| With the prevalence of network application, we became faced with a new urgency of network security growing at an astronomical rate. Today, the importance of secure operating system on providing security service against all kinds of threats is accepted by more and more people. Our work is based on the practical development of a secure operating system-SecLinux V4, which is accordance with the requirements of the fourth level, i.e. Structured Protection Level, of GB17859. We focus our efforts on the research and implementation of the network subsystem of SecLinux V4, and succeed in extending the mandatory access control policy into the network stack, designing and implementing a more flexible network security architecture. This thesis gives a comprehensive expatiation about it, including six principal achievements we got. They are: 1. The development of network subsystem is based on the security model DAACM which gives the ability to provide mandatory access control in fine-grained modes; 2. We adopt the Flask security architecture in order to support dynamic and multiple security policies; 3. The practical implementation is based on a general access control framework-LSM, which supports different loadable security models. We make full use of its network hooks to map the different access control requirements into different layers in the network stack; 4. We also provide network security information labeling mechanism, so that two hosts can exchange and use their security information conveniently; 5. Network cryptographic protection mechanism is included to provide the confidentiality, integrality, authenticity. 6. We do some pilot study on network extended system call, policies' unifying and integrating. To sum up, the achievements presented in this thesis will provide some useful technologies and experiences to the research and design of the high level secure operating system in our country. |
PDF Full Text Request