欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2005, Vol. 22 ›› Issue (6): 707-711.DOI: 10.7523/j.issn.2095-6134.2005.6.008

• 论文 • 上一篇    下一篇

基于LSM框架的审计系统的设计与实现

王富良1,2,3, 贺也平1,2,3, 李丽萍1,2,3   

  1. 1. 中国科学院信息安全技术工程研究中心, 北京 100080;
    2. 中国科学院软件研究所, 北京 100049;
    3. 中国科学院研究生院, 北京 100049
  • 收稿日期:2004-11-17 修回日期:2005-02-24 发布日期:2005-11-15
  • 基金资助:

    国家自然科学基金项目(60083007);国家重点基础研究发展规划(973)项目(G1999035802)资助

Design and Implementation of LSM Based Secure Auditing System

WANG Fu-Liang1,2,3, HE Ye-Ping1,2,3, LI Li-Ping1,2,3   

  1. 1. Engineering Research Center for Information Security Technology, Chinese Academy of Sciences, Beijing 100080, China;
    2. Institute of Software, Chinese Academy of Sciences, Beijing 100080, China;
    3. Graduate School, Chinese Academy of Sciences, Beijing 100049, China
  • Received:2004-11-17 Revised:2005-02-24 Published:2005-11-15

摘要:

LSM是Linux系统的通用访问控制框架,在安胜安全操作系统V4.0中,我们在这一访问控制框架的基础上做了适当的扩展并设计实现了安全审计系统。该安全审计系统与安胜安全操作系统V2.0的审计系统相比,性能得到了很大的提高。另外,隐蔽通道会绕过系统的安全策略来进行非法的数据流传输,我们在审计系统中进行了实时检测和报警。

关键词: 安全操作系统, 安全审计, LSM框架

Abstract:

LSM is the access control framework for Linux system.In the ANSHENG secure operating system V4.0,a secure auditing system based on the extended Linux Security Modules was introduced.Compared with the secure auditing system of ANSHENG secure operating system V2.0,the LSM based auditing system has a better performance.Last,the auditing system developed a method to detect covered channels in our ANSHENG secure operating system V4.0.

Key words: secure operating system, secure audit, Linux Security Modules(LSM)

中图分类号: