SHEN Qing-ni1, QING Si-han1, HE Ye-ping1, et al. Policy-adaptive capability inheritance algorithm consistent with POSIX standard[J]. 2006, (2): 66-72.DOI:
多策略适应的一种POSIX权能遗传算法
摘要
多数支持POSIX权能机制的安全操作系统提出了各自的权能遗传算法
但这些算法都只适用于特定的最小特权控制策略
并且存在语义冲突、安全目标不明确等问题
不能有效支持多种安全需求不同的特权策略。通过对一些现有算法的深入分析
提出了一种新的权能遗传算法
该算法引入策略关联的权能控制变量以及可信应用属性。实例分析表明本算法具有策略适应性和可用性
形式化分析和验证表明它可使系统满足特权策略的基本安全定理。
Abstract
In order to support POSIX capability mechanism
many secure operating systems provided individual capability inheritable algorithms.These algorithms were only applicable to specified least privilege control policies
and had such defects as semantic conflicts and no defined security-objectives.So they couldn’t flexibly support for implementing diversified privilege policies for different requirements.Based on the analysis of some existing algorithms
a new capability inheritance algorithm was proposed
which introduced the policy-relevant capability control variable and the trusted application attribution.The implementation of the algorithm in ANSHENG secure operating system demonstrates that this algorithm provides such properties as policy-adaptability and usability
the formal analysis and verification of this algorithm proves that it supports a secure operating system to meet basic security theorems of the privilege policies enforced in it.
京公网安备11010802024621