Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A self-study-based configuration method of linux security policy

A technology of security policy and configuration method, applied in program control devices, digital transmission systems, electrical components, etc., can solve problems such as increasing the difficulty of configuring administrator security configuration, complex SELinux configuration process, and main body not working normally, etc. Simplifies configuration, reduces human error, and improves security

Active Publication Date: 2016-08-10
CHINA ELECTRIC POWER RES INST +2
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Due to the complexity of the Linux operating system itself and the diversity of upper-layer applications, the configuration process of SELinux is extremely complicated.
Moreover, SELinux involves all aspects of the bottom layer of the operating system, making it more difficult for the configuration administrator to correctly configure security; at the same time, how to assign reasonable permissions to each subject in the operating system is the first problem that the configuration administrator must think about. This process follows the principle of minimum authority, that is, the authority assigned to a subject must just meet the legal access requirements of the subject. Exceeding this requirement will cause potential security risks, and lower than this requirement will cause the subject to fail to work normally.
[0007] To sum up, it is a challenge for every configuration administrator to build a stable and secure SELinux policy for a brand new business system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A self-study-based configuration method of linux security policy
  • A self-study-based configuration method of linux security policy
  • A self-study-based configuration method of linux security policy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0041] SELinux access control rules are stored in security policy files. Policy files are divided into binary and source code files. The source code is described in the form of policy configuration language, created and maintained by the configuration administrator. The source code is compiled by the policy configuration tool to generate a binary file. The binary policy is loaded into the kernel space during system startup, forms a policy library and cache in memory, and is managed by the SELinux security server.

[0042] For a secure operating system that uses SELinux, after booting, any access request made by the subject to the object will be intercepted by the Hook function of the LSM (Linux Security Module), and at the same time, the corresponding access policy will be obtained through the security server, and decisi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a Linux security policy configuration method based on self-learning aiming at the problem that Linux security policy configuration is difficult so as to simplify the working process of system configuration. According to the Linux security policy configuration method, a policy study module is embedded in a security server area of Security-Enhanced Linux (SE Linux). The module provides an automatic learning switch for a configuration administrator user so that a security server can automatically generate an access control policy by judging the on-off state. When the switch is in the on-state, all access requests between subjects and objects intercepted by an LSM are recorded, corresponding access control policies are automatically generated, and simultaneously the requests are released. When the switch is in the off-state, the policy study module no longer plays the role, and the security server returns the existing access control policies. The policies generated with the Linux security policy configuration method in the self-learning mode all meet the requirements of minimum privilege of the subjects, hidden safety dangers or stability dangers caused by errors in manual configuration can be avoided to the maximum extent, and system safety can be further improved.

Description

technical field [0001] The invention belongs to the technical field of computer and network security, and in particular relates to a self-study-based Linux security policy configuration method. Background technique [0002] With the increasing popularity of the Linux operating system, its security issues have attracted more and more attention. SELinux is the Mandatory Access Control (MAC) system provided in version 2.6 of the Linux kernel. [0003] Access control usually pre-configures security policies by users, or the system itself provides a security policy based on a certain model, and then implements the arbitration of system resource access requests by referring to the monitoring machine. The purpose of access control is to maintain the confidentiality, integrity and availability of the system. [0004] SELinux is the most comprehensive and well-tested of the Linux security modules currently available, and it builds on 20 years of MAC research. SELinux incorporates ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F9/445H04L12/24H04L29/06
Inventor 时坚邓松张涛林为民李伟伟汪晨周诚管小娟朱其军蒋静
Owner CHINA ELECTRIC POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com