Γ
安全操作系统
В
• 传输安全 • 系统安全 • 端系统安全 • 安全操作系统
• TCSEC/CC
Γ
В SELinux
Γ
В
--- From NSA Security-enhanced Linux Team
• "NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration files designed to meet common, general-purpose security goals."
Γ
В OSKit
• OSKIT是美国犹它大学计算机科学系FLUX研究组编写的 一套用于架构操作系统内核、服务器和其他OS级软件的 框架及模块化的部件和库程序。
• OSKIT的编写者认为，操作系统中有很大一部分模块是系 统必须的，但并不是开发者所感兴趣的，例如系统装入模 块，各种标准驱动模块等。使用OSKIT的目的就是使操作 系统的开发者集中精力开发他们操作系统中有特色的，或 者他们感兴趣的部分，而不必考虑一些繁琐而乏味的细节。
• Other contributors to the Security-Enhanced Linux system include NAI Labs, Secure Computing Corporation, and MITRE.
• OSKit (), a framework and a set of 34 component libraries oriented to operating systems, together with extensive documentation, by Utah.
– 描述用户对安全方面要求，根据系统安全需求制定。
Γ
В Access control
• the ability to permit or deny the use of something by
someone, includes authentication, authorization and
audit.
Γ
В Subject/Object
• 主体
– 计算机中存在大量涉及安全的操作，凡是实施操作的 作主体,如用户或者进程等。
• 客体
– 被操作的对象称为客体，如文件、设备、内存等
• 标识与鉴别
– 标识是系统要确认访问者的身份，如用户名。 – 鉴别是提供一种方法证实身份，如口令。
• 安全策略(Security Policy)
• Discretionary Access Control – DAC 自主的
– an access policy determined by the owner of an object. The owner decides who is allowed to access the object and what privileges they have.
Γ
SELinux的直接来源
В
• Flask (Flux Advanced Security Kernel) is an operating system security architecture that provides flexible support for security policies. The architecture was prototyped in the Fluke research operating system.
В
安全协议与标准
linfb@ 2007, 11
Γ
В SELinux
• Access control
– MAC (Mandatory access control) – DAC (Discretionary access control)
• SELinux in kernel 2ห้องสมุดไป่ตู้6
• It is a core framework in security-focused operating systems such as NSA's SecurityEnhanced Linux (SELinux) and TrustedBSD.
Γ
促成SELinux的其他相关项目
В
• NSA & SCC: Distributed Trusted Mach (DTMach), an outgrowth of the TMach project and the LOCK project. The DTMach project was continued in the Distributed Trusted Operating System (DTOS) project
• 为了达到这个目的，OSKit在设计时借用了COM的思想， 把操作系统的各个部分设计成尽量独立的COM模块，以 方便操作系统的开发者使用或替换。因此，当开发人员使 用这套工具时，可以把它当作一个完整的操作系统来使用， 也可以根据需要使用其中的一部分，它还可以作为一套动 态链接库，由操作系统及支持程序对它进行调用。