Technology for detecting fault of Linux system by using mandatory access control
A technology of mandatory access control and system failure, applied in the detection of faulty computer hardware, etc., can solve problems such as weak audit protection, security problems, verification and evaluation
Inactive Publication Date: 2010-09-01
LANGCHAO ELECTRONIC INFORMATION IND CO LTD
View PDF1 Cites 6 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, its security issues have not been verified and evaluated by third parties
[0009] Users get the right to use system files when they enter the system. File access is only controlled by setting file access permissions. The system has no mandatory security access control mechanism, which opens the door for attackers.
[0010] (4) The audit protection function is weak
[0011] Although LINUX provides auditing functions, there are almost no restrictions on the access to audit data, which can be freely queried and modified, especially lacking the integrity protection of audit data
[0012] (5) Insecurity of network applications
These worthless codes are a major security problem in their own right
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment approach
[0034] Add a secure kernel module to the driver layer (layer 0), intercept and record all kernel access paths, so as to meet the technical requirements for handling Linux server failures. The security effect achieved is similar to that of refactoring operating system code technology. The advantage is that it will not affect the customer's business continuity, and even does not require the customer to restart the system. It not only supports all applications on the upper layer, but also supports all systems and machines on the lower layer, and can guarantee the security of upper layer applications at the granularity of the operating system.
[0035] It mainly consists of the following modules:
[0036] 1. Mandatory access control MAC
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention provides technology for detecting a fault of a Linux system by using mandatory access control. According to the technology, the fault of the Linux operating system is fast processed and a fault point is fast positioned by using the mandatory access control. Compared with conventional security defending and detecting products IDS, anti-virus software and the like, the technology for detecting the fault of the system by using the mandatory access control has the advantages of fast detecting and positioning the faults of the Linux system caused by attacks comprising known or unknown virus programs, ROOTKIT grade backdoor horse and the like.
Description
technical field [0001] The invention relates to the technical field of Linux system kernel reinforcement, in particular to a technique for detecting Linux system faults by using mandatory access control Background technique [0002] Linux is used more and more widely, and its open source code has been widely welcomed. However, its security issues have not been verified and evaluated by a third party. This problem is not obvious when individual users use it, but it becomes the biggest obstacle when government departments and financial departments are preparing to apply this operating system on a large scale. [0003] Its security issues mainly include: [0004] (1) Superuser privileges [0005] A super administrator has too many privileges. He has privileges that other users do not have. Once he obtains super administrator privileges, he can gain complete control over the computer system. [0006] (2) Account management is simple [0007] For intruders, the most direct w...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More IPC IPC(8): G06F11/22
Inventor 周水波宋桂香
Owner LANGCHAO ELECTRONIC INFORMATION IND CO LTD
PatSnap Eureka turns technology decisions into work you can execute. Powered by our Innovation Knowledge Graph, it runs expert workflows across engineering, life sciences, materials and intellectual property. Get your review-ready output in minutes.
