An attribute-based dynamic mandatory access control mechanism for operating system

Computer Engineering & Science ›› 2023, Vol. 45 ›› Issue (10): 1770-1778.

• Computer Network and Znformation Security • Previous Articles Next Articles

An attribute-based dynamic mandatory access control mechanism for operating system

DING Yan,WANG Peng,WANG Chuang,LI Zhi-peng,SONG Lian-tao,FENG Liao-liao

(College of Computer Science and Technology,National University of Defense Technology,Changsha 410073,China)

Received:2022-11-11 Revised:2023-04-22 Accepted:2023-10-25 Online:2023-10-25 Published:2023-10-17

Abstract

Abstract: Mandatory access control (MAC) for operating system (OS) brings strong security guarantee for the system because it runs at high privilege level. However, the classical OS MAC only supports static security policies. When the security requirements change, the security policies must be reconfigured and reloaded. Therefore, it is difficult to meet the requirements of dynamic regulation of access permissions in scenarios such as high-sensitivity application state transition, cloud native dynamic scheduling, and BYOD. Attributes-based access control has strong extensibility, flexibility and expression ability, which provides a solution to improve the dynamic and flexibility of the security policy of MAC in OS. In this paper, the theoretical model and system architecture model of attributes-based dynamic mandatory access control for operating systems are proposed. Then, the prototype system is designed and implemented by combining with the classic MAC mechanism of Linux, and the feasibility of the model is verified. Finally, in view of the possible performance impact of the introduction of attribute factors, the optimization research of access control is carried out from two aspects of time and space.

Key words: attribute, operating system, dynamic mandatory access control ,

DING Yan, WANG Peng, WANG Chuang, LI Zhi-peng, SONG Lian-tao, FENG Liao-liao. An attribute-based dynamic mandatory access control mechanism for operating system[J]. Computer Engineering & Science, 2023, 45(10): 1770-1778.

[1]	JIANG Jing-fei, HE Yuan-hong, XU Jin-wei, XU Shi-yao, QIAN Xi-fu. NM-SpMM:A semi-structured sparse matrix multiplication algorithm for domestic heterogeneous vector processors [J]. Computer Engineering & Science, 2024, 46(07): 1141-1150.
[2]	LI Jin-xi, YIN Shou-yi, WEI Shao-jun, HU Yang. A codelet model based on MLIR [J]. Computer Engineering & Science, 2024, 46(07): 1151-1157.
[3]	DU Hao, MAO Run-zhang, DENG Yun-tong, HUANG Si-lu, XU Xiao-wen. MiniBranRAP:A minimizing branch parallel algorithm of the coarse matrix computation in AMG solver [J]. Computer Engineering & Science, 2024, 46(07): 1158-1166.
[4]	YU Ding-cui, LUO Long-fei, SONG Yun-peng, LI Wen-tong, SHI Liang. Exploration of memory page size for high-density flash memory [J]. Computer Engineering & Science, 2024, 46(07): 1167-1174.
[5]	SHI Yu, DONG Pan, ZHANG Li-jun. An irregular sparse matrix SpMV method [J]. Computer Engineering & Science, 2024, 46(07): 1175-1184.
[6]	WANG Jie, FU Dan-yang, . ROB compression method based on RISC-V superscalar processor [J]. Computer Engineering & Science, 2024, 46(07): 1185-1192.
[7]	HUA Yue-lin, ZHOU Xiao-lei, FAN Qiang, WANG Fang-xiao, YAN Hao, . Learning indexing method for massive high-dimensional data based on partitioned hierarchical graph [J]. Computer Engineering & Science, 2024, 46(07): 1193-1201.
[8]	HU Xiao-yue, , WANG Qiang, Lv Fang-xu, XU Chao-long, ZHANG Jin. DSP design for 56 Gb/s high-speed SerDes receiver [J]. Computer Engineering & Science, 2024, 46(07): 1202-1209.
[9]	WEN Xin, ZENG Tao, LI Chun-bo, XU Zi-chen. A switch method of model inference serving oriented to serverless computing [J]. Computer Engineering & Science, 2024, 46(07): 1210-1217.
[10]	CHAI Xu-qing, QIAO Yi-hang, FAN Li-lin, . A method for constructing performance analysis model of high performance application based on random forest classifier [J]. Computer Engineering & Science, 2024, 46(07): 1218-1228.
[11]	DU Fang, JIAO Jian, JIAO Li-bo. An anti-forensic detection model based on causality calculation [J]. Computer Engineering & Science, 2024, 46(07): 1229-1236.
[12]	GUO Chang-hao, TANG Xiang-yun, WENG Yu. A data heterogeneity processing method based on asynchronous hierarchical federated learning [J]. Computer Engineering & Science, 2024, 46(07): 1237-1244.
[13]	WANG Kun, LI Shao-bo, HE Ling, ZHOU Peng. A network traffic prediction model based on improved northern goshawk optimization for stochastic configuration network [J]. Computer Engineering & Science, 2024, 46(07): 1245-1255.
[14]	ZHANG Yong-zhi, HE Ke-ren, GE Jue. Low-altitude remote sensing image object detection based on improved YOLOv7 network [J]. Computer Engineering & Science, 2024, 46(07): 1269-1277.
[15]	XIAO Zhen-jiu, LI Si-qi, QU Hai-cheng. Pedestrian detection based on multi-scale features and mutual supervision [J]. Computer Engineering & Science, 2024, 46(07): 1278-1285.

An attribute-based dynamic mandatory access control mechanism for operating system

PDF

Knowledge

Abstract

Cite this article

share this article

Related Articles 15

Recommended Articles

Metrics

Comments