安全操作系统中用户账号的管理OACSCDCSTPCD
Administration of User Account in Secure OS
很多安全操作系统都是基于类UNIX系统开发的,并按照TCSEC或CC的要求引入了强制访问控制和审计等安全机制,但是并未保证用户账号的唯一性,从而可能造成审计记录的混乱和用户权限的不正确重用,这就要求改变原来的类UNIX系统的账号管理方式.提出了在系统调用层截取修改系统账号文件这类事件以保证用户UID唯一性的方案,使得即使超级用户(包括通过成功的攻击而获取的超级用户权限)也无法任意修改用户账号数据库.这种机制已经在SLINUX系统中得到了实现.最后…查看全部>>
Many secure operating systems are developed based upon UNIX-like systems and many access control mechanisms and audit mechanism are introduced, but the system account file does not assure unique UID and might lead to confusion in audit trails. Users' access rights in some security mechanisms are generally managed quite independently of account management and should also be deleted when one user is removed from the account file to avoid unintended reuse…查看全部>>
张相锋;孙玉芳
中国科学院软件研究所,北京,100080中国科学院软件研究所,北京,100080
计算机与自动化
安全操作系统安全机制审计
secure OSsecurity mechanismaudit
《中国科学院研究生院学报》 2004 (1)
95-100,6
supported by the National 863 High-tech Program of China (863-306-ZD 12-14-2), the National Natural Science Foundation of China(60073022) and the Knowledge Innovation Engineering Program of the Chinese Academy of Sciences (KGCX 1-09)
评论