Safe operation method based on enhanced ROST in Linux

Abstract

The invention discloses a safe operation method based on an enhanced ROST in a Linux, and relates to the field of computer systems and information security. Permission access of an operation system is reconstructed in a core layer of the Linux operation system, and a kernel module is added into the Linux operation system through a mandatory access control technique, and in this way, access safe limit of the system can be achieved, and the safety of the original Linux operation system can be improved. The kernel module includes a file mandatory access control module, a program start and execution control module, a process mandatory access control module, a network port mandatory access control module, a user protection control module, a disk protection control module, a log-in protection control module and an overflow protection control module.

Description

technical field [0001] The invention relates to the field of computer system and information security, in particular to an enhanced ROST-based safe operation method under Linux. Background technique [0002] Linux is a multi-user, multi-task, multi-thread and multi-CPU operating system based on POSIX and UNIX. It can run major UNIX tool software, application programs and network protocols, and supports 32-bit and 64-bit hardware. The Linux operating system is used more and more widely, and its stable and efficient features have been widely welcomed. However, the security issue of the Linux operating system has been questioned, and it is not obvious when ordinary users use it, but it has become the biggest obstacle when the operating system is widely used by government departments and telecommunications departments. [0003] The security aspects of the Linux operating system mainly have the following problems: 1) superuser privileges: the superadministrator has too much aut...

AI Technical Summary

Problems solved by technology

However, the security issue of the Linux operating system has been questioned, and it is not obvious when ordinary users use it, but it has become the biggest obstacle when the operating system is widely used by government departments and telecommunications departments.

[0003] The security aspects of the Linux operating system mainly have the following problems: 1) superuser privileges: the superadministrator has too much authority, and it has privileges that other users do not have. ) File access control is simple: users can obtain the right to use system files when they enter the system, and file access is only controlled by setting file access permissions. The system does not have a mandatory security access control mechanism, which opens the door for attackers; 3) Simple program start control: users can start any program (including viruses or Trojan horses) after entering the system. The system has no mandatory program start and execution control mechanism, which brings great security risks to the system; 4) The executed program is not safe: Already running Linux operating system processes or user processes are often rewritten in memory, or even injected with malicious code, which makes the program's behavior deviate from the original track and causes various system failures; 5) System user protection is simple: after many hackers break into the system , the first thing to do is to add a user of your own, so that you can often use this account to patronize in the future. The current system lacks security management control over users, and the risk of system users being added or modified is very high; 6) Lack of disk protection: Now some sophisticated hackers sometimes directly rewrite the data on the disk, thus destroying the system files or programs, causing some unpredictable problems in the system; 7) The network port protection is not perfect: hackers usually find the system through some port scanning tools 8) The user login process is simple: you only need to enter a password to log in to Linux. Once the password is stolen, the door of the operating system will be opened immediately. , the lack of a secondary confirmation mechanism; 9) buffer overflow causes hidden dangers: various business applications are often running on Linux servers, and it is difficult to ensure that the developers of each application program can ensure that the buffer of their own program will not overflow, and once Buffer overflow is exploited by hackers, hackers will do whatever they want

The security guarantee of the current Linux operating system is not perfect, and the system failures that are likely to be caused mainly include the following: (1) Some key files are missing or deleted by mistake, such as boot files; (2) Configuration files are maliciously changed, such as Server ip address, etc.; (3) Load malicious driver; (4) Key operating system files are modified or replaced