With consideration of a variety of malware threats and security requirements, research on and enforcement of the malware-defending system in secure operating system is conducted with an experiment of implementing a practical secure operating system (SOS). As a result, six principal achievements have been obtained.First, the essence of infection and damage of malware is revealed in accordance with the properties of SOS, hence privilege control and integrity control, as two kinds of malware-defending methods are presented. The incapability of access control mechanism of Linux/Unix in defending malware is shown.Second, malware-defending framework (MDF) suitable for SOS is designed. Privilege control and integrity control are perfectly combined in MDF as two aspects of defending technology. To reduce the losing of performance of program with higher integrity, integrity threshold is introduced.Third, t he c oncept o f n egative p rivilege i s i ntroduced i nto d iscretional a ccess control (DAC), and conflict-resolving mechanism is given. Limited privileges inheritance mechanism simplifying authorization is presented. Control permission and access permission are distinguished and refined. Delegation is supported by our DAC. The DAC above is implemented in MDF, which realizes user privilege control.Fourth, the relationship among user privilege, program privilege and process privilege, as well as user-dependent or user-independent properties of program privilege, is analyzed. As a result, a process-based static access control (PBSAC) model is presented for the first time, which avoids misuse of owner privilege. Relationships of conflict, dependent and authorization-dependent between process privileges are defined, and rules of dynamically adjusting process privilege are given, hence presents a process-based dynamic access control (PBDAC) model for the first time, which avoids misuse of process privilege. PBS/DAC model is implemented in MDF, which combines PBSAC and PBDAC, and realizes process privilege control.Fifth, essence of defect in static implement of Biba model is shown, and a prerequisite condition-based authorization model is presented for the first time. Toovercome the defect, a dynamic implement of Biba model is designed. To satisfy the requirement of multiple integrity policies, general implement of Biba model is designed. To realize integrity control of MDF, Biba model is dynamically and generally implemented in MDF, and works well.Last but not least, delegation model is studied in virtue of role-based access control, and two new delegation models are presented. One is the repeated and partial role-based delegation model, which supports repeat and partial delegation, and the other is temporal role-based delegation model, which supports temporal delegation. The two models are helpful in implementing precise privilege control, and prevent privilege misuse efficiently.In a word, the principal achievements of this dissertation are helpful for the research on and enforcement of malware-defending technology of SOS, and for the construction of secure operating system platforms with malware-defending function. |