【作者】 王涛；

【导师】 卿斯汉；

【作者基本信息】 中国科学院研究生院（软件研究所） ， 计算机应用技术， 2003， 硕士

【摘要】 本文综合已有安全操作系统方面的实际研究成果和经验，提出了一种能从应用层动态载入、具有模块化结构的操作系统安全内核的构建模型。KNumen就是根据该模型在Linux平台上开发的一个实例，具有结构简单、配置灵活、可移植性强、功能全面、便于维护、易于使用等特点。其基于电子证书的身份认证、可根据实际需要对安全模块进行灵活配置、远程管理等功能尤为突出。 KNumen结构紧凑，主要由执行机构、决策机构、安全策略库三大部分组成。执行机构负责截取来自应用程序的系统调用、形成决策请求和实施决策结果。决策机构提供的回调函数是安全模块实现动态加载和模块化机制的基础，而安全模块是实施各种安全机制的中心。安全策略库存放整个系统的安全策略配置信息，具体的存储方式与文件系统无关。 为提高系统性能，可以在安全内核中创建一个以分裂树为基础的访问控制信息通用缓存。实践证明，缓存的加入能够有效地克服内核执行效率下降的问题。此外，基于电子证书的身份认证机制加强了系统的安全性和可靠性。用户有自己的公、私钥，可以使用证书文件进行远程认证和登陆，建立可信、保密的网络连接。 在KNumen的安全模块中，既有实现普通安全功能的模块，如MAC模块、ACL模块、审计模块等，也有负责完成特殊安全功能的模块，如重要进程保护模块和可信进程授权模块。事实上，可以实现的安全模块远不止这些，系统本身可以扩充和改进的地方还很多，这些都是今后进一步完善和发展的方向。 本文提出的思想是在安全操作系统研究和开发上的一种新的尝试。实践已表明该系统行之有效，达到了预期的效果，因而可以作为今后在这方面进一步深入研究和发展的基础。更多还原

【Abstract】 Based on various research results and practical experiences, this paper presents a new design model to build a modulized secure OS kernel loadable from the application level. The project named KNumen has been developed to realize this new model on Linux system. Practical experience shows that KNumen is simple, strong, configurable, portable, and at the same time easy to use and maintain. Especially, users are required to authenticate through digital certificate. Security administrator can make flexible combinations of security modules according to practical security requirements, and administrate the system remotely by using graphical interfaces.Being compact in its architecture, KNumen is devided into three main parts: Enforcement, Decision and Security Policy Database. Enforcement facilities intercept system calls from application programs, transform them into decision requests and enforce the decision results. The kernel mechanisms to be runtime-loadable and modulized are mainly built on the callback function interfaces provided by the decision facility. And various security policies are implemented inside the security modules. Security Policy Database is where security policies are stored, independent of any underlying file systems.In order to improve system performance, a general cache to preserve access control information is built upon split trees inside the secure kernel. It has been proved that the usage of cache can effectively overcome the performance deficiencies. Further more, the authentication mechanism based on digital certificate intensified the security and reliability of the whole system. Users have their own public and private keys. They can remotely authenticate and login by using certificate files, then buid up a trusted and secure network connection to the target machine.Among the implemented security modules in KNumen, are well known ones, like Mac, Acl and Audit modules, as well as specially designed ones, like Important Process Protection and Trusted Program Authorization modules. Actually, the potential security modules which can be implemented are far more than these. And there are still many problems to be solved and the whole system is required to be optimized. These are all the work waiting to be done in the future.The idea put forward by this paper intend to open a new approach to build secure OS kernels. The effectiveness of this approach is proved by practical systems, making it a solid ground for future research and development in this direction.更多还原