检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
出 处:《中国科学院研究生院学报》2004年第1期95-100,共6页Journal of the Graduate School of the Chinese Academy of Sciences
基 金:supportedbytheNational 863High techProgramofChina(863 3 0 6 ZD 12 14 2),theNationalNaturalScienceFoundationofChina(60 0 73 0 2 2 )andtheKnowledgeInnovationEngineeringProgramoftheChineseAcademyofSciences(KGCX 1 0 9)
摘 要:很多安全操作系统都是基于类UNIX系统开发的,并按照TCSEC或CC的要求引入了强制访问控制和审计等安全机制,但是并未保证用户账号的唯一性,从而可能造成审计记录的混乱和用户权限的不正确重用,这就要求改变原来的类UNIX系统的账号管理方式。提出了在系统调用层截取修改系统账号文件这类事件以保证用户UID唯一性的方案,使得即使超级用户(包括通过成功的攻击而获取的超级用户权限)也无法任意修改用户账号数据库。这种机制已经在SLINUX系统中得到了实现。最后给出了该机制在SLINUX系统上的性能测试结果。Many secure operating systems are developed based upon UNIX-like systems and many access control mechanisms and audit mechanism are introduced, but the system account file does not assure unique UID and might lead to confusion in audit trails. Users’ access rights in some security mechanisms are generally managed quite independently of account management and should also be deleted when one user is removed from the account file to avoid unintended reuse by another user. All those things require that the account file should be administrated in a way different from the traditional one in UNIX. Puts forward a mechanism to keep unique UID and to capture user account alteration in system call level. Puts the mechanism into practice in SLINUX, a variant of LINUX, and provide the performance analysis.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.145.171.144
