Research And Implementation Of Linux Security Enhanced Authentication System

With the extremely rapid development in recent years,the Linux system has been more and more widely used due to its agility.Some government agencies,such as the department in charge of security and secrecy,etc.,will also use the Linux system as the daily office system since these departments have certain requirements for the security of the system.Because certain security agency demands a type of desktop Linux system of the security and secrecy function,it proposes the requirement for security enhancements,demonstrated by identity authentication,data encryption,peripheral control,auditing in information security,prevention of the tamper with the executable program,control over the operating authorization,etc.Identity authentication for user login is the first line of defense,therefore,its security appears especially important.What’s more,it is also one of the requirements for security enhancements function proposed by certain security agency.The security enhancement of the identity authentication is the direction of research and implementation of this thesis.The primary works in this thesis are presented as follows:(1)Choose to use E820 table as a medium of information transmission,its essence is an address field in memory.We can use technical way to read the information of the address to keep,and in the process of system startup will not be covered.The E820 table can be used by the BIOS and the applications.They can operate the memory to read and write.(2)Modify the kernel and add the system call function.It is a interface to get the user information of the application in memory.It realize the read and write operation of E820 table information and pass it to the system application service.(3)Add BIOS and GRUB2 functions.The BIOS will also serve as a window for users to log in,and also can save user information to the E820 table.The GRUB2 increases the functionality of E820 table information acquisition and blocks user selection or editing to boot the system’s specified kernel.(4)Application services.It realize the system user information processing service.Application services get the user information in E820 table and set the systemsetting through the system call function implemented by the kernel.The plan of this thesis is about the safety enhancement for the identity authentication of system login,and the goal is to integrate visible operations and certain operations into a single operation for the whole process of system log-in identification.As a result,the process atomization will be more compact to reduce human intervention,and no extra operations will be added to the users,who will need to enter user name and password for logging in the system as usual.To sum up,the identity authentication of Linux will be much safer.