中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
《结构化保护级》安全操作系统之网络子系统的研究与开发
作者: 赵志科
答辩日期: 2003
专业: 计算机应用技术
授予单位: 中国科学院软件研究所信息安全技术工程研究中心
授予地点: 中国科学院软件研究所信息安全技术工程研究中心
学位: 博士
关键词: 安全操作系统 ; 安全模型 ; 强制访问控制
其他题名: Research on Network Subsystem of Structured Protection Level Secure Operating System Development
摘要: 随着各种网络应用的增强,层出不穷的网络安全问题越来越受到人们的重视。安全操作系统在防止安全威胁,提供安全服务中的作用已经不容忽视。本文以结构化保护级安全操作系统-Secinux V4的实际开发为背景,对其重要组成部分-网络子系统的研究与开发进行了全面的阐述。我们将系统的强制访问控制策略引入网络栈中,设计和实现了一个非常全面灵活的网络安全体系结构。本文的工作成果主要体现在如下几个方面:1.网络子系统的开发以SecLinux系统的安全模型DAACM为基础,从而能够为网络应用提供机密性和完整性等强制访问控制保护;2.系统采用了Flask安全体系结构,从而对动态多策略提供有效支持;3.以支持动态加载多种安全模块的通用访问控制框架-LSM为实际开发的基础,有效利用了其网络hook函数来实现网络栈的分层控制;4.为网络子系统之间的通信提供了安全信息标识机制,从而更有效地支持网络强制访问控制;5.提供了网络密码保护机制以保证网络通信的机密性、完整性和可认证性;6.对几个深层问题进行了初步研究,包括网络系统调用扩展和策略的统一与整合。总之,本文的工作为我国在安全操作系统,特别是其网络子系统的研究与开发上提供了一定的技术和经验。
英文摘要: With the prevalence of network application, we became faced with a new urgency of network security growing at an astronomical rate. Today, the importance of secure operating system on providing security service against all kinds of threats is accepted by more and more people. Our work is based on the practical development of a secure operating system-SecLinux V4, which is accordance with the requirements of the fourth level, i.e. Structured Protection Level, of GB17859. We focus our efforts on the research and implementation of the network subsystem of SecLinux V4, and succeed in extending the mandatory access control policy into the network stack, designing and implementing a more flexible network security architecture. This thesis gives a comprehensive expatiation about it, including six principal achievements we got. They are: 1. The development of network subsystem is based on the security model DAACM which gives the ability to provide mandatory access control in fine-grained modes; 2. We adopt the Flask security architecture in order to support dynamic and multiple security policies; 3. The practical implementation is based on a general access control framework-LSM, which supports different loadable security models. We make full use of its network hooks to map the different access control requirements into different layers in the network stack; 4. We also provide network security information labeling mechanism, so that two hosts can exchange and use their security information conveniently; 5. Network cryptographic protection mechanism is included to provide the confidentiality, integrality, authenticity. 6. We do some pilot study on network extended system call, policies' unifying and integrating. To sum up, the achievements presented in this thesis will provide some useful technologies and experiences to the research and design of the high level secure operating system in our country.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/7426
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW011237.pdf(2980KB)----限制开放-- 联系获取全文

Recommended Citation:
赵志科. 《结构化保护级》安全操作系统之网络子系统的研究与开发[D]. 中国科学院软件研究所信息安全技术工程研究中心. 中国科学院软件研究所信息安全技术工程研究中心. 2003-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[赵志科]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[赵志科]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace