Policy-adaptive capability inheritance algorithm consistent with POSIX standard
In order to support POSIX capability mechanism,many secure operating systems provided individual capability inheritable algorithms.These algorithms were only applicable to specified least privilege control policies,and had such defects as semantic conflicts and no defined security-objectives.So they...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2006-01-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/74667010/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | In order to support POSIX capability mechanism,many secure operating systems provided individual capability inheritable algorithms.These algorithms were only applicable to specified least privilege control policies,and had such defects as semantic conflicts and no defined security-objectives.So they couldn’t flexibly support for implementing diversified privilege policies for different requirements.Based on the analysis of some existing algorithms,a new capability inheritance algorithm was proposed,which introduced the policy-relevant capability control variable and the trusted application attribution.The implementation of the algorithm in ANSHENG secure operating system demonstrates that this algorithm provides such properties as policy-adaptability and usability,the formal analysis and verification of this algorithm proves that it supports a secure operating system to meet basic security theorems of the privilege policies enforced in it. |
|---|---|
| ISSN: | 1000-436X |