黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

Zhiqiang Lin,Chao Wang,Bing Mao,Li Xie

DOI: https://doi.org/10.1145/1075395.1075397

2005-01-01

Abstract:As the fundamental software to guarantee information security, operating system is desired to support various security policies flexibly and to control the propagation and revocation of access rights efficiently. This paper presents a design and implementation of Policy Flexible Architecture (PFA) for secure operating system to achieve the coordination, extensibility, consistency and dynamic configuration of security policies. Through a thorough analysis of all related facilities, PFA classifies policy constructions into several levels according to their effects on security status; PFA emphasizes on centralized management of security policy as well as on centralized maintainability of security attributes; for the first time PFA gives revocation rules to specify how and when to revoke permissions. PFA has been applied to our Secure Enhanced Linux Operating System, and the experiment shows that the system holds at least three advantages. First, it helps users to choose intended security policies flexibly. Besides it supports users to add new security policies according to specific security requirements easily. Finally it sets permission revocations immediately and gets no significant performance penalty.

MAO Weifeng,PING Lingdi,JIANG Li,CHEN Xiaoping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.068

2006-01-01

Abstract:SECOS is a secure operating system with independent intellectual property right,which accords with the requirements of level 4 secure operation system technology.This paper illustrates some key issues of the system,including design method for enchancement of security,improved model from the Bell-La Padula MAC(mandatory access control) implementation,the realization of the model,formal method during the system development,conversiion channel analysis and its prevention,and secure deletion.The performance evaluation shows the design and implementation of SECOS is effective.

SHEN Qing-ni,QING Si-han,HE Ye-ping,LI Li-ping

DOI: https://doi.org/10.3321/j.issn:0372-2112.2006.10.012

2006-01-01

Abstract:Least privilege mechanism can provide a reasonable degree of security assurance for secure operating systems.This paper described a framework for implementing dynamically modified least privilege security policy,which combined role's duty separation property and domain's function separation property.Under the control of its new capability mechanism based on a process's executable image,current role and current domain,it restricted the process to the minimum amount of privileges within these contexts.This paper illustrated its implementation in ANSHENG OS v4.0,a copyrighted secure operating system satisfying all the specified requirements of Criteria class 4,"Structured-Protection",in GB17859-1999(equally,the B2 level in TCSEC) in China.Thus it demonstrates that this framework can help enforcing dynamically least privilege control on a secure operating system,while still providing a flexible efficient system.

Weili Han,Zheran Fang,Weifeng Chen,Wenyuan Xu,Chang Lei

DOI: https://doi.org/10.1145/2046707.2093491

2011-01-01

Abstract:Policy driven management is widely used to manage networked resources and protect sensitive resources. Existing policy-driven management strategies rely heavily on policy administrators to specify and validate policies, which not only require in depth understanding of policy languages and domain knowledge, but also are error-prone.To simplify the tasks of policy administration, this paper proposes a novel policy administration framework, named collaborative policy administration (CPA). Essentially, the idea is that applications with similar functionalities shall have similar policies. Thus, to specify or validate policies, CPA will examine policies already specified by other applications in the same category and perform collaborative recommendation. In this paper, we consider the Android systems as a case study and show that CPA can strengthen Android security.

曾璎珞,潘雪增,陈健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.052

2010-01-01

Abstract:This paper proposes a dynamic security access control model based on system reliability,so as to improve the flexibility of combination among multiple security access control strategies,and to ensure system security and practicality.The model can choose the proper kind of combination among the security access control strategies dynamically in order to deal with different system states and improve the whole system performance.Experimental results prove that this model makes the multiple strategies control more flexible,ensures the system security,and improves practicality of the system.

Zhou Qiang,Li Shanping

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.10.033

2007-01-01

Abstract:A design of user mode file system based on Linux is introduced.A kernel module and a user mode daemon are adopted.The user mode file system can improve the flexibility of file system,and it is easy for redevelopment.The detailed issues about the design are presented,and the practical example and application scope are proposed.

HU Da-Lei,ZHOU Xue-Hai

2010-01-01

Abstract:Access control is the mechanism to protect the operating system.At present,most systems lack proper access control mechanism.The implementation of access control mechanisms of the existing security system depends on the specific operating system platform,thus lacking portability.This paper sums up the differences between different platforms and the implementation methods of a variety of secureity systems.It abstracts the platform-dependence of access control mechanism,and designs a platform-independent and flexible access control framework PIFAC.This PIFAC has been implemented in Windows,Linux and Rtems.

訾小超,茅兵,谢立

DOI: https://doi.org/10.3969/j.issn.1002-137X.2003.03.006

2003-01-01

Computer Science

Abstract:The diversity of security requirements demands that information systems flexibly support policies,and uni-form policy description is important to implement policy-flexible system. This paper brings up new method to descriptpolicies based on trace, which can be applied to many policies used currently. Subsequently this paper refines thismethod in order to be applicable to actual system ,and discusses how to merge multiple policies.

XIA Lei,HUANG Hao,YU Shu-ying,WANG Zhi-qiang

2007-01-01

Abstract:Increasing diversity and complexity of the computing environments result in various security requirements.MLS security policy only aims at confidentiality assurance,in less consideration of integrity assurance and weakness in channel control.To handle that the trusted subjects have many security shortcomings of MLS model,a multi-policy views security model(MPVSM)was presented.Based on the MLS model,MPVSM combined the domain and type attributes to the model,to enforce the channel control policy,make permission management more fine-grained and enhance the ability to confine the permission of the trusted subjects.MPVSM was also able to enforce multi-policy views in operating system in a flexible way.The implementation of the MPVSM model in our prototype trusted operating system Nutos was also introduced.

Stephen S. Yau,Yisheng Yao

2006-01-01

Abstract:A major advantage of the emerging service-oriented computing technology is its ability to enable rapid formation of large-scale distributed systems by composing massively available services to achieve the system goals, regardless of the programming languages and platforms used to develop and run these services. For these systems which often involve interactions among multiple organizations over various networks, how to manage and enforce security policies is the prime concern in assuring that only authorized users or systems have the access to massively available services. However, with the increasing scalability and flexibility required by the dynamic service-oriented computing environments, manage and enforce security policies in such systems is a very challenging task. Existing research efforts have not sufficiently addressed this challenging task for enabling systematic security policy management and enforcement in service-oriented systems. In this dissertation research, a framework based on formal foundations is developed for dynamically, yet systematically, managing and enforcing security policies in service-oriented systems. This framework includes a security policy meta-model and a runtime security policy execution model for security decision making and enforcement. The security policy meta-model will be used to provide unambiguous security policy specifications and to facilitate sound and complete security policy reasoning, such as consistency checking, redundancy analysis, security policy specification composition, and automated security service synthesis from declarative security policy specifications. Analysis of expressiveness of this security policy meta-model is also provided in this dissertation. The runtime security policy execution model is developed for enforcing the security policies with provable correctness. This framework will also include tools for generating and deploying security services to compute and enforce security decisions based on security policies, credentials and situational information. With this framework, various parties of large-scale service-oriented systems can easily manage and enforce security policies to meet their security requirements under various situations. Examples are provided to show the effectiveness of the framework.

ZJ He,T Phan,TD Nguyen

DOI: https://doi.org/10.1109/reldis.2005.17

2006-01-01

Journal of Computers

Abstract:We propose and evaluate a novel framework for enforcing global coordination and control policies over interacting software components in enterprise computing environments. This framework combines a per-node reference monitor with two existing coordination and control systems to enforce policies that, among other properties, are stateful and communal. Each reference monitor filters messages exchanged between the interacting software components similar to a firewall, passing only messages that are allowed by the policies in effect. This filtering approach decouples coordination and control from application implementation, allowing the coordination and control mechanism and application implementations to evolve independently of each other. We demonstrate the power of our framework by using it to specify and enforce an RBAC policy with delegation, revocation, and separation-of-duty over accesses to a cluster of NFS and SMB file servers without changing any client or server implementations. Measurements show that our framework imposes acceptable overheads when enforcing this policy.

LI Guo-Le,WANG Yi,MAO Bing

DOI: https://doi.org/10.3969/j.issn.1002-137x.2007.02.076

2007-01-01

Computer Science

Abstract:The complexity and diversity of the security make it difficult for users to get an intuitionistic and full-scale comprehension of security conditions of the system,let alone timely response and disposal with abnormal events.In the process of building SoftOS,a type of security strengthened OS,by means of research on the relationships between various subjects and objects,as well as the resource consumption and system security,we design and implement the System Security View,i.e,SecView,for the purpose of providing and analysing integrated and comprehensive security related information so as to assist users in knowing the security status of the system fully and conducting proper disposals.

LI Li-ping,QING Si-han,HE Ye-ping,SHEN Qing-ni

DOI: https://doi.org/10.3321/j.issn:1000-436x.2006.02.016

2006-01-01

Abstract:In order to solve the problems of policy reusability and policy co-existence in LSM,a new security architecture ELSM is proposed.It introduced Model Combiner as main module to implement module stack management and module decision management.Module decision is based on access control space as policy specification for general support.The design of ELSM and the analysis of its implementation in Ansheng OS prove its effectiveness.

Dong-young Lee,H. Seo,Tae-Kyung Kim

Abstract:Enterprise security management system proposed to properly manage heterogeneous security products is the security management infrastructure designed to avoid needless duplications of management tasks and inter-operate those security products effectively. In this paper, we defined the security policies using Z-Notation and the detection algorithm of policy conflict for managing heterogeneous firewall systems. It is designed to help security management build invulnerable security policies that can unify various existing management infrastructures of security policies. Its goal is not only to improve security strength and increase the management efficiency and convenience but also to make it possible to include different security management infrastructures while building security policies. With the process of the detection and resolution for policy conflict, it is possible to integrate heterogeneous security policies and guarantee the integrity of them by avoiding conflicts or duplications among security policies. And further, it provides convenience to manage many security products existing in large networks.

Computer Science,Business

Feng Wang,Baoshan Ge,Li Zhang,Yong Chen,Yang Xin,Xiayuan Li

DOI: https://doi.org/10.1002/sres.2184

2013-04-04

Systems Research and Behavioral Science

Abstract:After analysing the security conditions in current Enterprise Systems (ES), this paper proposes a systematic framework that is based on the Secure Sockets Layer Virtual Private Network (SSL‐VPN) for improving security management. This framework takes account of several key aspects such as channel strategy, network pattern, workstation authentication, identity authentication, security workflow, etc. The proposed framework has the following advantages: low cost, high performance, easy to implement, and strong security control pattern. In addition, this paper proposes a dynamic security strategy that is about authorizing user ID and roles dynamically and conducting real‐time mapping via agent or proxy technologies. Copyright © 2013 John Wiley & Sons, Ltd.

management,social sciences, interdisciplinary

SHEN Qing-ni,QING Si-han,HE Ye-ping,SHEN Jian-jun

DOI: https://doi.org/10.3321/j.issn:1000-436x.2006.02.010

2006-01-01

Abstract:In order to support POSIX capability mechanism,many secure operating systems provided individual capability inheritable algorithms.These algorithms were only applicable to specified least privilege control policies,and had such defects as semantic conflicts and no defined security-objectives.So they couldn’t flexibly support for implementing diversified privilege policies for different requirements.Based on the analysis of some existing algorithms,a new capability inheritance algorithm was proposed,which introduced the policy-relevant capability control variable and the trusted application attribution.The implementation of the algorithm in ANSHENG secure operating system demonstrates that this algorithm provides such properties as policy-adaptability and usability,the formal analysis and verification of this algorithm proves that it supports a secure operating system to meet basic security theorems of the privilege policies enforced in it.

ZHAO Chuanlin,WU Wenchuan,ZHANG Boming,SUN Hongbin

DOI: https://doi.org/10.3321/j.issn:1000-1026.2007.22.002

2007-01-01

Abstract:To make the online transient early warning and security protecting system easy to reuse and maintain,a software development is proposed.Several advanced methods,such as architecture analysis,design pattern,framework and unit testing,are used in this to enhance the development efficiency and software quality.A layered architecture is introduced during the design process and a strategy pattern is used to adapt to the changing requirement for the dynamic model of the component concerned.An open framework for distributed task dispatching is also presented.A subscriber/publisher is used to implement message exchange between the server and clients,which is adaptive to the hardware configuration changes.An online transient early warning and security protecting system based on the methods proposed has been developed and put into actual operation in a provincial power system.

Yao Jian,Shi Xinju,Xie Li

DOI: https://doi.org/10.3969/j.issn.1000-386X.2006.12.006

2006-01-01

Abstract:It is necessary for integrated security management platform to solve the management problems of different security devices from different manufactures.The key problems of common management information model and common security management protocol are analyzed.At last,an implementation of integrated security management platform is described.

Chen Weidong,Wang Chao,Zhang Li,Xu Zheng,Xing Xishuang

DOI: https://doi.org/10.3969/j.issn.1000-386x.2013.03.080

2013-01-01

Abstract:Information security of server is encountering increasingly serious security menace.Viruses,worms,Trojans and other malicious programs impose the threat on the security of server system.The operating system has the needs to identify and control from kernel layer the subjects and objects imperilling the security.Mandatory access control has to be executed on files,registry,process,etc.in kernel layer.We study and address the implementation of operating system security kernel in terms of system resources and networks covert communication in this paper.The system has been applied to the corporate websites,various types of servers and other network security applications that have higher security requirement.The mandatory access control and each process,file,registry and network communications,etc.are all endued the appropriate security attributes systematically.Security attributes are set by the administrator strictly in accordance with the rules.Combined with the principle of least privilege and security auditing,security control is conducted at the application layer on the server or server cluster.