Dissertation > Excellent graduate degree dissertation topics show

The Research and Implementation of User Privilege Minimization in Operating System

Author: XieXinWei
Tutor: LiaoXiangKe
School: National University of Defense Science and Technology
Course: Computer Science and Technology
Keywords: Minimize user privileges Least Privilege Elevation of Privilege RBAC POSIX Capabilities Process power status
CLC: TP393.08
Type: Master's thesis
Year: 2008
Downloads: 58
Quote: 1
Read: Download Dissertation


Traditional operating system based on user privilege management strategy. Super user with all the privileges, which can execute any privileged operations, which is a major source of lead to system hazards. The principle of least privilege requires that each user of the system or process only the minimum privileges necessary to perform its mandate collection. Through the implementation of least privilege, both to limit the legitimate user to use the system within the scope of their duties, the malicious user can minimize the destruction. In this paper, based on in-depth analysis of the principle of least privilege and access control technology proposed to minimize user privileges technology used to control and restrain the privileges of the user process operation, in order to improve the security of the operating system. Firstly, combined with access control framework, role model and capability mechanism, an operating system user privileges minimization model. The model through role authorization controls, the default does not confer any power of the logged-on user: when user action or application needs privileged elevated privileges based on operational needs, and once, after the end of the operation, the power be canceled. Subdivided classified in accordance with the right to be able to POSIX1003.1e standard definition system privilege to determine the power required for each privileged operations. Through the process of empowerment status of the privilege of operating behavior of the process description. When the user process requires privileges to perform operations, will trigger a privileged status change event state changes the process privileges. The model first empowerment matching, privilege escalation, to allow the process' capability to migrate user authentication judgment. Event after the end of the process will resume non-privileged status. The formal description of the model and definitions to eliminate the non-formal specification ambiguity and subjectivity, and help to identify defects in the system design. Model for the system to dynamically adjust and flexible management least privilege provides an effective method of each process. Based on this model, we further design a generic user privileges minimize control framework for the control of user rights. The framework by kernel threads elevation of privilege requests received from the capability checkpoint, enhance the operation coordinated with the user background process to complete interactive user authentication and privilege. The Kylin system model, through the establishment of the device file to complete the communication between the kernel and user mode response; improved the the ACL checking algorithm to reduce unnecessary elevated privileges; TE strategy to achieve the security framework. User privileges minimized model enables the user to control the system in a more secure manner, but also greatly improved convenience, an effective solution to minimize the problem of user privileges.

Related Dissertations

  1. A Design and Implementation of Single Sign-on System Based on the Improved RBAC Model and CAS,TP311.52
  2. Web Application Research on J2EE Multi-Layer Architecture,TP393.09
  3. B / S Access Control Information System Implementation and Application,TP311.52
  4. Online data integration technology research and design,TP311.13
  5. Design and Implementation of Operation Support Management Platform for Streaming Media,TP311.52
  6. General System Design and Implementation of Rights,TP311.52
  7. The Authorization Management System of the River Dike’s Management Information System Based on RBAC,TV871
  8. Design and Implementation on an Improved Access Control for MySQL Database,TP311.13
  9. The Research and Implementation of a Access Control Model Based on Attribute and RBAC,TP309
  10. Research on Hybrid Attribute Based Access Control Model,TP393.08
  11. Research and Pactice on Uniform Authorization Based on Access Control List,TP393.08
  12. Research and Implementation on the Key Technologies in Tobacco Diseases and Pests Forecasting System,TP311.52
  13. Dynamic Context -based access control to achieve active WEB,TP393.08
  14. For cross-border exchange of information visualization analysis of access control policy,TP393.08
  15. Extended model based on RBAC rights management system design and implementation,TP311.52
  16. Participants expressions based workflow dynamic authorization model,TP311.52
  17. A high- security access control model for Web application research,TP393.08
  18. Research on Policy Integration Mechanism of Hybrid Hierarchy Based Multi-domains,TP393.08
  19. Design and Realization of a Network Cooperative Office System Based on Web,TP317.1
  20. Research and Application of Authentication & Authorization in Electronic Military System,TP393.08
  21. Application and Research of Security Mechanism in Workflow Management System,TP311.52

CLC: > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security
© 2012 www.DissertationTopic.Net  Mobile