欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2004, Vol. 21 ›› Issue (1): 95-100.DOI: 10.7523/j.issn.2095-6134.2004.1.015

• 论文 • 上一篇    下一篇

安全操作系统中用户账号的管理(英文)

张相锋, 孙玉芳   

  1. 中国科学院软件研究所, 北京 100080
  • 发布日期:2004-01-10

Administration of User Account in Secure OS

Zhang Xiang-feng, Sun Yu-fang   

  1. Institute of Software, Chinese Academy of Sciences, Beijing 100080, China
  • Published:2004-01-10

摘要:

很多安全操作系统都是基于类UNIX系统开发的,并按照TCSEC或CC的要求引入了强制访问控制和审计等安全机制,但是并未保证用户账号的唯一性,从而可能造成审计记录的混乱和用户权限的不正确重用,这就要求改变原来的类UNIX系统的账号管理方式。提出了在系统调用层截取修改系统账号文件这类事件以保证用户UID唯一性的方案,使得即使超级用户(包括通过成功的攻击而获取的超级用户权限)也无法任意修改用户账号数据库。这种机制已经在SLINUX系统中得到了实现。最后给出了该机制在SLINUX系统上的性能测试结果。

关键词: 安全操作系统, 安全机制, 审计

Abstract:

Many secure operating systems are developed based upon UNIX-like systems and many access control mechanisms and audit mechanism are introduced,but the system account file does not assure unique UID and might lead to confusion in audit trails.Users access rights in some security mechanisms are generally managed quite independently of account management and should also be deleted when one user is removed from the account file to avoid unintended reuse by another user.All those things require that the account file should be administrated in a way different from the traditional one in UNIX.Puts forw ard a mechanism to keep unique UID and to capture user account alteration in system call level.Puts the mechanism into practice in SLINUX,a variant ofLINUX,and provide the performance analysis.

Key words: secure OS, security mechanism, audit

中图分类号: