| SELinux安全机制和安全目的研究 |
| |
| 引用本文: | 黄易冬,沈廷芝,朱亚平.SELinux安全机制和安全目的研究[J].微计算机信息,2004,20(7):115-117. |
| |
| 作者姓名: | 黄易冬 沈廷芝 朱亚平 |
| |
| 作者单位: | 100081,北京理工大学图像处理与模式识别实验室 |
| |
| 摘 要: | SELinux在Linux中实现了高强度但又灵活的强制访问控制(MAC)体制,提供基于机密性和完整性的信息隔离.能对抗欺骗和试图旁路安全机制的威胁.限制了因恶意代码和应用程序缺陷造成的危害。SELinux支持多种安全策略模型,支持策略的灵活改变.使用类型裁决和基于角色的访问控制来配置系统。文章给出了SELinux体系结构和安全模型,表述了安全加强的Linux是如何支持策略的灵活性和如何配置访问控制策略来满足通用操作系统的安全要求.
|
| 关 键 词: | SELinux Linux 安全机制 信息隔离 安全服务器 安全服务器 客体管理器 |
| 文章编号: | 1008-0570(2004)07-0115-03 |
| 修稿时间: | 2003年12月25 |
Research of SElinux Security Policy and Security Object |
| |
| Huang,Yidong Shen,Tingzhi Zhu,Yaping.Research of SElinux Security Policy and Security Object[J].Control & Automation,2004,20(7):115-117. |
| |
| Authors: | Huang Yidong Shen Tingzhi Zhu Yaping |
| |
| Abstract: | SELinux can implement highly strong and flexible compulsive MAC system, can provide information isolation with secrecy and integrality, and can prevent from deceivability and bypass trying security system, and can limit the harm due to vicious codes and defect of the application program. SELinux supports several kinds of security strategy model and flexible modification of strategy. It uses type enforcement and access control based on role to configure system. In this article, the system structure and security model of SELinux is presented. In addition, I described how security enforced Linux can support strategy flexibility and how to satisfy the operation system's security requirement by configuring control strategy. |
| |
| Keywords: | Object Manager Security Server type enforcement policy mechanisms |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
