一种面向微内核操作系统的权能机制设计  

作　　者：姜博 张艺川 易力 王雷 姜哲 邹仕洪 JIANG Bo;ZHANG Yi-chuan;YI Li;WANG Lei;JIANG Zhe;ZOU Shi-hong(State Key Laboratory of Software Development Environment,School of Computer Science and Engineering,Beihang University,Beijing 100191,China;Yuanxin Information Technology Group CO.LTD,Beijing 100013,China;School of Cyberspace Security,Beijing University of Post and Telecommunication,Beijing 100876,China)

机构地区：[1]北京航空航天大学计算机学院软件开发环境国家重点实验室,北京100191 [2]元心信息科技集团有限公司,北京100013 [3]北京邮电大学网络空间安全学院,北京100876

出　　处：《小型微型计算机系统》2023年第11期2610-2618,共9页Journal of Chinese Computer Systems

基　　金：科技部重点研发计划项目(2019YFB2102400)资助;国家自然科学基金项目(62077002,61772056)资助。

摘　　要：当今主流操作系统通常采用访问控制列表的方式进行权限管理,但对于现实中多级权限传递的场景,由于用户主体和资源客体数量庞大,访问控制列表方式无法解决代理混淆问题.权能是对操作系统中进程所拥有的资源的一种描述.一方面,进程在访问某个资源前必须获得该资源的权能;另一方面,进程只能访问其权能空间中的资源.采用权能访问机制的操作系统能避免进程对资源的访问越界,实现了系统安全范畴中的权限细粒度化、特权最小化原则.本工作基于一个已有的微内核操作系统MOS,设计并实现了权能机制和基于权能机制的用户态C库函数;在用户态设计并实现了进程服务器和进程间通信接口;最后针对权能系统展开实验分析,以验证整体设计的正确性和有效性.Mainstream operating systems usually adopt Access Control List to manage the access to resources.However,due to the complex relationship between users and resources,ACL fails to solve the Confused Deputy problem.Capability is a description of system resources owned by some process in an operating system.On the one hand,in order to access a protected resource,the process must own a Capability related to it.On the other hand,the resource one process can access is always within in its Capability space.As a consequence,operating systems with Capability mechanism can keep processes from accessing resources beyond their permissions;With fine-grained permission management provided by Capability,the security in microkernel operating systems has been improved significantly.In this work,we have designed and realized the Capability mechanism on a microkernel operating system called MOS.We have designed a process server in user mode to provide Capability service.Then we built a set of Libc interfaces with Capability support.Finally,we performed an experiment on MOS to verify the correctness and efficiency of the work.

关 键 词：权能 权限管理 微内核 操作系统 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]