Dissertation > Excellent graduate degree dissertation topics show

Study on Tools of SELinux Policy Configuration

Author: TianMinLi
Tutor: DiGaoShou
School: Beijing Jiaotong University
Course: Computer Science and Technology
Keywords: Secure operating system Mandatory Access Control Security policy configuration SELinux
CLC: TP393.08
Type: Master's thesis
Year: 2010
Downloads: 89
Quote: 1
Read: Download Dissertation

Abstract


The security of the operating system is to ensure that the key to security of information systems, the introduction of mandatory access control mechanism, the security of the operating system has been largely improved. SELinux, leading the development of the U.S. National Security Agency (NSA) to support role-based access control model, the type of enhanced security model and optional multi-level security model. Highly dependent SELinux security policy configuration, the ability to effectively implement and guarantee the security of the system depends on the correctness of the security policy configuration. However, SELinux security policy configuration is more complicated, cause great difficulties to the implementation and maintenance of Linux users security, which restricts the reliability and credibility of the SELinux security mechanisms. The goal of this study is the SELinux security policy configuration is designed to explore the methods and techniques that may be used for security policy configuration process in order to reduce the workload and the complexity of Linux security the operator manage security policy configuration to improve the effect of the implementation of the SELinux security mechanisms. To this end, the need to consider and start to concrete expansion from two aspects. The one hand, how to facilitate and simplify the user to build security policy configuration procedure, on the other hand is how to ensure the correctness and reliability of the security policy configuration. By tracking SELinux related research, including SELinux security architecture and security model supported, in particular, the analysis of the sample policy provided by the NSA, security policy configuration to build the basic process, the formation of the basic configuration of the security policy architecture. On this basis, it is trying to facilitate and reduce the user's actions through the wizard-built and Syntax-editing. In addition, the security policy configuration editing process scalable tree display mechanism, clearly demonstrate the intrinsic link between the security policy configuration source files and even the security policy configuration items, user specific security policies described fast accurate positioning. In order to ensure the accuracy and reliability of the security policy configuration, the paper also discusses the consistency of the access control space analysis and inspection methods, and consider the configured security policy even during the course of the introduction of the so-called static or dynamic checking mechanism. The paper gives the SELinux security policy configuration tool design, prototype implementation of key modules as well as the implementation of the SELinux security policy configuration process. Finally, research paper summarizes and put forward some suggestions for follow-up work, and subject future research directions were discussed.

Related Dissertations

  1. Research and Realization on Security Mechanism of Embedded Rtos VxWorks,TP316.2
  2. Study on Testing Techniques and Design of Testing Tools for Multilevel Secure Database Management System,TP311.13
  3. Research and Improvement of MAC for Windows,TP393.08
  4. Role-based access control mechanism independent Research and Implementation,TP316
  5. VM-based architecture for distributed mandatory access control system,TP393.08
  6. Removable storage device security adapter Research and Implementation,TP333
  7. Research on SELinux and Improvement,TP309
  8. Study on Analysis Tools for SELinux Security Policy,TP393.08
  9. The Analysis and Research on Access Control Mechanism Based on Netconf Network Management System,TP393.07
  10. Research of Linux Security Based on LSM,TP316.81
  11. Method for Analyzing Security Policies of SELinux,TP393.08
  12. Research and design of security audit subsystem of the operating system,TP393.08
  13. Automatic Analysis of Covert Channel Based on Source Codes of Linux Kernel,TP309
  14. Research on Mandatory Access Control Mechanism in DM DBMS,TP311.13
  15. Research on Access Control Technology Based on Security Label for Web Application,TP393.08
  16. Design and Application Research of Secure Operating System Hybrid Multiple Policy Model,TP393.08
  17. Level of protection for VPN technology research and design,TP393.08
  18. Access control policy language research and design,TP393.08
  19. Research and Analysis of Dynamic Information Flow Monitoring Based on Finite State Automaton,TP277
  20. Research and Implementation on Mandatory Access Control of Secure Database,TP309

CLC: > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security
© 2012 www.DissertationTopic.Net  Mobile