A Framework for Implementing Dynamically Modified Least Privilege Security Policy

SHEN Qing-ni; QING Si-han; HE Ye-ping; LI Li-ping

您当前的位置：

首页 >

文章列表页 >

A Framework for Implementing Dynamically Modified Least Privilege Security Policy

更新时间：2025-07-16

- A Framework for Implementing Dynamically Modified Least Privilege Security Policy
- Acta Electronica Sinica Vol. 34, Issue 10, Pages: 1803-1808(2006)
- 作者机构：
  
  1. 北京大学软件与微电子学院,北京,102600
  2. 中国科学院软件研究所,北京,100080
  3. 北京大学软件与微电子学院北京,102600
  4. 中国科学院软件研究所北京,100080
- 作者简介：
- 基金信息：
- DOI：
  CLC： TN309
- Published：2006
- 稿件说明：
移动端阅览
SHEN Qing-ni, QING Si-han, HE Ye-ping, et al. A Framework for Implementing Dynamically Modified Least Privilege Security Policy[J]. Acta Electronica Sinica, 2006, 34(10): 1803-1808.
DOI：

SHEN Qing-ni, QING Si-han, HE Ye-ping, et al. A Framework for Implementing Dynamically Modified Least Privilege Security Policy[J]. Acta Electronica Sinica, 2006, 34(10): 1803-1808. DOI：

摘要

最小特权机制可为安全操作系统提供恰当的安全保证级.本文描述了一种支持动态调节的最小特权安全策略架构

它结合角色的职责隔离和域的功能隔离特性

通过一种基于进程上下文—角色、执行域和运行映像的权能控制机制

将每个进程始终约束在这些上下文允许的最小特权范围内.本文实例分析了该架构在安胜OS v4.0

一种自主开发的、符合GB17859-1999第四级——结构化保护级的安全操作系统中的实现.结果表明

它可支持安全操作系统实施动态调节的最小特权控制

并提供灵活有效的系统.

Abstract

Least privilege mechanism can provide a reasonable degree of security assurance for secure operating systems.This paper described a framework for implementing dynamically modified least privilege security policy

which combined role’s duty separation property and domain’s function separation property.Under the control of its new capability mechanism based on a process’s executable image

current role and current domain

it restricted the process to the minimum amount of privileges within these contexts.This paper illustrated its implementation in ANSHENG OS v4.0

a copyrighted secure operating system satisfying all the specified requirements of Criteria class 4

"Structured-Protection"

in GB17859-1999 (equally

the B2 level in TCSEC) in China.Thus it demonstrates that this framework can help enforcing dynamically least privilege control on a secure operating system

while still providing a flexible efficient system.

关键词

Keywords

references

Views

1053

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Research Progress on Attribute-Based Access Control

A Feature Model Componentization Method Based on Role

Research on Multilevel Security Model Based on Trustworthy State and Its Application

Role-Based Access Control Model of Temporal Object

Research on Intrusion Tolerant Architecture Based on Role-Based Access Control

Related Author

FONT

ZHANG Li-chen

FU Hong

WANG Xiao-ming

Verdana

FONT face

YAO Zhi-lin

LIU Shu-fen

Related Institution

School of Computer Science and Technology, Shaanxi Normal University

College of Computer Science and Technology, Jilin University

Institute of Computer Science and TechnologyBeijing University of TechnologyBeijing 100022China

Automatization of Command InstituteAcademy of Navy EquipmentBeijing 100036China

State Key Laboratory of Information SecurityGraduate University of Chinese Academy of SciencesBeijing 100049China

⁰