Design and Implementation of Linux File Mandatory Access Control

被引：0

作者：

Tian, Liye ^{[1
,2
]}

Rong, Xing ^{[2
,3
]}

Lu, Tingting ^{[3
]}

机构：

[1] Naval Aeronaut & Astronaut Univ, Yantai, Peoples R China

[2] Beijing Univ Technol, Coll Comp Sci & Technol, Beijing, Peoples R China

[3] PLA Informat Engn Univ, Inst Elect Technol, Zhengzhou, Peoples R China

来源：

NETWORK COMPUTING AND INFORMATION SECURITY | 2012年 / 345卷

关键词：

linux security module; virtual filesystem; mandatory access control;

D O I：

暂无

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

To control file access in Linux, Linux Security Module (LSM) and Virtual Filesystem are analyzed. Based on the LSM security field & hooks, a file mandatory access control system is designed and implemented on Linux2.6.26. This system meets GB 17859-1999's requirements by preserving subject and object labels. Kernel hooks are widely used in the system to get labels and judge if an access is legal. In a simplified environment the system is tested, test result shows that the system is able to complete file mandatory access control according to security policy.

引用

页码：15 / +

页数：2

共 50 条

[31] Mandatory Access Control for Android Application
Na, June-seung
Kim, Younghoon
Choi, Young-June
Pak, Wooguil
[J]. 2014 INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY CONVERGENCE (ICTC), 2014, : 299 - 300
[32] Design and implementation of an access control processor for XML documents
Damiani, E
di Vimercati, SD
Paraboschi, S
Samarati, P
[J]. COMPUTER NETWORKS, 2000, 33 (1-6) : 59 - 75
[33] Design and implementation of access control policy for XML documents
Han, Tao
[J]. Journal of Computational Information Systems, 2008, 4 (01): : 329 - 334
[34] Design and implementation of database security access control system
Shao Zi-bo
Liu Lian-zhong
Cui Yun-chuan
Wu Ke-song
[J]. Proceedings of 2006 Chinese Control and Decision Conference, 2006, : 775 - 778
[35] Design and implementation of access control mechanism in IP networks
Li, Li
Shen, Su-Bin
[J]. Nanjing Youdian Daxue Xuebao (Ziran Kexue Ban)/Journal of Nanjing University of Posts and Telecommunications (Natural Science), 2007, 27 (03): : 48 - 53
[36] Design Strategies for AODV Implementation in Linux
Gupta, Prinima
Tuteja, R. K.
[J]. INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2010, 1 (06) : 102 - 107
[37] DESIGN AND IMPLEMENTATION OF A DISTRIBUTED FILE SYSTEM
CHENG, HC
SHEU, JP
[J]. SOFTWARE-PRACTICE & EXPERIENCE, 1991, 21 (07): : 657 - 675
[38] Design and implementation of SoD engine for Linux
Nam, KH
Kim, JS
Kim, WY
Shim, JM
Kang, SJ
Heo, SJ
Choi, W
[J]. 8TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY, VOLS 1-3: TOWARD THE ERA OF UBIQUITOUS NETWORKS AND SOCIETIES, 2006, : U1323 - U1326
[39] POSIX Access Control Lists on Linux
Grünbacher, A
[J]. USENIX ASSOCIATION PROCEEDINGS OF THE FREENIX TRACK, 2003, : 259 - 272
[40] The design and implementation of appointed file prefetching for distributed file systems
Hwang, Gwan-Hwan
Lin, Hsin-Fu
Sy, Chun-Chin
Chang, Chiu-Yang
[J]. JOURNAL OF RESEARCH AND PRACTICE IN INFORMATION TECHNOLOGY, 2008, 40 (02): : 91 - 108

← 1 2 3 4 5 →