【作者】 刘文清；

【导师】 卿斯汉；

【作者基本信息】 中国科学院研究生院（软件研究所） ， 计算机应用技术， 2002， 博士

【摘要】 本文围绕着一个符合GB17859第四级《结构化保护级》安全操作系统的设计开发，从理论和实践两个方面研究了高安全等级操作系统研制所涉及的一些关键技术问题。论文取得了以下六个方面的主要成果：第一，首次结合GB17859和GB／T18336，提出了一个符合GB17859《结构化保护级》安全操作系统的保护框架(SPLPP)，为系统的开发和将来的评测奠定了基础，并可注册到我国相关安全产品检验、测评、认证部门。第二，对应于安全保护框架SPLPP，首次按照GB／T18336要求，对一个安全功能符合GB17859《结构化保护级》相应要求的安全操作系统进行了详细的安全目标(ST)设计。该安全目标既是系统的一份概要设计说明书，也是系统顶层功能规范的基础。第三，在深入研究多级安全模型、完整性模型、基于角色的授权模型等基础上，首先提出了一个修改BLP模型(MBLP)的方案，并在一个自主开发的安全操作系统中得到了应用；然后通过将BLP模型、Clark-Wilson模型、DTE模型、RBAC模型有机地集成应用，提升出一个支持机密性、完整性和授权等多安全策略的，可实现动态授权的访问控制模型(DAACM)。DAACM符合论文中给出的《结构化保护级》安全操作系统设计的需要，并将实际应用于该系统的设计之中。第四，借助一种受限的句法语言，研究了对系统顶层功能进行半形式化规范的方法和过程，而顶层功能规范则为系统验证、隐蔽通道分析等后继工作奠定了基础。第五，通过研究当前国际上安全操作系统设计新技术——Flask体系结构并采用其先进设计思想，确立了适合《结构化保护级》安全操作系统实现的安全体系结构，该安全体系结构具有安全策略判定与安全实施在系统中的分离以及系统模块化等性质。第六，对高等级安全操作系统设计的其它几个关键问题，包括隐蔽通道分析处理、可信路径等做了有益的探索，给出了其在系统中实现的大致方案。总之，本文探讨和积累了许多《结构化保护级》安全操作系统设计的技术和经验，其研究成果为我国更高安全等级操作系统的设计和开发奠定了基础。更多还原

【Abstract】 With the practical development of a secure operating system in accordance with the requirements of the fourth level, i.e. Structured Protection Level, of GB 17859, some key technologies of high level secure operating system are conducted both theoretically and practically in this thesis. As a result, six principal achievements have been obtained. First, with the integration of GB17859 and GB/T18336 at the first time, a Structured Protection Level Protection Profile (SPLPP) is presented systematically in accordance with the Structured Protection Level of GB 17859, which lays the ground for the development and evaluation of the system in future, and can be registered in the authorities for inspection, evaluation and verification of the security products. Second, corresponding to SPLPP and according to the requirements of GB/T18336, a security target (ST) design of a secure operating system which is conformant to the security function of the Structured Protection Level of GB 17859 is constructed and presented in detail. This security target is a summary specification of the system and the base for the top level function specification. Third, based on the thorough research of the multilevel security models, integrity models and Role-Based Access Control Models (RBAC), a modified BLP model (MBLP) is designed and applied in a secure operating system developed independently. Then, a well-integrated model of BLP model, Clark-Wilson model, DTE model and RBAC models is proposed, leading to a prominent Dynamic Authorization Access Control Model (DAACM), which supports diverse security policies, including confidentiality, integrity and authorization. DAACM is conformant to the requirements of the secure operating system design of Structured Protection Level, and will be used to the practical system design. Forth, depending on a limited syntax language, a research on the method and process of the semi-formal specification of the top level function is developed. This top level specification paves the way for the system verification and the covert channel analysis. Fifth, assimilating the new idea of system design technology named Flask Security Architecture, we construct a security architecture which meets the requirements of Structured Protection Level, and shows its advantages in separating the security policy decision from the security policy enforcement and in system modularization. Sixth, we introduce some helpful investigations about some key technologies of high level secure operating system design, such as covert channel analysis and trusted path, and describe their coarse-gained implementation in the real system. To sum up, this thesis discusses many helpful technologies, and achieves some experiences for the implementation of Structured Protection Level Secure Operating System and the principal achievements of this thesis establish a firm foundation for the research and design of the high level secure operating system.更多还原