检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]四川师范大学计算机科学学院,成都610061 [2]天融信网络安全有限公司成都研发部,成都610063
出 处:《计算机应用》2009年第9期2369-2374,共6页journal of Computer Applications
基 金:四川省重点实验室项目
摘 要:针对POSIX.1e标准的权能模块的缺陷进行了改进,在Linux内核安全模块(LSM)框架基础上,加载改进的模块,对操作系统内核层进行监听和控制处理,完成进程信任状特权仲裁、安全i节点(i-node)操作、信息队列反馈等一系列操作,最后调用字符设备反馈监控信息到应用层进行安全控制处理。实验表明,改进方案与加载原有权能模块Linux内核的方法相比,不仅在系统的运行效率、监控的正确率和系统扫描覆盖率上有所提高,而且在系统资源占用率等多项指标中都显示其具有良好的监控性能。A method was proposed to improve POSIX. l e standard capability module. In addition, monitoring and controlling were performed on the operation system kernel layer after loading improved module at the kernel of Linux Security Module (LSM) framework. Furthermore, a series of operations were carried out, which included the process trust-like privileges arbitration, security i-node operation, information feedback, queue operation, etc. At last, the character devices were used to feedback the monitor information to application layer and performed security control. Compared with original capability module, the proposed scheme not only improves efficiency of system operation, correct monitoring rate, and coverage of system scanning, but also keeps better monitoring performance in system resources occupancy rate and several parameters.
关 键 词:访问控制 内核驱动 系统调用 LINUX安全模块 权能模块
分 类 号:TP309.5[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15