摘要
针对SELinux策略配置存在的不安全访问控制授权,提出了基于信息流分析的权限控制方法。该方法针对系统安全目标对策略配置进行信息流分析,确定了目标程序和不安全的访问授权。再通过目标程序上的静态信息流分析,定位可能使用不安全访问授权的程序点。根据这两者的分析结果,完成程序安全状态的划分,并制定出状态转换条件。在时间和空间上对程序的访问权限实施了细化的控制,保证安全的同时最小化对程序功能的影响。
A method of program rights control based on information flow analysis is proposed to solve the problem of unsafe ac- cess authorization in SELinux policy. The target program and its unsafe access authorizations are figured out, by information flow on policy configuration analysis against system security goals. And then program points, which probably use the unsafe au- thorizations, are located by static program information analysis. According the results of analysis on policy and source code, the security states of target program and transition rules between them are defined. The method offers fine-grained rights control on the time and space dimensions. Security is guaranteed with minimal impact on functionality of the program.
出处
《计算机工程与设计》
CSCD
北大核心
2013年第1期23-27,共5页
Computer Engineering and Design
基金
国家自然科学基金项目(61170070)
国家科技支撑计划基金项目(2012BAK26B01)
江苏省科技支撑计划基金项目(BE2010032)
