外在多安全政策支持框架、安全模型和安全操作系统等方面的最新研究成果,对多安全政策支持框架的理论及其在安全操作系统中的实施进行了研究.主要取得了六个方面的成果:1.引入"二项缓冲机制"到通用访问控制框架中,有效地解决了访问控制框架在支持多种安全政策时效率低下的问题,并建议将"二项缓冲机制"引入到访问控制框架的国际标准ISO/IEC10181-3:1996中.2.首次提出应用于操作系统的角色访问控制模型OSR,并且在多安全政策支持框架下成功实施.3.首次提出环境适应的通用多安全政策支持框架--Guards,并给出环境适应的通用多安全政策支持框架的九条评价标准.4.对安全操作系统研发中的一个长期疑难问题"安全属性即时撤消"进行了深入研究,通过建立"安全属性即时撤消框架"和"基于操作列表的in-progress操作撤消机制",取得了较满意的结果.5.遵循CC标准EAL3级的要求,首次提出安全操作系统安全管理机制SAMSOS,并且在多安全政策支持框架下成功实施.6.提出"基于政策描述语言"、"基于安全属性"和"基于统一模型"的分类方法,首次对国际上百花齐放的多安全政策支持框架的研究工作,进行了比较系统的划分.为多安全政策支持框架的进一步研究建立了一定的基础.
英文摘要: With a m ass of practical work in researching and developing a commercial secure Operating System (OS) in accordance with the newest achievements related to studing in Framework for Multi-Policies (FMP), security models and secure OS, research on theory of FMP and it's enforcement in secure OS is conducted in this dissertation. As a result, six principal achievements have been obtained: A two-level-caches mechanism is brought in the Generalized Framework for Access Control (GFAC) based on a three levels model of access, and is implemented in Red-Flag Secure OS (RFSOS). Experiments has proved that the two-levels-cache mechanism can effectively improve performance of the GFAC. We suggest International Standards Organization (ISO) adopt it as an optional component in the standard of ISO/IEC 10181-3:1996 for upgrading performance of access control framework when supporting multi-policies. An Operating S ystem oriented RBAC model is presented at the first time and implemented in release version of RFSOS. This work is also the first time to implement directly a RBAC model holding the most of characteristics descripted in the draft standard of RBAC proposed by NIST in the OS kernel. Nowadays, flexible and adaptive policies must be enforced into Automated Information Systems (AIS) to cope with the complex and capricious security environment. Based on the development of RFSOS and study of FLASK and DTOS, an environment-adaptable FMP-Guards is put forward at the first time and compared with FLASK according to the nine criteria descripted in the dissertation. Providing complete security attributes revocation function in secure OS is required both by FMP and Common Criteria (CC), but a 11 the relevant research on international are imperfect. Found on the analysis of security attributes revocation in secure OS, a security attributes revocation framework is brought forward and implemented in RFSOS. Especially, the problem of in-progress-operations revocation is solved by a mechanism built on in-progress-operations list. Security Administration (SA) is an important part of secure OS and how to develop a SA for secure OS accordance with CC is a problem worth to discuss. In this paper, a SA framework for secure OS named SAMSOS, which follows EAL3 class of CC, is put out and implemented in release version of RFSOS. 6. How to support multi-policies in secure information systems was a research hotspot in recent years. In this paper, FMP studies were divided systematically in three classes: based on policy language,based on security attributes and based on uniformed security model. Typical FMPs of each class were analyzed and compared. In summary, the principal achievements of this dissertation are helpful to the exploration of FMP theory and the development of secure OS.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/7356
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW011198.pdf(1621KB)----限制开放-- 联系获取全文

Recommended Citation:
单智勇. 多安全政策支持框架研究及其在安全操作系统中的实践[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2002-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[单智勇]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[单智勇]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace