摘要
文章分析了Linux系统文件访问授权及控制机制的不足———孤立地看待文件之间的关联关系,借鉴数据血统思想提出了文件血统的概念,用以描述文件的安全关联。角色模型忽略了被访问客体的安全关联,使安全机制存在无法克服的漏洞,文章引入文件血统对角色模型的权限定义、权限配置、权限审查、访问控制四个与系统安全密切相关的问题进行了讨论,重点描述了文件血统和访问控制的结合方法。
This paper analyses the security defects of the access authorization and controlling mechanism of Linux,which deal with the relationship between files isolatedly.Drawing lessons from the thought of data lineage,the concept of file lineage is put forward to describe the security relationship between files.The role-model ignores this relationship and brings the security mechanism some big bugs.This paper introduces the file lineage to the Role -model and discusses four questions which are related with system security closely.They are permission definitions,permission configuration,permission examination and access controlling.At last,it describes how to combine the file lineage with access controlling.
出处
《计算机工程与应用》
CSCD
北大核心
2004年第23期76-77,126,共3页
Computer Engineering and Applications
基金
国家自然科学基金(编号:90204011)
软件工程国家重点实验室第四批开放基金
