CN102592092A - Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem - Google Patents
Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem Download PDFInfo
- Publication number
- CN102592092A CN102592092A CN2012100050603A CN201210005060A CN102592092A CN 102592092 A CN102592092 A CN 102592092A CN 2012100050603 A CN2012100050603 A CN 2012100050603A CN 201210005060 A CN201210005060 A CN 201210005060A CN 102592092 A CN102592092 A CN 102592092A
- Authority
- CN
- China
- Prior art keywords
- policy
- information
- strategy
- statement
- secure subsystem
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a strategy adaptation system and a method based on an SELinux (Security-Enhanced Linux) security subsystem, wherein the system comprises an information collecting module used for collecting the SELinux security subsystem and information of services operated in the SELinux security subsystem; a strategy template storing module used for storing an atomicity strategy template and a strategy base with preset services in a database storage manner; a strategy generating module used for generating a strategy sentence through the atomicity strategy template and the strategy base; a strategy testing module used for testing whether the grammar of the strategy sentence generated by the strategy generating module is legal; and a strategy recovering module used for restarting the system to test whether the loaded strategy sentence normally operates in different security levels. The method disclosed by the invention generates the strategy in an opening-once-serving manner, and generates the strategy according to the customization of a user in an application process instead of loading the strategy in a module, thereby improving the security of the system.
Description
Technical field
The present invention relates to the (SuSE) Linux OS field, particularly the security server field specifically is meant a kind of tactful adaption system and method based on the SELinux secure subsystem.
Background technology
SELinux (Security-Enhanced Linux) is that American National security bureau (being called for short NSA) for the realization of forcing access control, is a new secure subsystem the most outstanding on the Linux.NSA has developed a kind of access control system under the help of Linux community, under the restriction of this access control system, process can only be visited those needed files in its task.Usually, the SELinux default installation can also be installed in other relevant systems on Fedora operating system and Red Hat Enterprise (SuSE) Linux OS, like CentOS, and NeoKylinOS etc.
Linux has increased a general safe access control framework; It comes the execution of control program through the Hook function; This framework is LSM (Linux Secuirty Module), in the LSM framework, can use various controling mechanisms (like Flask mechanism) to realize the control to program.
The SELinux system applies type reinforcement (Type Enforcement, be called for short TE) and based on role's access control (Role-Based Access Control is called for short RBAC); It compares general linux system, and security is higher, and the SELinux system is through the method for fine granularity access control; User and process authority are minimized; Even under attack, process or user right are seized, and also can not cause significant impact to total system.SELinux has following characteristics: the control to visit is thoroughly changed, and only gives least privilege for process, prevents the authority upgrading, gives least privilege for the user.
SELinux can prevent the 0-day leak effectively, better the security of control system.The access control rule of SELinux leaves in the security strategy file, and strategy file is divided into binary file and source code file because the fine-grained influence of SELinux cause the strategy file source code be difficult to write and safeguard.Just be loaded into kernel spacing after the compilation of source code, form policy library and buffer memory in the internal memory.Because this characteristic, a lot of system engineers are free hand modification SELinux mode of operation just, when the SELinux mode of operation is reduced to Permissive (just warning is violated the SELinux rule but do not stoped) state or the Disabled state has just lost effect.
Therefore, need a kind of tactful adaptation method of the SELinux of being directed to secure subsystem badly,, improve the security of system with the needed strategy file of treatment S ELinux better.
Summary of the invention
One of technical matters to be solved by this invention is that a kind of tactful adaption system and method based on the SELinux secure subsystem need be provided.
In order to solve the problems of the technologies described above; The invention provides a kind of tactful adaption system based on the SELinux secure subsystem; This system comprises: information acquisition module, and it is used for gathering the information of the service that SELinux secure subsystem and SELinux secure subsystem moved; The policy template memory module, it is used for storing atomicity policy template and the policy library that preestablishes service with the storage mode of database; The strategy generation module, it utilizes said atomicity policy template and said policy library, generates policy statement according to the information of being gathered; The strategy test module, whether its grammer of testing the policy statement that said tactful generation module generates is legal; And strategy is repaired module; When its test result at said tactful test module is legal; Restarting systems; Through reducing or whether the safe class of rising SELinux secure subsystem is tested the said policy statement that has loaded and in the different security grade, moved normally, when being illegal, then getting into said tactful generation module and utilize said atomicity policy template and said policy library to generate policy statement again according to the information of being gathered in the test result of said tactful test module; Wherein
Said atomicity policy template comprises key word policy template and macro definition policy template.
The tactful adaption system based on the SELinux secure subsystem is according to a further aspect of the invention repaired in the module at said strategy, when operation in said policy statement one of them safe class at said different safety class is undesired,
Said information acquisition module collection is in the extended attribute resource information of the SELinux secure subsystem in the said safe class;
Said strategy is repaired module; It generates the replenishment strategy statement based on the extended attribute resource information; Said replenishment strategy statement is added in the said policy statement to generate new policy statement so that the new policy statement that is generated is moved in said safe class normally, and
The normal said new policy statement of storage running in said policy template memory module.
The tactful adaption system based on the SELinux secure subsystem according to a further aspect of the invention also comprises:
The log store module, it is stored moving the normal said new log information that policy statement produced, and said log information comprises time and the position that new policy statement is stored of the generation of new policy statement.
Tactful adaption system according to a further aspect of the invention based on the SELinux secure subsystem,
Said information acquisition module, it gathers the information of the service of SELinux secure subsystem and SELinux secure subsystem based on the fine granularity authority, wherein,
The information of being gathered comprises that the service document simulation of the conventional resource information of the service document of SELinux secure subsystem, SELinux secure subsystem starts extended attribute resource information and user's supplemental resources information of resource requirement information, SELinux secure subsystem.
Tactful adaption system according to a further aspect of the invention based on the SELinux secure subsystem,
Said information acquisition module, its resource of the service document in the tabulation being installed according to server software is gathered service document system convention resource information.
Tactful adaption system according to a further aspect of the invention based on the SELinux secure subsystem; At said tactful generation module; It utilizes said atomicity policy template and said policy library, generates the policy statement that meets minimum right principle according to the information of being gathered.
According to a further aspect in the invention, a kind of tactful adaptation method based on the SELinux secure subsystem is provided also, has comprised:
Gather the information of the service that is moved in SELinux secure subsystem and the SELinux secure subsystem;
Utilize atomicity policy template and policy library, generate policy statement according to the information of being gathered;
Whether the grammer of the said policy statement that test is generated is legal;
If test result is legal; Restarting systems then; Test the said policy statement that has loaded through the safe class of reduction or rising SELinux secure subsystem and in the different security grade, whether move normally, otherwise, then utilize atomicity policy template and policy library again, generate strategy according to the information of being gathered; Wherein
Said atomicity policy template comprises key word policy template and macro definition policy template.
The tactful adaptation method based on the SELinux secure subsystem according to a further aspect of the invention, said policy statement move in one of them safe class of said different safety class when undesired,
Collection is in the extended attribute resource information of the SELinux secure subsystem in the said safe class;
Generate replenishment strategy based on said extended attribute resource information;
Said replenishment strategy is added in the said strategy to generate new policy statement so that the new policy statement that is generated is moved in said safe class normally, and
The normal said new policy statement of storage running.
Tactful adaptation method according to a further aspect of the invention based on the SELinux secure subsystem; The normal said new log information that policy statement produced of storage running, said log information comprise time and the position that new policy statement is stored of the generation of new policy statement.
The tactful adaptation method based on the SELinux secure subsystem according to a further aspect of the invention carries out the information acquisition of fine granularity authority to the service of SELinux secure subsystem and SELinux secure subsystem, wherein,
The information of being gathered comprises that the service document simulation of the conventional resource information of the service document of SELinux secure subsystem, SELinux secure subsystem starts extended attribute resource information and user's supplemental resources information of resource requirement information, SELinux secure subsystem.
Compared with prior art, one or more embodiment of the present invention can have the following advantages:
The inventive method is managed the screening of being convenient to flexible control strategy statement through taking database mode to policy statement; Take to serve the method for promptly opening and accomplish the generation of strategy; To the user in the customization of use and generation strategy; Rather than generation strategy is loaded in the module in advance, and this dirigibility can improve the security of system.
The present invention is in information acquisition, and policy template customizes, policy store; Aspects such as strategy combination and strategy test are improved, aspect information acquisition, and the mode of taking routine information to combine with the specific information collection; Cooperate user's customization; Make collecting work more flexible, also guarantee the i.e. principle of strategy of service, reduced the generation of leak and the load of system like this.
The partition of atomicity is taked in the customization of policy template, the reserved word that tactful masterplate is required, and key word and macro call are stored in respectively in the database, utilize the operation of database, are combined into legal policy statement, and are loaded in the module of SELinux.
The inventive method is to be difficult to the shortcoming of managing and using in order better to remedy the SElinux secure subsystem; Help the user better to manage the SElinux secure subsystem; Reinforce (SuSE) Linux OS, defend illegal invasion and effectively control the influence that the 0-day leak is produced.
Other features and advantages of the present invention will be set forth in instructions subsequently, and, partly from instructions, become obvious, perhaps understand through embodiment of the present invention.The object of the invention can be realized through the structure that in instructions, claims and accompanying drawing, is particularly pointed out and obtained with other advantages.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of instructions, is used to explain the present invention with embodiments of the invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the schematic flow sheet based on the tactful adaptation method of SELinux secure subsystem according to first embodiment of the invention;
Fig. 2 is the structural representation based on the tactful adaption system of SELinux secure subsystem according to second embodiment of the invention;
Fig. 3 is the functional schematic according to the information acquisition module of second embodiment of the invention.
Embodiment
Below will combine accompanying drawing and embodiment to specify embodiment of the present invention, how the application technology means solve technical matters to the present invention whereby, and the implementation procedure of reaching technique effect can make much of and implement according to this.Need to prove that only otherwise constitute conflict, each embodiment among the present invention and each characteristic among each embodiment can mutually combine, formed technical scheme is all within protection scope of the present invention.
In addition; Can in computer system, carry out in the step shown in the process flow diagram of accompanying drawing such as a set of computer-executable instructions, and, though logical order has been shown in process flow diagram; But in some cases, can carry out step shown or that describe with the order that is different from here.
Fig. 1 is the schematic flow sheet based on the tactful adaptation method of SELinux secure subsystem according to first embodiment of the invention, specifies each step of this method below with reference to figure 1.
For example, be that example specifies the tactful adaptation method based on the SELinux secure subsystem with mysql-server server based on the SELinux secure subsystem.
Particularly; The information acquisition of fine granularity authority is carried out in service to SELinux secure subsystem and SELinux secure subsystem, and the information of being gathered comprises that the service document simulation of the conventional resource information of the service document of SELinux secure subsystem, SELinux secure subsystem starts extended attribute resource information and user's supplemental resources information of resource requirement information, SELinux secure subsystem.
Need to prove; In the SELinux secure subsystem; Policy language is used to instruct the decision-making of SELinux security engine computationally secure, through generating policy language based on relevant resource information, for example: the object type of file; The territory of process, the role that restriction gets into and/or the related resource information such as regular expression of access permission.Therefore before carrying out policy development, need to gather these resource informations.When the normal operation of service, the required resource information of system is carried out the collection of resources of fine granularity authority.
Gather service document system convention resource information, more specifically, the resource requirement property that present embodiment is installed this service document that tabulation drawn according to user's software is gathered service document system convention resource information:
For example: serve and be elaborated to a mysql commonly used, shown in the following form 1:
| rpm-ql?mysql-server-5.5.17-2.fc15.art.x86_64 |
| /etc/rc.d/init.d/mysqld |
| /etc/sysconfig/mysqld |
| /etc/tmpfiles.d/mysql.conf |
| /usr/bin/innochecksum |
| ... |
| /usr/lib64/mysql/plugin |
| /usr/lib64/mysql/plugin/adt_null.so |
| ... |
| /usr/lib64/mysql/plugin/semisync_slave.so |
| /usr/libexec/mysqld |
| /usr/share/doc/mysql-server-5.5.17 |
| ... |
| /usr/share/doc/mysql-server-5.5.17/my-small.cnf |
| /usr/share/man/man?1/innochecksum.1.gz |
| ... |
| /usr/share/mysql/mysql_system_tables.sql |
| /usr/share/mysql/mysql_test_data_timezone.sql |
| /var/lib/mysql |
| /var/log/mysqld.log |
| /var/run/mysqld |
Form 1
The listed files (above table is merely the part of listed files) that a Mysql server software shown in the form 1 is required; What this tabulation showed is the bibliographic structure of document storage; These bibliographic structures are one of required resources of SELinux secure subsystem generation strategy file; If do not comprise certain catalogue or file in the above-mentioned listed files; Then corresponding service document system convention resource does not exist yet, and then at the normal corresponding strategy that can carry out of this catalogue or file that just can't inquire in service of service processes, will refuse execution or the access limit of this service to this catalogue or file like this.
In addition, the rpm of system bag can use rpm the %file structure or-the ql parameter checks that the path obtains corresponding service document system convention resource.Source code package can obtain relevant document directory structure through the makefile file, from the bibliographic structure that obtains, can obtain service document system convention resource.
Gather the service document simulation and start resource requirement information, particularly, the normal operation of a service; Except that the related resource of above table (1); Also will consider the resource that it is recessive, service document simulation just starts resource requirement information, and this resource information is divided into clear and definite information and self-defined information.Clear and definite information is for example: the port 3306. that mysql is commonly used and the file of the stored acquiescence of socket, non-clear and definite self-defined information comprise User Defined port and other operations.
For example, when the Mysql service starts:
#service?mysqld?start
Starting?mysqld(via?systemctl): [OK]
Along with the needed socket of the operation of this service
| -rw-r--r--. | 1 | root | root | 0 | Nov | 15 | 20:55 | /var/lock/subsys/mysqld |
And serve related port:
| ?tcp | 0 | 0 | 0.0.0.0:3306 | 0.0.0.0:* | LISTEN | 3536/mysqld |
Except above-mentioned information, also need relevant informations such as daily record, pipeline or process.
Gather the extended attribute resource information of SELinux secure subsystem, this resource information is that the extended attribute resource information can be extracted from the log information system's operational process, the information of for example being obstructed to the demand of the ad hoc resources of service.
For example, the ad hoc resources demand of system in operational process, can from the log information of following form, extract:
Form 2
We can obtain the information of being obstructed of mysql server according to the information of form 2.
Information acquisition is carried out in the service of SELinux secure subsystem and SELinux secure subsystem also need be gathered user's supplemental resources information; When the user will increase or revise information; Then system provides the corresponding information that needs interpolation or revise to the user, and the present embodiment collection is added or amended user's supplemental resources information.
For example; Initialization information is gathered; It is the option of an acquiescence of user interactions; The initialization information collection is a system after starting the SELinux secure subsystem, informs the user need provide also needs for which service except that the security of system strategy security strategy, and the policy library tabulation here is the policy library that acquiescence provides.As: whether the user need select to provide to Apache, DNS, DHCP, services such as ftp provide strategy, and the information of user-selected service is user's supplemental resources information.If the user wants to use LAMP service, the service that then need open Apache and PHP for the user, user's supplemental resources information that corresponding collection is relevant with the service of Apache and PHP.
Need to prove that above-mentioned related resource information is not disposable collection, for example, gather when the extended attribute resource information is the strategy test in step 140.The user is submitted in the resource information unification that collects confirm, through interactive interface, the user can carry out the additional and affirmation of strategy according to the information of submitting to.
Step 120 is utilized atomicity policy template and policy library, according to the information generation strategy statement of being gathered.
Particularly, after the Information Monitoring,, filter out policy informations such as corresponding policy statement and tactful macro call based on the atomicity policy template, the policy information that filters out is made up with generation strategy according to the information that is collected.
Need to prove that atomicity policy template plate comprises key word strategy and macro definition policy template.
Whether particularly, the strategy that generates is tested, it is legal to test this policy statement.In test process, at first judge it is the legitimacy of policy statement, for example whether the grammer of statement is legal.If illegal, then abandon illegal strategy.
If the grammer of this policy statement is legal, then generate this tactful daily record and be used for writing down state and the time that this strategy generates, and the operation of storing this strategy and further carrying out step 140.
Particularly; The strategy that the test of step 130 grammer is passed through compiles loading; After restarting systems; Whether whether the prompting user starts this service, and according to the log collection extended attribute resource information that starts service, test the legal strategy of grammer through the grade of reduction or lifting Selinux safety and can under current system-level, can normally move.
When operation in policy statement one of them safe class at different safety class is undesired; Collection is in the extended attribute resource information of the SELinux secure subsystem in the safe class; Generate the replenishment strategy statement based on the extended attribute resource information; The replenishment strategy statement is added in the policy statement to generate new policy statement so that the new policy statement that is generated can be moved in this safe class normally; And normal new policy statement of storage running and the normal new log information that policy statement produced of operation, this log information comprises time and the position that new policy statement is stored of the generation of new policy statement.
Need to prove; In step 130; Detect owing to only the policy statement that generates is done grammer, the policy statement that grammer is qualified can not guarantee can normally move with the corresponding service of this policy statement, and restarting systems then is in order to let the user select whether to load the strategy (loading of strategy comes into force and needs the user to restart system) of this service; After the user selects to load this service, because the policy statement that step 130 produces can not guarantee the normal operation of corresponding service with it.
The normal operation of service need replenish with the relevant policy statement conduct of the extended attribute resource information that implies sometimes; Through gathering from the extended attribute resource information in the log information of audit log and routine; This audit log mainly is the warning message that provides of the current SELinux secure subsystem of record, generates corresponding replenishment strategy according to this information and adds in the strategy that step 130 generates and go.Add the pattern operational example such as grep " the related service "/var/log/audit/audit.log|audit2allow-M mymod|semodule-I mymod.pp of strategy? Rm mymod.pp:exit; After reloading strategy; And do repeated test, pass through to guarantee service.Pass through as if test, inform user's current state, and suggestion user's modification level of security, the user then is revised as the enforcing state with the safe condition of SELinux if agree modification.
The inventive method is accomplished the generation of strategy through taking to serve promptly the method for opening, and in the customization of use and generation strategy, rather than generation strategy is loaded in the module in advance to the user, and this dirigibility can improve the security of system.
Second embodiment
Fig. 2 is the structural representation based on the tactful adaption system of SELinux secure subsystem according to second embodiment of the invention, and what specify this embodiment below respectively forms module.
Present embodiment comprises information acquisition module 21, policy template memory module 22, tactful generation module 23, tactful test module 24, strategy reparation module 25 and log store module 26; Information acquisition module 21 is connected with policy template memory module 22; Policy template memory module 22 is connected with tactful generation module 23; Strategy generation module 23 is connected with tactful test module 24, and tactful test module 24 is repaired module 25 with strategy and is connected, and strategy is repaired module 25 and is connected with log store module 26.Next, specify the function of each module.
Information acquisition module 21, it acts on the information of gathering the service that is moved in SELinux secure subsystem and the SELinux secure subsystem.Fig. 3 is the functional schematic according to the information acquisition module of second embodiment of the invention; Please refer to Fig. 3, the major function of information acquisition module 21 comprises: gather the conventional resource information of service document of SELinux secure subsystem, the service document simulation startup resource requirement information of gathering the SELinux secure subsystem, extended attribute resource information and user's supplemental resources information of gathering the SELinux secure subsystem.Wherein user's supplemental resources information comprises: start information on services, self-defined information and definite and Debugging message.
Information acquisition module 21, it gathers the information of the service of SELinux secure subsystem and SELinux secure subsystem based on the fine granularity authority.
Particularly, information acquisition module 21 is gathered service document system convention resource information according to the resource of the service document in the server software installation tabulation; Also will consider the resource that it is recessive, service document simulation just starts resource requirement information, and this resource information is divided into clear and definite information and self-defined information.Clear and definite information is for example: the port 3306. that mysql is commonly used and the file of the stored acquiescence of socket, non-clear and definite self-defined information comprise User Defined port and other operations; Gather the extended attribute resource information of SELinux secure subsystem, this resource information is that the extended attribute resource information can be extracted from the log information system's operational process to the demand of the ad hoc resources of service; When the user will increase or revise information, then system provided the corresponding information that needs interpolation or revise to the user, and information acquisition module 21 is gathered and added or amended user's supplemental resources information.
Policy template memory module 22, it is used for storing with the storage mode of database the policy library of atomicity policy template and predefined service, and predefined service is common service.
Need to prove that the policy template that the policy template memory module is stored comprises atomicity policy template, tactful key word masterplate and macro definition masterplate.Because when the cutting policy template, with system or serve required tactful subclass and split, can key word and the macro definition according to policy template be split into tactful key word template and macro definition template with atomic way; For example, tactful key word template can be expressed as: _ t, bin_t; Sbin_t, etc_t, exec_t; Atomicity policy statement such as Boolean_t, the macro definition template can be expressed as: files_read_etc_files, the macro definition that dev_read_sysfs etc. are commonly used.
Need to prove, the strategy in the policy library of common service also is stored in the policy template memory module with atomicity key word and macrodefined keyword form, but make that the Policies Resource regroup is more intense.
In policy library, strategy is stored with the atomization mode of key word, for example, the atomization of tactful key word: like key words such as bool allow and clone eq if range role sid source type.The reserved word of strategy key word when being generation strategy, macro definition then are that some the authority tissues with strategy reduce another name commonly used.The composition of policy statement comprises key word and the user-defined title and the macro definition commonly used of strategy, and the user also can own defmacro definition.When storage, the strategy of keyword form and the strategy of macro definition form are stored in respectively in the policy template memory module.
For guarantee with tactful corresponding service normally launch the normal operation with Additional Services, the strategy of the policy library in the policy template memory module is abundanter, for example:
When the Mysql service operation, not only comprise the strategy of external service to the visit of server, also comprise strategy and many-sided problems such as log saving, server admin and the backup migration strategy accordingly of the problem of management of server self.
Policy template in the policy template memory module 22 in the present embodiment has the versatility and the extendability of template; The macro definition of strategy generally is directed against the versatility of template; The atomization of aforesaid macro definition template; The extendability of template then is to carry out self-defined grand and other operations to the specific demand of service, as: the mysql server need be done principal and subordinate's synchronous operation, and system will generate corresponding strategy.
In addition; Because policy template is taked the database mode storage, the stored in file format that breaks traditions, database is through the mode storing template of clauses and subclausesization; Through with the atomicity policy template, tactful key word template and macro definition template etc. are stored in the database respectively.Shown in the following form 3:
| Database |
| sedb_atotemplates |
| sedb_macros |
| sedb_policys |
| sedb_reserved |
Form 3
In addition, policy template memory module 22 is also stored through strategy and is repaired the strategy file that normal each policy statement of operation after module is repaired is formed.In the policy template memory module, strategy file is three major part * .if*.fc*.te..Wherein, * .if-has defined the interface/template that policy module outwards derives; * .fc surveys the sc that has defined associated documents; * .te has defined type/role, attribute, and the suitable authority of giving.
Strategy generation module 23, it utilizes said atomicity policy template and said policy library, generates policy statement according to the information of being gathered.
Particularly; Filter out the required strategy of current service in the policy library of information from policy template memory module 22 of being gathered based on information acquisition module 21 and from the atomicity policy template, filter out template corresponding, the strategy of screening is made up generate the policy statement that meets minimum right principle.
Need to prove; This module is according to minimum right principle generation strategy statement, and wherein, minimum right principle has guaranteed security of system; System's least resource that the principle basis information acquisition module 21 of least privilege is gathered; Like system's place catalogue and required file, and, in audit information, have only corresponding resource request just to have corresponding warning daily record and produce according to the relevant strategy of extend information generation that audit information provides.
For example, according to the information of being gathered from policy template memory module 22 according to the macro definition call macro, shown in the following form 4:
Form 4
When macro call, to the administration authority of journal file, need the authority of setting and getattr during for example mysql serves, the authority of read-write, the authority of appending is created, deletion, the authority that locks.Therefore which grandly has such attribute to need Query Database, through inquiry, obtains the content shown in the for example following form 5.
Form 5
Through the macro call name of query strategy template memory module 22 acquisition this document, the policy statement that then generates based on macro call can be as follows:
Allow?mysqld_safe_tmysqld_log_t:file?manage_file_perms
According to the top policy statement that produces: Allow mysqld_saft_t mysqld_log_t:file manage_file_perms, this statement is belonged in the mysql_te table in the sedb_policys database, help inquiring about this policy statement.
In addition, the log information that produces during to the generation strategy statement is stored, and is convenient to follow the trail of audit, wherein, log record time and the information such as database location of policy store of tactful generation.
Strategy test module 24, whether the grammer of the policy statement that its Test Strategy generation module 23 is generated is legal.
Whether particularly, the strategy that generates is tested, it is legal to test this policy statement.In test process, at first judge the legitimacy of the statement that is strategy, that is whether the grammer of statement is legal.If illegal, then abandon illegal policy statement.
If this tactful grammer is legal, then generate daily record and be used for writing down state and the time that this strategy generates, and with in policy store to the policy template memory module 22 that generates.
Strategy is repaired module 25; When its test result at tactful test module 24 is legal; Restarting systems; Through reducing or whether the safe class of rising SELinux secure subsystem is tested the policy statement that has loaded and in the different security grade, moved normally, when being illegal, then getting into tactful generation module 23 and utilize atomicity policy template and policy library to generate policy statement again according to the information of being gathered in the test result of tactful test module 24.
Repair in the module 25 at strategy; When operation in policy statement one of them safe class at different safety class is undesired; Information acquisition module 21 is gathered the extended attribute resource information that is in the SELinux secure subsystem in this safe class; Strategy is repaired module 25, and it generates the replenishment strategy statement based on the extended attribute resource information; The replenishment strategy statement is added in the policy statement to generate new policy statement so that the new policy statement that is generated is moved in safe class normally, and in policy template memory module 22 the normal new policy statement of storage running.
The main function that strategy is repaired module 25 is to generate and append strategy according to the extend information (like audit log information) that information acquisition module 21 is gathered.Be that with the difference of tactful test module 24 tactful test module 24 only carries out the grammer test to the policy statement that generates, and all follow-up replenishment strategy are carried out by strategy reparation module.
In the present embodiment system, can also comprise log store module 26.Log store module 26, it is stored moving the normal new log information that policy statement produced, and log information comprises time and the position that new policy statement is stored of the generation of new policy statement.
The present invention is in information acquisition, and policy template customizes, policy store; Aspects such as strategy combination and strategy test are improved, and aspect information acquisition, take routine information to combine with the specific information collection; Cooperate user's customization; Make collecting work more flexible, also guarantee the i.e. principle of strategy of service, reduced the generation of leak and the load of system like this.
Those skilled in the art should be understood that; Above-mentioned each module of the present invention or each step can realize that they can concentrate on the single calculation element with the general calculation device, perhaps are distributed on the network that a plurality of calculation element forms; Alternatively; They can realize with the executable program code of calculation element, thereby, can they be stored in the memory storage and carry out by calculation element; Perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
Though the embodiment that the present invention disclosed as above, the embodiment that described content just adopts for the ease of understanding the present invention is not in order to limit the present invention.Technician under any the present invention in the technical field; Under the prerequisite of spirit that does not break away from the present invention and disclosed and scope; Can do any modification and variation what implement in form and on the details; But scope of patent protection of the present invention still must be as the criterion with the scope that appending claims was defined.
Claims (10)
1. the tactful adaption system based on the SELinux secure subsystem is characterized in that, comprising:
Information acquisition module, it is used for gathering the information of the service that SELinux secure subsystem and SELinux secure subsystem moved;
The policy template memory module, it is used for storing atomicity policy template and the policy library that preestablishes service with the storage mode of database;
The strategy generation module, it utilizes said atomicity policy template and said policy library, generates policy statement according to the information of being gathered;
The strategy test module, whether its grammer of testing the policy statement that said tactful generation module generates is legal; And
Strategy is repaired module; When its test result at said tactful test module is legal; Restarting systems; Through reducing or whether the safe class of rising SELinux secure subsystem is tested the said policy statement that has loaded and in the different security grade, moved normally, when being illegal, then getting into said tactful generation module and generate policy statement according to the information of being gathered to utilize said atomicity policy template and said policy library again in the test result of said tactful test module; Wherein
Said atomicity policy template comprises key word policy template and macro definition policy template.
2. system according to claim 1 is characterized in that, repairs in the module at said strategy, and when operation in said policy statement one of them safe class at said different safety class is undesired,
Said information acquisition module collection is in the extended attribute resource information of the SELinux secure subsystem in the said safe class;
Said strategy is repaired module; It generates the replenishment strategy statement based on the extended attribute resource information; Said replenishment strategy statement is added in the said policy statement to generate new policy statement so that the new policy statement that is generated is moved in said safe class normally, and
The normal said new policy statement of storage running in said policy template memory module.
3. system according to claim 2 is characterized in that, also comprises:
The log store module, it is stored moving the normal said new log information that policy statement produced, and said log information comprises time and the position that new policy statement is stored of the generation of new policy statement.
4. system according to claim 1 is characterized in that,
Said information acquisition module, it gathers the information of the service of SELinux secure subsystem and SELinux secure subsystem based on the fine granularity authority, wherein,
The information of being gathered comprises that the service document simulation of the conventional resource information of the service document of SELinux secure subsystem, SELinux secure subsystem starts extended attribute resource information and user's supplemental resources information of resource requirement information, SELinux secure subsystem.
5. system according to claim 4 is characterized in that,
Said information acquisition module, its resource of the service document in the tabulation being installed according to server software is gathered service document system convention resource information.
6. system according to claim 1 is characterized in that,
At said tactful generation module, it utilizes said atomicity policy template and said policy library, generates the policy statement that meets minimum right principle according to the information of being gathered.
7. the tactful adaptation method based on the SELinux secure subsystem is characterized in that, comprising:
Gather the information of the service that is moved in SELinux secure subsystem and the SELinux secure subsystem;
Utilize atomicity policy template and policy library, generate policy statement according to the information of being gathered;
Whether the grammer of the said policy statement that test is generated is legal;
If test result is legal; Restarting systems then; Test the said policy statement that has loaded through the safe class of reduction or rising SELinux secure subsystem and in the different security grade, whether move normally, otherwise, then utilize atomicity policy template and policy library again, generate strategy according to the information of being gathered; Wherein
Said atomicity policy template comprises key word policy template and macro definition policy template.
8. method according to claim 7 is characterized in that, said policy statement is moved in one of them safe class of said different safety class when undesired,
Collection is in the extended attribute resource information of the SELinux secure subsystem in the said safe class;
Generate the replenishment strategy statement based on said extended attribute resource information;
Said replenishment strategy statement is added in the said policy statement to generate new policy statement so that the new policy statement that is generated is moved in said safe class normally, and
The normal said new policy statement of storage running.
9. method according to claim 8 is characterized in that,
The normal said new log information that policy statement produced of storage running, said log information comprise time and the position that new policy statement is stored of the generation of new policy statement.
10. method according to claim 8 is characterized in that,
The information acquisition of fine granularity authority is carried out in service to SELinux secure subsystem and SELinux secure subsystem, wherein,
The information of being gathered comprises that the service document simulation of the conventional resource information of the service document of SELinux secure subsystem, SELinux secure subsystem starts extended attribute resource information and user's supplemental resources information of resource requirement information, SELinux secure subsystem.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210005060.3A CN102592092B (en) | 2012-01-09 | 2012-01-09 | Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210005060.3A CN102592092B (en) | 2012-01-09 | 2012-01-09 | Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102592092A true CN102592092A (en) | 2012-07-18 |
| CN102592092B CN102592092B (en) | 2015-01-21 |
Family
ID=46480712
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210005060.3A Active CN102592092B (en) | 2012-01-09 | 2012-01-09 | Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102592092B (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103049708A (en) * | 2012-12-27 | 2013-04-17 | 华为技术有限公司 | Audit configuration method and audit configuration system for database |
| CN103176817A (en) * | 2012-12-21 | 2013-06-26 | 中国电力科学研究院 | Linux security policy configuration method based on self-learning |
| CN104536878A (en) * | 2014-11-28 | 2015-04-22 | 南京大学 | Method for verifying accurate repair of atomicity violation error in concurrent program |
| CN105335652A (en) * | 2015-11-24 | 2016-02-17 | 小米科技有限责任公司 | Debug method and debug device of application process of mobile terminal |
| CN105844152A (en) * | 2016-03-22 | 2016-08-10 | 山东超越数控电子有限公司 | SELinux system based Linux kernel reinforcement method and hardware platform |
| CN106096418A (en) * | 2016-06-02 | 2016-11-09 | 北京元心科技有限公司 | SELinux-based startup security level selection method and device and terminal equipment |
| CN106156607A (en) * | 2016-07-11 | 2016-11-23 | 青岛海信智能商用系统有限公司 | A kind of SElinux safety access method and POS terminal |
| CN106453413A (en) * | 2016-11-29 | 2017-02-22 | 北京元心科技有限公司 | Method and device for applying SELinux security policy in multi-system |
| CN106534147A (en) * | 2016-11-29 | 2017-03-22 | 北京元心科技有限公司 | Method and device for selecting and applying SELinux security policy in multi-system |
| CN106845246A (en) * | 2016-12-22 | 2017-06-13 | 北京聆云信息技术有限公司 | A kind of security strategy adaptation frameworks and its method |
| CN106878239A (en) * | 2015-12-14 | 2017-06-20 | 中国移动通信集团公司 | A kind of security strategy update method and device |
| CN108292346A (en) * | 2015-11-25 | 2018-07-17 | 开利公司 | The extracts physical access control policy from static rights and Access Events |
| CN112131582A (en) * | 2020-08-28 | 2020-12-25 | 达闼机器人有限公司 | SELinux rule generation method and device and electronic equipment |
| CN112463203A (en) * | 2020-10-29 | 2021-03-09 | 苏州浪潮智能科技有限公司 | SELinux management configuration method, system, equipment and medium |
| CN112783573A (en) * | 2021-01-25 | 2021-05-11 | 东风汽车集团股份有限公司 | SELinux strategy configuration system and method for multiple user-defined services |
| CN113505367A (en) * | 2021-06-29 | 2021-10-15 | 杭州华橙软件技术有限公司 | Security audit method, device, system, electronic device and readable storage medium |
| CN114741076A (en) * | 2022-04-20 | 2022-07-12 | 重庆长安汽车股份有限公司 | SOA service parameter fast definition method |
| CN114741076B (en) * | 2022-04-20 | 2024-05-31 | 重庆长安汽车股份有限公司 | SOA service parameter rapid definition method |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI756867B (en) | 2020-10-16 | 2022-03-01 | 財團法人工業技術研究院 | Method and system for labeling object and generating security policy in operating system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1529531A (en) * | 2003-10-17 | 2004-09-15 | ����ͨѶ�ɷ�����˾ | Method for accessing safety gate-link for mobile user |
| US20080141338A1 (en) * | 2006-12-07 | 2008-06-12 | Dong Wook Kim | Secure policy description method and apparatus for secure operating system |
| US20090158385A1 (en) * | 2007-12-17 | 2009-06-18 | Electronics And Telecommunications Research Institute | Apparatus and method for automatically generating SELinux security policy based on selt |
-
2012
- 2012-01-09 CN CN201210005060.3A patent/CN102592092B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1529531A (en) * | 2003-10-17 | 2004-09-15 | ����ͨѶ�ɷ�����˾ | Method for accessing safety gate-link for mobile user |
| US20080141338A1 (en) * | 2006-12-07 | 2008-06-12 | Dong Wook Kim | Secure policy description method and apparatus for secure operating system |
| US20090158385A1 (en) * | 2007-12-17 | 2009-06-18 | Electronics And Telecommunications Research Institute | Apparatus and method for automatically generating SELinux security policy based on selt |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103176817A (en) * | 2012-12-21 | 2013-06-26 | 中国电力科学研究院 | Linux security policy configuration method based on self-learning |
| CN103176817B (en) * | 2012-12-21 | 2016-08-10 | 中国电力科学研究院 | A kind of Linux security policy configuration based on self study |
| CN103049708B (en) * | 2012-12-27 | 2015-08-19 | 华为技术有限公司 | A kind of audit collocation method of database and system |
| CN103049708A (en) * | 2012-12-27 | 2013-04-17 | 华为技术有限公司 | Audit configuration method and audit configuration system for database |
| CN104536878A (en) * | 2014-11-28 | 2015-04-22 | 南京大学 | Method for verifying accurate repair of atomicity violation error in concurrent program |
| CN104536878B (en) * | 2014-11-28 | 2017-09-12 | 南京大学 | The method whether atomicity mistake is correctly repaired is violated in a kind of checking concurrent program |
| CN105335652A (en) * | 2015-11-24 | 2016-02-17 | 小米科技有限责任公司 | Debug method and debug device of application process of mobile terminal |
| CN105335652B (en) * | 2015-11-24 | 2018-07-31 | 小米科技有限责任公司 | The adjustment method and device of mobile terminal application process |
| CN108292346A (en) * | 2015-11-25 | 2018-07-17 | 开利公司 | The extracts physical access control policy from static rights and Access Events |
| CN106878239A (en) * | 2015-12-14 | 2017-06-20 | 中国移动通信集团公司 | A kind of security strategy update method and device |
| CN105844152A (en) * | 2016-03-22 | 2016-08-10 | 山东超越数控电子有限公司 | SELinux system based Linux kernel reinforcement method and hardware platform |
| CN105844152B (en) * | 2016-03-22 | 2018-10-26 | 山东超越数控电子有限公司 | A kind of linux kernel reinforcement means and hardware platform based on SELinux systems |
| CN106096418A (en) * | 2016-06-02 | 2016-11-09 | 北京元心科技有限公司 | SELinux-based startup security level selection method and device and terminal equipment |
| CN106096418B (en) * | 2016-06-02 | 2019-01-04 | 北京元心科技有限公司 | SELinux-based startup security level selection method and device and terminal equipment |
| CN106156607B (en) * | 2016-07-11 | 2020-01-17 | 青岛海信智能商用系统股份有限公司 | SElinux secure access method and POS terminal |
| CN106156607A (en) * | 2016-07-11 | 2016-11-23 | 青岛海信智能商用系统有限公司 | A kind of SElinux safety access method and POS terminal |
| CN106534147B (en) * | 2016-11-29 | 2019-08-27 | 北京元心科技有限公司 | Method and device for selecting and applying SELinux security policy in multi-system |
| CN106534147A (en) * | 2016-11-29 | 2017-03-22 | 北京元心科技有限公司 | Method and device for selecting and applying SELinux security policy in multi-system |
| CN106453413B (en) * | 2016-11-29 | 2019-06-25 | 北京元心科技有限公司 | Method and device for applying SELinux security policy in multi-system |
| CN106453413A (en) * | 2016-11-29 | 2017-02-22 | 北京元心科技有限公司 | Method and device for applying SELinux security policy in multi-system |
| CN106845246B (en) * | 2016-12-22 | 2018-10-02 | 北京聆云信息技术有限公司 | A kind of security strategy adaptation frameworks and its method |
| CN106845246A (en) * | 2016-12-22 | 2017-06-13 | 北京聆云信息技术有限公司 | A kind of security strategy adaptation frameworks and its method |
| CN112131582A (en) * | 2020-08-28 | 2020-12-25 | 达闼机器人有限公司 | SELinux rule generation method and device and electronic equipment |
| CN112463203A (en) * | 2020-10-29 | 2021-03-09 | 苏州浪潮智能科技有限公司 | SELinux management configuration method, system, equipment and medium |
| CN112783573A (en) * | 2021-01-25 | 2021-05-11 | 东风汽车集团股份有限公司 | SELinux strategy configuration system and method for multiple user-defined services |
| CN113505367A (en) * | 2021-06-29 | 2021-10-15 | 杭州华橙软件技术有限公司 | Security audit method, device, system, electronic device and readable storage medium |
| CN113505367B (en) * | 2021-06-29 | 2024-05-28 | 杭州华橙软件技术有限公司 | Security audit method, device, system, electronic device and readable storage medium |
| CN114741076A (en) * | 2022-04-20 | 2022-07-12 | 重庆长安汽车股份有限公司 | SOA service parameter fast definition method |
| CN114741076B (en) * | 2022-04-20 | 2024-05-31 | 重庆长安汽车股份有限公司 | SOA service parameter rapid definition method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102592092B (en) | 2015-01-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102592092A (en) | Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem | |
| US10009385B2 (en) | Method and system for managing security policies | |
| RU2564850C2 (en) | System and methods of providing enhanced security model | |
| RU2589852C2 (en) | System and method for automatic regulation of rules for controlling applications | |
| Hall et al. | A cooperative approach to support software deployment using the software dock | |
| EP2880837B1 (en) | Automated multi-level federation and enforcement of information management policies in a device network | |
| JP5147840B2 (en) | Declarative Management Framework (DECLARATIVEMAAGEENTENTRAMEWORK) | |
| CN106295355B (en) | A kind of active safety support method towards Linux server | |
| Lindqvist | Mandatory access control | |
| CN102236764B (en) | Method and monitoring system for Android system to defend against desktop information attack | |
| CN104360892B (en) | Create the system and method for virtual machine | |
| JP2006202290A (en) | Application object as primitive of operating system | |
| Muthukumaran et al. | Leveraging" choice" to automate authorization hook placement | |
| CA2636261A1 (en) | Virtual roles | |
| de Albuquerque et al. | Policy modeling and refinement for network security systems | |
| US20240095402A1 (en) | Methods and Systems for Recursive Descent Parsing | |
| Brose et al. | Integrating security policy design into the software development process | |
| US8601551B2 (en) | System and method for a business data provisioning for a pre-emptive security audit | |
| US20210051158A1 (en) | Methods and systems to identify a compromised device through active testing | |
| PeBenito et al. | Reference policy for security enhanced linux | |
| US20110153574A1 (en) | Method for safeguarding the integrity of a relational database in case of structural transaction execution | |
| CN113031964B (en) | Big data application management method, device, equipment and storage medium | |
| CN107533436B (en) | Hardware management | |
| CN108089948A (en) | A kind of database backup method and device | |
| Martínez et al. | Automatic generation of security compliant (virtual) model views |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |