电子学报 ›› 2006, Vol. 34 ›› Issue (10): 1803-1808.

• 论文 • 上一篇    下一篇

一种支持动态调节的最小特权安全策略架构

沈晴霓1,2, 卿斯汉1,2, 贺也平2, 李丽萍2   

  1. 1. 北京大学软件与微电子学院,北京 102600;2. 中国科学院软件研究所,北京 100080
  • 收稿日期:2005-08-08 修回日期:2006-06-19 出版日期:2006-10-25 发布日期:2006-10-25

A Framework for Implementing Dynamically Modified Least Privilege Security Policy

SHEN Qing-ni1,2, QING Si-han1,2, HE Ye-ping2, LI Li-ping2   

  1. 1. School of Software and Microelectronics,Peking University,Beijing 102600,China;2. Institute of Software,Chinese Academy of Sciences,Beijing 100080,China
  • Received:2005-08-08 Revised:2006-06-19 Online:2006-10-25 Published:2006-10-25

摘要: 最小特权机制可为安全操作系统提供恰当的安全保证级.本文描述了一种支持动态调节的最小特权安全策略架构,它结合角色的职责隔离和域的功能隔离特性,通过一种基于进程上下文—角色、执行域和运行映像的权能控制机制,将每个进程始终约束在这些上下文允许的最小特权范围内.本文实例分析了该架构在安胜OS v4.0,一种自主开发的、符合GB17859-1999第四级——结构化保护级的安全操作系统中的实现.结果表明,它可支持安全操作系统实施动态调节的最小特权控制,并提供灵活有效的系统.

关键词: 安全操作系统, 安全策略, 最小特权, 权能, 角色,

Abstract: Least privilege mechanism can provide a reasonable degree of security assurance for secure operating systems.This paper described a framework for implementing dynamically modified least privilege security policy,which combined role’s duty separation property and domain’s function separation property.Under the control of its new capability mechanism based on a process’s executable image,current role and current domain,it restricted the process to the minimum amount of privileges within these contexts.This paper illustrated its implementation in ANSHENG OS v4.0,a copyrighted secure operating system satisfying all the specified requirements of Criteria class 4,"Structured-Protection",in GB17859-1999 (equally,the B2 level in TCSEC) in China.Thus it demonstrates that this framework can help enforcing dynamically least privilege control on a secure operating system,while still providing a flexible efficient system.

Key words: secure operating system, security policy, least privilege, capability, role, domain

中图分类号: