操作系统访问控制机制研究

摘要/Abstract

摘要： 访问控制作为操作系统最重要的安全机制之一，广泛应用于Windows，Linux等主流操作系统，并在Android，Harmony等新兴智能终端操作系统安全中发挥重要作用.现有访问控制研究多聚焦于区块链、分布式等具体技术或属性、角色等访问控制方法，对作为安全基石的操作系统访问控制缺乏系统全面的总结.在介绍访问控制基本概念与策略分类的基础上，对当前主流操作系统的访问控制机制进行了系统总结，并探讨了访问控制机制的未来发展趋势.

关键词: 访问控制, 访问控制策略, 操作系统, Windows, Linux, Android

Abstract: As one of the most important security mechanisms of operating systems, access control is widely used in mainstream operating systems such as Windows and Linux, and gradually plays an important role in the security of emerging smart terminal operating systems such as Android and Harmony. Existing access control researches mostly focus on blockchain, distributed and other specific technologies or access control methods such as attributes and roles, but lack of a systematic and comprehensive summary of operating system access control as the cornerstone of security. On the basis of introducing the basic concepts of access control and policy classification, this paper systematically summarized the access control mechanism of the current mainstream operating system, and finally discussed the future development trend of access control mechanism.

Key words: access control, access control policy, operating system, Windows, Linux, Android

王鹏, 秦莹, 高珑, 李志鹏, 宋连涛, 丁滟, . 操作系统访问控制机制研究[J]. 信息安全研究, 2022, 8(11): 1111-.

参考文献

参考文献
［1］吴振豪, 高健博, 李青山, 等. 数据安全治理中的安全技术研究［J］. 信息安全研究, 2021, 7(10): 907914［2］US Department of Defense. Department of Defense Trusted Computer System Evaluation Criteria［EBOL］. 1986 ［20211115］. https:doi.org10.10079781349120208［3］Clark D D. Computers at Risk: Safe Computing in the Information Age［M］. Washington: National Academy Press, 1991: 1819［4］Bishop M. Computer security: Art and science［J］. Leonardo, 2015, 17(2): 8186［5］郭玮. 基于Linux安全增强操作系统的访问控制机制的研究［D］. 南京: 南京大学, 2004［6］McLean J. A comment on the ‘basic security theorem’of Bell and LaPadula［J］. Information Processing Letters, 1985, 20(2): 6770［7］Nelson L, Bornholt J, Krishnamurthy A, et al. Noninterference specifications for secure systems［J］.ACM SIGOPS Operating Systems Review, 2020, 54(1): 3139［8］Flink C W, Weiss J D. System VMLS labeling and mandatory policy alternatives［J］. AT and T Technical Journal, 1988, 67(3): 5364［9］Goguen J A, Meseguer J. Security policies and security models［C］ Proc of 1982 IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 1982: 1111［10］Biba K J. Integrity considerations for secure computer systems［R］. Bedford, Mass: USAF Electronic Systems Division, 1977［11］Clark D D, Wilson D R. A comparison of commercial and military computer security policies［C］ Proc of 1987 IEEE Symp on Security and Privacy. Los Alamitos, CA: IEEE Computer Society, 1987: 184184［12］Brewer D F C, Nash M J. The chinese wall security policy［C］ Proc of IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 1989: 206214［13］Sandhu R S, Coyne E J, Feinstein H L, et al. Rolebased access control models［J］. Computer, 1996, 29(2): 3847［14］Badger L, Sterne D E, Sherman D L, et al. A domain and type enforcement Unix prototype［J］. Computing Systems, 1996, 9(1): 4783［15］Yuan E, Tong J. Attributed based access control (ABAC) for Web services［C］ Proc of IEEE Int Conf on Web Services (ICWS’05). Piscataway, NJ: IEEE, 2005: 561569［16］Riley S. Mandatory integrity control in Windows Vista［EBOL］. ［20211125］. http:blogs.technet.combsterileyarchive2006 0721442870.aspx［17］Ray E, Schultz E E. An early look at Windows Vista security［J］. Computer Fraud & Security, 2007, 2007(1): 47［18］Microsoft. Understanding enhanced protected mode［EBOL］. ［20211123］. https:docs.microsoft.comenusarchiveblogsieinternalsunderstandingenhancedprotectedmode［19］卿斯汉, 程伟, 杜超. Windows操作系统的安全风险可控性分析［J］. 信息网络安全, 2015 (4): 512［20］Wright C, Cowan C, Morris J, et al. Linux security module framework［C］ Proc of Ottawa Linux Symp. 2002: 604617［21］Wright C, Cowan C, Smalley S, et al. Linux security modules: General security support for the Linux kernel［C］ Proc of the 11th USENIX Security Symp. San Francisco, California, USA: USENIX Association, 2002［22］Loscocco P, Smalley S. Integrating flexible support for security policies into the Linux operating system［C］ Proc of the FREENIX Track: 2001 USENIX Annual Technical Conf. Boston, Massachusetts, USA, 2001［23］Schaufler C. The simplified mandatory access control kernel［J］. White Paper, 2008: 111［24］Harada T, Handa T. TOMOYO Linux: A lightweight and manageable security system for PC and embedded Linux［C］ Proc of Ottawa Linux Symp. 2007: 2730［25］Bauer M. Paranoid penguin: An introduction to Novell AppArmor［J］. Linux Journal, 2006, 2006(148): 1313［26］Ecarot T, Dussault S, Souid A, et al. AppArmor for health data access control: Assessing risks and benefits［C］ Proc of the 7th Int Conf on Internet of Things: Systems, Management and Security (IOTSMS). Piscataway, NJ: IEEE, 2020: 17［27］Yama［ROL］. ［20211224］. https:www.kernel.orgdocDocumentationsecurity Yama.txt, 2017［28］Spengler B. The case for grsecurity［ROL］. ［20211224］. https:grsecurity.netpapers［29］卿斯汉. Android安全的研究现状与展望［J］. 电信科学, 2016, 32(10): 26, 1214［30］许艳萍, 马兆丰, 王中华, 等. Android智能终端安全综述［J］. 通信学报, 2016,37(6): 169184［31］张玉清, 王凯, 杨欢, 等. Android安全综述［J］. 计算机研究与发展, 2014, 51(7): 13851396［32］Android. Permissions on Android［EBOL］. ［20211221］. https:developer.android.google.cnguidetopicspermissions overview［33］李大明. 一种操作系统增强访问控制实现技术研究［D］. 北京: 中国舰船研究院, 2012［34］卿斯汉. Android安全研究进展［J］. 软件学报, 2016, 27(1): 4571［35］Android. Application sandbox［EBOL］. ［20211210］.https:source.android.google.cnsecurityappsandbox［36］Smalley S, Craig R. Security enhanced (SE) Android: Bringing flexible MAC to Android［C］ Proc of the 20th Annual Network and Distributed System Security Symp. 2013［37］Android. SecurityEnhanced Linux in Android［EBOL］. ［20211210］. https:source.android.google.cnsecurityselinux［38］SELinux Project Wiki. Security enhancements (SE) for Android［EBOL］. ［20211212］. http:selinuxproject.orgpageSEAndroid［39］Nauman M, Khan S, Zhang X. Apex: Extending Android permission model and enforcement with userdefined runtime constraints［C］ Proc of the 5th ACM Symp on Information, Computer and Communications Security. New York: ACM, 2010: 328332［40］Ongtang M, McLaughlin S, Enck W, et al. Semantically rich applicationcentric security in Android［J］.Security and Communication Networks, 2012, 5(6): 658673［41］Bugiel S, Davi L, Dmitrienko A, et al. XManDroid: A new Android evolution to mitigate privilege escalation attacks, TR201104［R］. Darmstadt: Technische Universitt Darmstadt, 2011［42］Bugiel S, Davi L, Dmitrienko A, et al. Practical and lightweight domain isolation on Android［C］ Proc of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. New York: ACM, 2011: 5162［43］Qiu Jun, Yang Xuewu, Wu Huamao, et al. LibCapsule: Complete confinement of thirdparty libraries in Android applications［JOL］. ［20211120］. https:ieeexplore.ieee.orgdocument9416775［44］Han Weili, Cao Chang, Zhou Zhe, et al. A smart framework for finegrained microphone acoustic permission management［J］. IEEE Trans on Dependable and Secure Computing, 2021, 18(6): 27052718［45］Qi Wen, Ding Wanfu, Wang Xinyu, et al. Construction and mitigation of userbehaviorbased covert channels on smartphones［J］. IEEE Trans on Mobile Computing, 2018, 17(1):  4457［46］Frank M, Dong B, Felt A P, et al. Mining Permission request patterns from Android and facebook applications (extended author version)［C］ Proc of the 12th IEEE Int Conf on Data Mining. Piscataway, NJ: IEEE, 2020: 870875［47］Bugiel S, Heuser S, Sadeghi A R. Flexible and finegrained mandatory access control on Android for diverse security and privacy policies［C］ Proc of the 22nd Usenix Security Symp. Berkeley, CA: USENIX Association, 2013: 131146［48］Na J S, Kim Y, Choi Y J, et al. Mandatory access control for Android application［C］ Proc of the 2014 Int Conf on Information and Communication Technology Convergence (ICTC). Piscataway, NJ: IEEE, 2014: 299300［49］Enck W, Gilbert P, Han S, et al. TaintDroid: An informationflow tracking system for realtime privacy monitoring on smartphones(Article)［J］.ACM Trans on Computer Systems, 2014, 32(2): 5(129)［50］Crispo B, Nguyen V, Conti M. CRePE: Contextrelated policy enforcement for Android［J］. Lecture Notes in Computer Science, 2010, 6531: 331345［51］Harmony O S. Harmony OS系统概述［EBOL］. ［20211221］. https:device.harmonyos.comcndocsdocumentationguide［52］王斯梁, 冯暄, 蔡友保, 等. 零信任安全模型解析及应用研究［J］.信息安全研究, 2020, 6(11): 966971［53］涂增英. 零信任架构中的统一权限管理方案［J］. 信息安全研究, 2021, 7(11): 10471051［54］申永波. 安全操作系统安全策略与可信应用环境构建研究［D］. 北京: 北京工业大学, 2010

[1]	时林, 时绍森, 文伟平. 基于LSTM的Linux系统下APT攻击检测研究[J]. 信息安全研究, 2022, 8(8): 736-.
[2]	胥柯, 张新有, 栗晓晗. Docker容器逃逸防护技术研究[J]. 信息安全研究, 2022, 8(8): 768-.
[3]	陆海婧, 李青梅, . 基础软件产业链安全问题与对策研究[J]. 信息安全研究, 2021, 7(E2): 86-.
[4]	张鸿鹏, 刘苇, 朱世顺, 杨康乐. 电力工控系统内生安全防护与攻击监测解决方案[J]. 信息安全研究, 2021, 7(E1): 93-.
[5]	戴纯兴刘刚韩春超王传国. KVM环境下基于异常行为的恶意软件检测技术研究[J]. 信息安全研究, 2020, 6(6): 0-0.
[6]	韩乃平李蕾. 国产操作系统生态体系建设现状分析[J]. 信息安全研究, 2020, 6(10): 0-0.
[7]	杨莹李威吴荻. 移动Web操作系统安全综述[J]. 信息安全研究, 2018, 4(8): 689-697.
[8]	邹仕洪卜东超孙国峰赵春雷. 开放融合环境下的移动数据管控[J]. 信息安全研究, 2018, 4(8): 704-710.
[9]	劳伟. Linux内核mmap保护机制研究[J]. 信息安全研究, 2018, 4(12): 1135-1141.
[10]	贾世准麦松涛李冬陈志远肖静. 智能网联汽车软件安全测试关键技术研究[J]. 信息安全研究, 2018, 4(11): 1025-1028.
[11]	刘莉孟杰徐宁. 可信计算技术在操作系统发展中的应用综述[J]. 信息安全研究, 2018, 4(1): 45-52.
[12]	王绍刚. 基于USBKey的电子认证在国产操作系统应用技术方法[J]. 信息安全研究, 2016, 2(6): 523-526.
[13]	向大为. Windows 7下USB存储设备接入痕迹的证据提取[J]. 信息安全研究, 2016, 2(4): 333-338.
[14]	张明舵. 渗透测试之信息搜集的研究与漏洞防范[J]. 信息安全研究, 2016, 2(3): 211-219.