| 安全操作系统中用户账号的管理 |
| |
| 引用本文: | 张相锋,孙玉芳.安全操作系统中用户账号的管理[J].中国科学院研究生院学报,2004,21(1):95-100. |
| |
| 作者姓名: | 张相锋 孙玉芳 |
| |
| 作者单位: | 中国科学院软件研究所,北京,100080 |
| |
| 基金项目: | supportedbytheNational 863High techProgramofChina(863 3 0 6 ZD 12 14 2),theNationalNaturalScienceFoundationofChina(60 0 73 0 2 2 )andtheKnowledgeInnovationEngineeringProgramoftheChineseAcademyofSciences(KGCX 1 0 9) |
| |
| 摘 要: | 很多安全操作系统都是基于类UNIX系统开发的,并按照TCSEC或CC的要求引入了强制访问控制和审计等安全机制,但是并未保证用户账号的唯一性,从而可能造成审计记录的混乱和用户权限的不正确重用,这就要求改变原来的类UNIX系统的账号管理方式。提出了在系统调用层截取修改系统账号文件这类事件以保证用户UID唯一性的方案,使得即使超级用户(包括通过成功的攻击而获取的超级用户权限)也无法任意修改用户账号数据库。这种机制已经在SLINUX系统中得到了实现。最后给出了该机制在SLINUX系统上的性能测试结果。
|
| 关 键 词: | 安全操作系统 安全机制 审计 |
Administration of User Account in Secure OS |
| |
| Abstract.Administration of User Account in Secure OS[J].Journal of the Graduate School of the Chinese Academy of Sciences,2004,21(1):95-100. |
| |
| Authors: | Abstract |
| |
| Abstract: | Many secure operating systems are developed based upon UNIX-like systems and many access control mechanisms and audit mechanism are introduced, but the system account file does not assure unique UID and might lead to confusion in audit trails. Users' access rights in some security mechanisms are generally managed quite independently of account management and should also be deleted when one user is removed from the account file to avoid unintended reuse by another user. All those things require that the account file should be administrated in a way different from the traditional one in UNIX. Puts forward a mechanism to keep unique UID and to capture user account alteration in system call level. Puts the mechanism into practice in SLINUX, a variant of LINUX, and provide the performance analysis. |
| |
| Keywords: | secure OS security mechanism audit |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
