Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem

A subsystem and strategy technology, applied in the field of Linux operating system, can solve the problem of difficult to write and maintain the source code of strategy files, achieve the effect of flexible and convenient collection work, reduce the generation of loopholes, and reduce the load of the system

Active Publication Date: 2012-07-18
CHINA STANDARD SOFTWARE
View PDF3 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

SELinux access control rules are stored in security policy files, which are divided into binary files and source code file

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem
  • Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem
  • Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem

Examples

Experimental program
Comparison scheme
Effect test

no. 2 example

[0091] figure 2 It is a schematic structural diagram of the policy adaptation system based on the SELinux security subsystem according to the second embodiment of the present invention, and each component module of the embodiment is described in detail below.

[0092] The present embodiment comprises information collection module 21, strategy template storage module 22, strategy generation module 23, strategy test module 24, strategy repair module 25 and log storage module 26, and information collection module 21 is connected with strategy template storage module 22, and strategy template storage The module 22 is connected to the policy generating module 23, the policy generating module 23 is connected to the policy testing module 24, the policy testing module 24 is connected to the policy repairing module 25, and the policy repairing module 25 is connected to the log storage module 26. Next, the functions of each module will be described in detail.

[0093] The information ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a strategy adaptation system and a method based on an SELinux (Security-Enhanced Linux) security subsystem, wherein the system comprises an information collecting module used for collecting the SELinux security subsystem and information of services operated in the SELinux security subsystem; a strategy template storing module used for storing an atomicity strategy template and a strategy base with preset services in a database storage manner; a strategy generating module used for generating a strategy sentence through the atomicity strategy template and the strategy base; a strategy testing module used for testing whether the grammar of the strategy sentence generated by the strategy generating module is legal; and a strategy recovering module used for restarting the system to test whether the loaded strategy sentence normally operates in different security levels. The method disclosed by the invention generates the strategy in an opening-once-serving manner, and generates the strategy according to the customization of a user in an application process instead of loading the strategy in a module, thereby improving the security of the system.

Description

technical field [0001] The invention relates to the field of Linux operating systems, in particular to the field of security servers, in particular to a policy adaptation system and method based on the SELinux security subsystem. Background technique [0002] SELinux (Security-Enhanced Linux) is the implementation of mandatory access control by the US National Security Agency (NSA), and is the most outstanding new security subsystem on Linux. The NSA, with the help of the Linux community, developed an access control system that restricts a process to only those files it needs in its mission. Usually, SELinux is installed on the Fedora operating system and Red Hat Enterprise Linux operating system by default, and can also be installed on other related systems, such as CentOS, NeoKylinOS, etc. [0003] Linux has added a general security access control framework, which controls the execution of the program through the Hook function. This framework is LSM (Linux Security Module...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06F21/71
Inventor 王青峰田勇徐宁
Owner CHINA STANDARD SOFTWARE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap