CN102592092B - Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem - Google Patents
Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem Download PDFInfo
- Publication number
- CN102592092B CN102592092B CN201210005060.3A CN201210005060A CN102592092B CN 102592092 B CN102592092 B CN 102592092B CN 201210005060 A CN201210005060 A CN 201210005060A CN 102592092 B CN102592092 B CN 102592092B
- Authority
- CN
- China
- Prior art keywords
- policy
- information
- strategy
- statement
- selinux
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a strategy adaptation system and a method based on an SELinux (Security-Enhanced Linux) security subsystem, wherein the system comprises an information collecting module used for collecting the SELinux security subsystem and information of services operated in the SELinux security subsystem; a strategy template storing module used for storing an atomicity strategy template and a strategy base with preset services in a database storage manner; a strategy generating module used for generating a strategy sentence through the atomicity strategy template and the strategy base; a strategy testing module used for testing whether the grammar of the strategy sentence generated by the strategy generating module is legal; and a strategy recovering module used for restarting the system to test whether the loaded strategy sentence normally operates in different security levels. The method disclosed by the invention generates the strategy in an opening-once-serving manner, and generates the strategy according to the customization of a user in an application process instead of loading the strategy in a module, thereby improving the security of the system.
Description
Technical field
The present invention relates to (SuSE) Linux OS field, particularly security server field, specifically refer to a kind of tactful adaption system based on SELinux secure subsystem and method.
Background technology
SELinux (Security-Enhanced Linux) is the realization of U.S.National Security Agency's (being called for short NSA) for forced symmetric centralization, is new secure subsystem the most outstanding on Linux.NSA develops a kind of Access Control System under the help of Linux community, and under the restriction of this Access Control System, process can only access those files required in its task.Usually, SELinux default installation, in Fedora operating system and Red Hat Enterprise (SuSE) Linux OS, can also be arranged in other relevant systems, as CentOS, NeoKylinOS etc.
Linux adds a general safe access control framework, it carrys out the execution of control program by Hook function, this framework is LSM (Linux Secuirty Module), can use the control that various controling mechanism (as Flask mechanism) realizes program in LSM framework.
SELinux system applies type and strengthens (Type Enforcement, be called for short TE) and access control based roles (Role-Based Access Control, be called for short RBAC), it compares general linux system, and security is higher, and SELinux system is by the method for fine-granularity access control, user and process authority are minimized, even if under attack, process or user right are taken away, and also can not cause significant impact to whole system.SELinux has following characteristics: thoroughly change the control of access, only give least privilege, prevent authority from upgrading, give least privilege for user for process.
SELinux can prevent 0-day leak effectively, the security of better control system.The access control rule of SELinux leaves in Java.policy, and strategy file is divided into binary file and source code file because the fine-grained impact of SELinux cause strategy file source code be difficult to write and safeguard.Just be loaded into kernel spacing after compilation of source code, form the policy library in internal memory and buffer memory.Due to this feature, a lot of system engineer just revises SELinux mode of operation by hand, when SELinux mode of operation reduces to Permissive (just warning is violated SELinux rule but do not stoped) state or Disabled state just loses effect.
Therefore, need a kind of tactful adaptation method being directed to SELinux secure subsystem badly, with the strategy file better required for treatment S ELinux, improve the security of system.
Summary of the invention
One of technical matters to be solved by this invention needs to provide a kind of tactful adaption system based on SELinux secure subsystem and method.
In order to solve the problems of the technologies described above, the invention provides a kind of tactful adaption system based on SELinux secure subsystem, this system comprises: information acquisition module, and it is for gathering the information of the service run in SELinux secure subsystem and SELinux secure subsystem; Policy template memory module, it is for the policy library storing atomicity policy template with the storage mode of database and preset service; Policy generation module, it utilizes described atomicity policy template and described policy library, generates policy statement according to gathered information; Strategy test module, whether its grammer testing the policy statement that described policy generation module generates is legal; And strategy repairs module, it is when the test result of described tactful test module is legal, restarting systems, the described policy statement that loaded whether normal operation in different safe classes is tested by the safe class reduced or raise SELinux secure subsystem, when the test result of described tactful test module is illegal, then enter described policy generation module and re-use described atomicity policy template and described policy library generates policy statement according to gathered information, wherein
Described atomicity policy template comprises key word policy template and macro definition policy template.
The tactful adaption system based on SELinux secure subsystem according to a further aspect of the invention, repairs in module at described strategy, when running abnormal in one of them safe class at described different safety class of described policy statement,
Described information acquisition module collection is in the extended attribute resource information of the SELinux secure subsystem in described safe class;
Described strategy repairs module, it generates replenishment strategy statement based on extended attribute resource information, described replenishment strategy statement is added into generate new policy statement to make generated new policy statement normal operation in described safe class in described policy statement, and
The normal described new policy statement of storage running in described policy template memory module.
The tactful adaption system based on SELinux secure subsystem according to a further aspect of the invention, also comprises:
Daily record memory module, it stores the log information that the described new policy statement of normal operation produces, and described log information comprises the position that time of the generation of new policy statement and new policy statement store.
The tactful adaption system based on SELinux secure subsystem according to a further aspect of the invention,
Described information acquisition module, it gathers the information of the service of SELinux secure subsystem and SELinux secure subsystem based on fine granularity authority, wherein,
The information gathered comprises the conventional resource information of service document of SELinux secure subsystem, the service document simulation of SELinux secure subsystem starts resource requirement information, the extended attribute resource information of SELinux secure subsystem and user's supplemental resources information.
The tactful adaption system based on SELinux secure subsystem according to a further aspect of the invention,
Described information acquisition module, it gathers service document system convention resource information according to the resource of the service document that server software is installed in list.
The tactful adaption system based on SELinux secure subsystem according to a further aspect of the invention, at described policy generation module, it utilizes described atomicity policy template and described policy library, generates the policy statement meeting minimum right principle according to gathered information.
According to a further aspect in the invention, additionally provide a kind of tactful adaptation method based on SELinux secure subsystem, comprising:
Gather the information of the service run in SELinux secure subsystem and SELinux secure subsystem;
Utilize atomicity policy template and policy library, generate policy statement according to gathered information;
Whether the grammer testing the described policy statement generated is legal;
If test result is legal, then restarting systems, the described policy statement that loaded whether normal operation in different safe classes is tested by the safe class reduced or raise SELinux secure subsystem, otherwise, then re-use atomicity policy template and policy library, carry out generation strategy according to gathered information, wherein
Described atomicity policy template comprises key word policy template and macro definition policy template.
The tactful adaptation method based on SELinux secure subsystem according to a further aspect of the invention, when described policy statement is run abnormal in one of them safe class of described different safety class,
Gather the extended attribute resource information of the SELinux secure subsystem be in described safe class;
Replenishment strategy is generated based on described extended attribute resource information;
Described replenishment strategy is added into generate new policy statement to make generated new policy statement normal operation in described safe class in described strategy, and
The normal described new policy statement of storage running.
The tactful adaptation method based on SELinux secure subsystem according to a further aspect of the invention, the log information that the normal described new policy statement of storage running produces, described log information comprises the position that time of the generation of new policy statement and new policy statement store.
The tactful adaptation method based on SELinux secure subsystem according to a further aspect of the invention, carries out the information acquisition of fine granularity authority to the service of SELinux secure subsystem and SELinux secure subsystem, wherein,
The information gathered comprises the conventional resource information of service document of SELinux secure subsystem, the service document simulation of SELinux secure subsystem starts resource requirement information, the extended attribute resource information of SELinux secure subsystem and user's supplemental resources information.
Compared with prior art, one or more embodiment of the present invention can have the following advantages:
The inventive method manages by taking database mode the screening being convenient to flexible control strategy statement to policy statement, take to serve the generation that the method for namely opening completes strategy, for user in the customization of use procedure and generation strategy, instead of generation strategy is loaded in module in advance, this dirigibility can improve the security of system.
The present invention is in information acquisition, policy template customizes, policy store, the aspects such as strategy combination and strategy test are improved, and in information acquisition, take the mode that routine information combines with specific information collection, coordinate the customization of user, make collecting work more flexible, also the Deterministic service i.e. principle of strategy, which reduce the generation of leak and the load of system.
The partition of atomicity is taked in the customization of policy template, and by the reserved word needed for tactful masterplate, key word and macro call, store in a database respectively, utilizes the operation of database, is combined into legal policy statement, and is loaded in the module of SELinux.
The inventive method is the shortcoming being difficult to management and in order to better make up SElinux secure subsystem, user is helped better to manage SElinux secure subsystem, reinforce (SuSE) Linux OS, defend the impact that illegal invasion and effective control 0-day leak produce.
Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from instructions, or understand by implementing the present invention.Object of the present invention and other advantages realize by structure specifically noted in instructions, claims and accompanying drawing and obtain.
Accompanying drawing explanation
Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for instructions, together with embodiments of the present invention for explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the schematic flow sheet of the tactful adaptation method based on SELinux secure subsystem according to a first embodiment of the present invention;
Fig. 2 is the structural representation of the tactful adaption system based on SELinux secure subsystem according to a second embodiment of the present invention;
Fig. 3 is the functional schematic of information acquisition module according to a second embodiment of the present invention.
Embodiment
Describe embodiments of the present invention in detail below with reference to drawings and Examples, to the present invention, how application technology means solve technical matters whereby, and the implementation procedure reaching technique effect can fully understand and implement according to this.It should be noted that, only otherwise form conflict, each embodiment in the present invention and each feature in each embodiment can be combined with each other, and the technical scheme formed is all within protection scope of the present invention.
In addition, can perform in the computer system of such as one group of computer executable instructions in the step shown in the process flow diagram of accompanying drawing, and, although show logical order in flow charts, but in some cases, can be different from the step shown or described by order execution herein.
Fig. 1 is the schematic flow sheet of the tactful adaptation method based on SELinux secure subsystem according to a first embodiment of the present invention, describes each step of the method below with reference to Fig. 1 in detail.
For example, to describe the tactful adaptation method based on SELinux secure subsystem in detail based on the mysql-server server of SELinux secure subsystem.
Step 110, gathers the information to the service run in SELinux secure subsystem and SELinux secure subsystem.
Particularly, the service of SELinux secure subsystem and SELinux secure subsystem is carried out to the information acquisition of fine granularity authority, the information gathered comprises the conventional resource information of service document of SELinux secure subsystem, the service document simulation of SELinux secure subsystem starts resource requirement information, the extended attribute resource information of SELinux secure subsystem and user's supplemental resources information.
It should be noted that, in SELinux secure subsystem, policy language is used to guide the decision-making of SELinux security engine computationally secure, by generating policy language based on relevant resource information, such as: the object type of file, the territory of process, limits the associated resource information such as the regular expression of role and/or the access permission entered.Therefore, before carrying out policy development, need to gather these resource informations.When service normally runs, the collection of resources of fine granularity authority is carried out to the resource information needed for system.
Gather service document system convention resource information, more specifically, the resource requirement that the present embodiment installs according to the software of user this service document that list draws gathers service document system convention resource information:
Such as: be described in detail, shown in following form 1 for a conventional mysql service:
| rpm-ql?mysql-server-5.5.17-2.fc15.art.x86_64 |
| /etc/rc.d/init.d/mysqld |
| /etc/sysconfig/mysqld |
| /etc/tmpfiles.d/mysql.conf |
| /usr/bin/innochecksum |
| ... |
| /usr/lib64/mysql/plugin |
| /usr/lib64/mysql/plugin/adt_null.so |
| ... |
| /usr/lib64/mysql/plugin/semisync_slave.so |
| /usr/libexec/mysqld |
| /usr/share/doc/mysql-server-5.5.17 |
| ... |
| /usr/share/doc/mysql-server-5.5.17/my-small.cnf |
| /usr/share/man/man?1/innochecksum.1.gz |
| ... |
| /usr/share/mysql/mysql_system_tables.sql |
| /usr/share/mysql/mysql_test_data_timezone.sql |
| /var/lib/mysql |
| /var/log/mysqld.log |
| /var/run/mysqld |
Form 1
The listed files (above table be only the part of listed files) of shown in form 1 one needed for Mysql server software, what this list showed is the bibliographic structure that file is deposited, these bibliographic structures are one of resources needed for SELinux secure subsystem generation strategy file, if do not comprise certain catalogue or file in above-mentioned listed files, then corresponding service document system convention resource does not also exist, in service processes normally runs, then just cannot inquire this catalogue or the corresponding strategy that can perform of file, this service will be refused like this to the execution of this catalogue or file or access limit.
In addition, the rpm bag of system can use the %file structure of rpm or-ql parameter to check that path is to obtain corresponding service document system convention resource.The document directory structure that source code package can be correlated with by makefile file acquisition, can obtain service document system convention resource from the bibliographic structure obtained.
Gather service document simulation and start resource requirement information, particularly, the normal operation of a service, except the resource involved by above table (1), also to consider the resource of its recessiveness, namely service document simulation starts resource requirement information, and this resource information is divided into clear and definite information and self-defined information.Specify information such as: the file of the port 3306. that mysql commonly uses and the acquiescence that socket deposits, non-clear and definite self-defined information comprises User Defined port and other operations.
Such as, when Mysql service starts:
#service?mysqld?start
Starting?mysqld(via?systemctl): [OK]
Along with this service operation required for socket
| -rw-r--r--. | 1 | root | root | 0 | Nov | 15 | 20:55 | /var/lock/subsys/mysqld |
And the port involved by service:
| ?tcp | 0 | 0 | 0.0.0.0:3306 | 0.0.0.0:* | LISTEN | 3536/mysqld |
Also need daily record in addition to that information, the relevant information such as pipeline or process.
Gather the extended attribute resource information of SELinux secure subsystem, this resource information is the demand of the ad hoc resources to service, and extended attribute resource information can be extracted from the log information system operation, information of being such as obstructed.
For example, the ad hoc resources demand of system in operational process, can extract from the log information of following form:
Form 2
According to the information of form 2, we can obtain the information of being obstructed of mysql server.
Carry out information acquisition to the service of SELinux secure subsystem and SELinux secure subsystem also to need to gather user's supplemental resources information, when user will increase or revise information, then system provides needs the corresponding information adding or revise to user, and the present embodiment collection is added or amended user's supplemental resources information.
Such as, initialization information gathers, it is the option of an acquiescence of user interactions, initialization information collection is that system is after startup SELinux secure subsystem, inform that user needs to provide the security strategy which also needing serve except System Security Policy, the policy library provided is given tacit consent in policy library list here.As: whether user needs to select to provide service provisioning policies such as Apache, DNS, DHCP, ftp, and the information of user-selected service is user's supplemental resources information.If user wants to use LAMP service, then need for user opens the service of Apache and PHP, user's supplemental resources information that corresponding collection is relevant to the service of Apache and PHP.
It should be noted that, above-mentioned involved resource information is not disposable collection, such as, carries out gathering when extended attribute resource information is strategy test in step 140.User is submitted in the resource information collected unification confirm, by interactive interface, user can carry out strategy and supplements and confirm according to the information submitted to.
Step 120, utilizes atomicity policy template and policy library, according to gathered information generation strategy statement.
Particularly, after Information Monitoring, according to collected information, filter out the policy informations such as corresponding policy statement and tactful macro call based on atomicity policy template, the policy information filtered out is carried out combining with generation strategy.
It should be noted that, atomicity policy template plate comprises key word strategy and macro definition policy template.
Step 130, whether the grammer testing the policy statement generated is legal.
Whether particularly, test the strategy generated, it is legal to test this policy statement.In test process, first judgement is the legitimacy of policy statement, and whether the grammer of such as statement is legal.If illegal, then abandon illegal strategy.
If the grammer of this policy statement is legal, then the daily record generating this strategy is used for recording state and the time of this strategy generating, and stores this strategy and carry out the operation of step 140 further.
Step 140, if test result is legal, then restarting systems, tests the policy statement that loaded whether normal operation in different safe classes by the safe class reduced or raise SELinux secure subsystem, otherwise, then return step 120.
Particularly, the strategy passed through by step 130 syntax testing carries out compiling and loads, after restarting systems, prompting user starts this service, and according to starting the log collection extended attribute resource information of service, testing the legal strategy of grammer by the grade reduced or promote Selinux safety and whether whether can normally can run under current system grade.
When running abnormal in one of them safe class at different safety class of policy statement, gather the extended attribute resource information of the SELinux secure subsystem be in safe class, replenishment strategy statement is generated based on extended attribute resource information, replenishment strategy statement is added in policy statement to generate new policy statement to make generated new policy statement energy normal operation in this safe class, and the log information that the new policy statement of the new normally policy statement of storage running and normal operation produces, this log information comprises the position that time of the generation of new policy statement and new policy statement store.
It should be noted that, in step 130, detect owing to only doing grammer to the policy statement generated, the policy statement that grammer is qualified can not ensure that the service corresponding to this policy statement can normally run, restarting systems is then the strategy (loading of strategy comes into force and needs user to restart system) in order to allow user select whether to load this service, after user selects to load this service, the policy statement due to step 130 generation can not ensure the normal operation of corresponding service.
The normal operation of service sometimes need to the relevant policy statement of implicit extended attribute resource information as a supplement, by gathering from the extended attribute resource information in audit log and conventional log information, this audit log mainly records the warning message that current SELinux secure subsystem provides, according to this information generate corresponding replenishment strategy add to step 130 generate strategy in go.Add the pattern operational example of strategy as grep " related service "/var/log/audit/audit.log|audit2allow-M mymod|semodule-I mymod.pp? rm mymod.pp:exit, after reloading strategy, and do repeated test, pass through with Deterministic service.If test is passed through, inform user's current state, and advise that user revises level of security, if user agrees to amendment, the safe condition of SELinux is revised as enforcing state.
The inventive method completes the generation of strategy by taking to serve the method for namely opening, for user in the customization of use procedure generation strategy, instead of generation strategy is loaded in module in advance, and this dirigibility can improve the security of system.
second embodiment
Fig. 2 is the structural representation of the tactful adaption system based on SELinux secure subsystem according to a second embodiment of the present invention, the following detailed description of each comprising modules of this embodiment.
The present embodiment comprises information acquisition module 21, policy template memory module 22, policy generation module 23, tactful test module 24, strategy reparation module 25 and daily record memory module 26, information acquisition module 21 is connected with policy template memory module 22, policy template memory module 22 is connected with policy generation module 23, policy generation module 23 is connected with tactful test module 24, strategy test module 24 and strategy are repaired module 25 and are connected, and strategy is repaired module 25 and is connected with daily record memory module 26.Next, the function of each module is described in detail.
Information acquisition module 21, it acts on the information gathering the service run in SELinux secure subsystem and SELinux secure subsystem.Fig. 3 is the functional schematic of information acquisition module according to a second embodiment of the present invention, please refer to Fig. 3, the major function of information acquisition module 21 comprises: the conventional resource information of service document gathering SELinux secure subsystem, the service document simulation gathering SELinux secure subsystem start resource requirement information, the extended attribute resource information gathering SELinux secure subsystem and user's supplemental resources information.Wherein user's supplemental resources information comprises: start information on services, self-defined information and determine and Debugging message.
Information acquisition module 21, it gathers the information of the service of SELinux secure subsystem and SELinux secure subsystem based on fine granularity authority.
Particularly, information acquisition module 21 gathers service document system convention resource information according to the resource of the service document in server software installation list; Also will consider the resource of its recessiveness, namely service document simulation starts resource requirement information, and this resource information is divided into clear and definite information and self-defined information.Specify information such as: the file of the port 3306. that mysql commonly uses and the acquiescence that socket deposits, non-clear and definite self-defined information comprises User Defined port and other operations; Gather the extended attribute resource information of SELinux secure subsystem, this resource information is the demand of the ad hoc resources to service, and extended attribute resource information can be extracted from the log information system operation; When user will increase or revise information, then system provides needs the corresponding information adding or revise to user, and information acquisition module 21 collection is added or amended user's supplemental resources information.
Policy template memory module 22, it is for the policy library of service storing atomicity policy template with the storage mode of database and preset, and the service preset is general service.
It should be noted that, the policy template that policy template memory module stores comprises atomicity policy template, tactful key word masterplate and macro definition masterplate.Due to when cutting policy template, tactful subset needed for system or service is split in an atomic manner, can be undertaken splitting into tactful key word template and macro definition template by according to the key word of policy template and macro definition, such as, strategy key word template can be expressed as: _ t, bin_t, sbin_t, etc_t, exec_t, the atomicity policy statement such as Boolean_t, macro definition template can be expressed as: the macro definition that files_read_etc_files, dev_read_sysfs etc. are conventional.
It should be noted that, the strategy in the policy library of general service is also stored in policy template memory module with atomicity key word and macrodefined keyword form, make Policies Resource reconfigurability stronger.
In policy library, strategy is stored in the atomization mode of key word, such as, the atomization of tactful key word: as key words such as bool allow and clone eq if range role sid source type.Reserved word when strategy key word is generation strategy, macro definition is then that some authority tissues of strategy are summarized as conventional another name.The composition of policy statement comprises the key word of strategy and user-defined title and conventional macro definition, and user also can define by oneself defmacro.When storing, the strategy of the strategy of keyword form and macro definition form is stored in policy template memory module respectively.
Normally enable the normal operation with Additional Services in order to what ensure the service corresponding with strategy, the strategy of the policy library in policy template memory module is abundanter, such as:
When Mysql service operation, not only comprise the strategy of external service to the access of server, also comprise the strategy that the strategy of the problem of management of server self and daily record preservation, server admin are corresponding to various problems such as backup migrations.
Policy template in policy template memory module 22 in the present embodiment has versatility and the extendability of template, the macro definition of strategy is generally for the versatility of template, the atomization of macro definition template as above, the extendability of template is then carry out self-defined grand and other operations for the specific demand of service, as: mysql server needs to do principal and subordinate's synchronous operation, and system will generate corresponding strategy.
In addition, because policy template takes database mode to store, the stored in file format broken traditions, database is by the mode storing template of entry, by by atomicity policy template, tactful key word template and macro definition template etc. store in a database respectively.Shown in following form 3:
| Database |
| sedb_atotemplates |
| sedb_macros |
| sedb_policys |
| sedb_reserved |
Form 3
In addition, policy template memory module 22 also stores the strategy file of each policy statement composition of the normal operation after strategy reparation module is repaired.In policy template memory module, strategy file is three major part * .if*.fc*.te..Wherein, * .if-defines the interface/template that policy module outwards derives; * .fc detection defines the sc of associated documents; * .te defines type/role, attribute, and suitable imparting authority.
Policy generation module 23, it utilizes described atomicity policy template and described policy library, generates policy statement according to gathered information.
Particularly, the information gathered based on information acquisition module 21 filters out the strategy needed for current service and filter out corresponding template from atomicity policy template from the policy library policy template memory module 22, the strategy of screening is carried out the policy statement that combination producing meets minimum right principle.
It should be noted that, this module is according to minimum right principle generation strategy statement, wherein, minimum right principle ensure that security of system, the system least resource that the principle basis information acquisition module 21 of least privilege gathers, as system place catalogue and required file, and generate relevant strategy according to the extend information that audit information provides, in audit information, only have corresponding resource request just to have corresponding warning daily record produce.
Such as, according to gathered information from policy template memory module 22 according to macro definition call macro, shown in following form 4:
Form 4
When macro call, such as, administration authority to journal file in mysql service, needs the authority arranging and obtain attribute, the authority of read-write, additional authority, creates, delete, the authority locked.Therefore which grandly has such attribute to need Query Database, by inquiry, obtains such as following content shown in form 5.
Form 5
Obtained the macro call name of this file by query strategy template memory module 22, then the policy statement generated based on macro call can be as follows:
Allow?mysqld_safe_tmysqld_log_t:file?manage_file_perms
Policy statement according to produced above: Allow mysqld_saft_t mysqld_log_t:file manage_file_perms, belongs to this statement in the mysql_te table in sedb_policys database, is conducive to inquiring about this policy statement.
In addition, the log information produced during generation strategy statement is stored, be convenient to carry out tracking audit, wherein, the log recording information such as the time of strategy generating and the database location of policy store.
Strategy test module 24, whether the grammer of the policy statement that its Test Strategy generation module 23 generates is legal.
Whether particularly, test the strategy generated, it is legal to test this policy statement.In test process, first judge the legitimacy of the statement being strategy, that is whether the grammer of statement is legal.If illegal, then abandon illegal policy statement.
If the grammer of this strategy is legal, then generate state and time that daily record is used for recording this strategy generating, and by the policy store of generation in policy template memory module 22.
Strategy repairs module 25, it is when the test result of tactful test module 24 is legal, restarting systems, the policy statement that loaded whether normal operation in different safe classes is tested by the safe class reduced or raise SELinux secure subsystem, when the test result of tactful test module 24 is illegal, then Access strategy generation module 23 re-uses atomicity policy template and policy library generates policy statement according to gathered information.
Repair in module 25 at strategy, when running abnormal in one of them safe class at different safety class of policy statement, information acquisition module 21 collection is in the extended attribute resource information of the SELinux secure subsystem in this safe class, strategy repairs module 25, and it generates replenishment strategy statement based on extended attribute resource information, replenishment strategy statement is added in policy statement to generate new policy statement to make generated new policy statement normal operation in safe class, and the policy statement that storage running is new normally in policy template memory module 22.
The main function that strategy repairs module 25 is that the extend information (as audit log information) gathered according to information acquisition module 21 carries out generating and add strategy.Be with the difference of tactful test module 24, tactful test module 24 only carries out syntax testing to the policy statement generated, and all follow-up replenishment strategy perform by strategy reparation module.
Daily record memory module 26 can also be comprised in the present embodiment system.Daily record memory module 26, it stores the log information that the new policy statement of normal operation produces, and log information comprises the position that time of the generation of new policy statement and new policy statement store.
The present invention is in information acquisition, policy template customizes, policy store, the aspects such as strategy combination and strategy test are improved, and in information acquisition, take routine information to combine with specific information collection, coordinate the customization of user, make collecting work more flexible, also the Deterministic service i.e. principle of strategy, which reduce the generation of leak and the load of system.
Those skilled in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on network that multiple calculation element forms, alternatively, they can realize with the executable program code of calculation element, thus, they can be stored and be performed by calculation element in the storage device, or they are made into each integrated circuit modules respectively, or the multiple module in them or step are made into single integrated circuit module to realize.Like this, the present invention is not restricted to any specific hardware and software combination.
Although the embodiment disclosed by the present invention is as above, the embodiment that described content just adopts for the ease of understanding the present invention, and be not used to limit the present invention.Technician in any the technical field of the invention; under the prerequisite not departing from the spirit and scope disclosed by the present invention; any amendment and change can be done what implement in form and in details; but scope of patent protection of the present invention, the scope that still must define with appending claims is as the criterion.
Claims (8)
1., based on a tactful adaption system for SELinux secure subsystem, it is characterized in that, comprising:
Information acquisition module, it is for gathering the information of the service run in SELinux secure subsystem and SELinux secure subsystem, and the information gathered comprises the conventional resource information of service document of SELinux secure subsystem, the service document simulation of SELinux secure subsystem starts resource requirement information, the extended attribute resource information of SELinux secure subsystem and user's supplemental resources information;
Policy template memory module, it is for the policy library storing atomicity policy template with the storage mode of database and preset service;
Policy generation module, it utilizes described atomicity policy template and described policy library, goes out corresponding policy information according to gathered information sifting, the policy information filtered out is carried out combination to generate policy statement;
Strategy test module, whether its grammer testing the policy statement that described policy generation module generates is legal; And
Strategy repairs module, it is when the test result of described tactful test module is legal, restarting systems, the described policy statement that loaded whether normal operation in different safe classes is tested by the safe class reduced or raise SELinux secure subsystem, when the test result of described tactful test module is illegal, then enter described policy generation module to re-use described atomicity policy template and described policy library generates policy statement according to gathered information, wherein
Described atomicity policy template comprises key word policy template and macro definition policy template.
2. system according to claim 1, is characterized in that, repairs in module at described strategy, when running abnormal in one of them safe class at described different safety class of described policy statement,
Described information acquisition module collection is in the extended attribute resource information of the SELinux secure subsystem in described safe class;
Described strategy repairs module, it generates replenishment strategy statement based on extended attribute resource information, described replenishment strategy statement is added into generate new policy statement to make generated new policy statement normal operation in described safe class in described policy statement, and
The normal described new policy statement of storage running in described policy template memory module.
3. system according to claim 2, is characterized in that, also comprises:
Daily record memory module, it stores the log information that the described new policy statement of normal operation produces, and described log information comprises the position that time of the generation of new policy statement and new policy statement store.
4. system according to claim 1, is characterized in that,
Described information acquisition module, it gathers service document system convention resource information according to the resource of the service document that server software is installed in list.
5. system according to claim 1, is characterized in that,
At described policy generation module, it utilizes described atomicity policy template and described policy library, generates the policy statement meeting minimum right principle according to gathered information.
6., based on a tactful adaptation method for SELinux secure subsystem, it is characterized in that, comprising:
Gather the information of the service run in SELinux secure subsystem and SELinux secure subsystem, the information gathered comprise the conventional resource information of service document of SELinux secure subsystem, the service document simulation of SELinux secure subsystem starts resource requirement information, the extended attribute resource information of SELinux secure subsystem and user's supplemental resources information;
Utilize atomicity policy template and policy library, go out corresponding policy information according to gathered information sifting, the policy information filtered out is carried out combination to generate policy statement;
Whether the grammer testing the described policy statement generated is legal;
If test result is legal, then restarting systems, the described policy statement that loaded whether normal operation in different safe classes is tested by the safe class reduced or raise SELinux secure subsystem, otherwise, then re-use atomicity policy template and policy library, carry out generation strategy according to gathered information, wherein
Described atomicity policy template comprises key word policy template and macro definition policy template.
7. method according to claim 6, is characterized in that, when described policy statement is run abnormal in one of them safe class of described different safety class,
Gather the extended attribute resource information of the SELinux secure subsystem be in described safe class;
Replenishment strategy statement is generated based on described extended attribute resource information;
Described replenishment strategy statement is added into generate new policy statement to make generated new policy statement normal operation in described safe class in described policy statement, and
The normal described new policy statement of storage running.
8. method according to claim 7, is characterized in that,
The log information that the normal described new policy statement of storage running produces, described log information comprises the position that time of the generation of new policy statement and new policy statement store.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210005060.3A CN102592092B (en) | 2012-01-09 | 2012-01-09 | Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210005060.3A CN102592092B (en) | 2012-01-09 | 2012-01-09 | Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102592092A CN102592092A (en) | 2012-07-18 |
| CN102592092B true CN102592092B (en) | 2015-01-21 |
Family
ID=46480712
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210005060.3A Active CN102592092B (en) | 2012-01-09 | 2012-01-09 | Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102592092B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11775643B2 (en) | 2020-10-16 | 2023-10-03 | Industrial Technology Research Institute | Method and system for labeling object and generating security policy of operating system |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103176817B (en) * | 2012-12-21 | 2016-08-10 | 中国电力科学研究院 | A kind of Linux security policy configuration based on self study |
| CN103049708B (en) * | 2012-12-27 | 2015-08-19 | 华为技术有限公司 | A kind of audit collocation method of database and system |
| CN104536878B (en) * | 2014-11-28 | 2017-09-12 | 南京大学 | The method whether atomicity mistake is correctly repaired is violated in a kind of checking concurrent program |
| CN105335652B (en) * | 2015-11-24 | 2018-07-31 | 小米科技有限责任公司 | The adjustment method and device of mobile terminal application process |
| CN108292346A (en) * | 2015-11-25 | 2018-07-17 | 开利公司 | The extracts physical access control policy from static rights and Access Events |
| CN106878239A (en) * | 2015-12-14 | 2017-06-20 | 中国移动通信集团公司 | A kind of security strategy update method and device |
| CN105844152B (en) * | 2016-03-22 | 2018-10-26 | 山东超越数控电子有限公司 | A kind of linux kernel reinforcement means and hardware platform based on SELinux systems |
| CN106096418B (en) * | 2016-06-02 | 2019-01-04 | 北京元心科技有限公司 | SELinux-based startup security level selection method and device and terminal equipment |
| CN106156607B (en) * | 2016-07-11 | 2020-01-17 | 青岛海信智能商用系统股份有限公司 | SElinux secure access method and POS terminal |
| CN106453413B (en) * | 2016-11-29 | 2019-06-25 | 北京元心科技有限公司 | Method and device for applying SELinux security policy in multi-system |
| CN106534147B (en) * | 2016-11-29 | 2019-08-27 | 北京元心科技有限公司 | Method and device for selecting and applying SELinux security policy in multi-system |
| CN106845246B (en) * | 2016-12-22 | 2018-10-02 | 北京聆云信息技术有限公司 | A kind of security strategy adaptation frameworks and its method |
| CN112131582A (en) * | 2020-08-28 | 2020-12-25 | 达闼机器人有限公司 | SELinux rule generation method and device and electronic equipment |
| CN112463203B (en) * | 2020-10-29 | 2023-05-12 | 苏州浪潮智能科技有限公司 | Management configuration method, system, equipment and medium of SELinux |
| CN112783573A (en) * | 2021-01-25 | 2021-05-11 | 东风汽车集团股份有限公司 | SELinux strategy configuration system and method for multiple user-defined services |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1529531A (en) * | 2003-10-17 | 2004-09-15 | ����ͨѶ�ɷ�����˾ | Method for accessing safety gate-link for mobile user |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100882348B1 (en) * | 2006-12-07 | 2009-02-13 | 한국전자통신연구원 | Secure policy description method and apparatus for secure operating system |
| KR20090065183A (en) * | 2007-12-17 | 2009-06-22 | 한국전자통신연구원 | Apparatus and method automatically generating security policy of selinux based on selt |
-
2012
- 2012-01-09 CN CN201210005060.3A patent/CN102592092B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1529531A (en) * | 2003-10-17 | 2004-09-15 | ����ͨѶ�ɷ�����˾ | Method for accessing safety gate-link for mobile user |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11775643B2 (en) | 2020-10-16 | 2023-10-03 | Industrial Technology Research Institute | Method and system for labeling object and generating security policy of operating system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102592092A (en) | 2012-07-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102592092B (en) | Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem | |
| Acher et al. | Reverse engineering architectural feature models | |
| RU2589852C2 (en) | System and method for automatic regulation of rules for controlling applications | |
| Lindqvist | Mandatory access control | |
| US20150254456A1 (en) | Low-cost specification and enforcement of a privacy-by-consent- policy for online services | |
| CN102236764B (en) | Method and monitoring system for Android system to defend against desktop information attack | |
| Chen et al. | Analysis of SEAndroid policies: Combining MAC and DAC in Android | |
| Nelaturu et al. | Verified development and deployment of multiple interacting smart contracts with VeriSolid | |
| Muthukumaran et al. | Leveraging" choice" to automate authorization hook placement | |
| Armando et al. | Enabling BYOD through secure meta-market | |
| CN117099079A (en) | System configuration freezing and change management of services deployed via continuous delivery configured on a data center in a cloud platform | |
| Bauer et al. | Composing expressive runtime security policies | |
| Betarte et al. | Formal Analysis of Android's Permission-Based Security Model. | |
| Tsai et al. | Simulation verification and validation by dynamic policy enforcement | |
| Bertolissi et al. | Admin-CBAC: an administration model for category-based access control | |
| CN108089948A (en) | A kind of database backup method and device | |
| Martínez et al. | Automatic generation of security compliant (virtual) model views | |
| Abdelrazek et al. | Adaptive security for software systems | |
| CN116257841B (en) | Function processing method and device based on Kubernetes | |
| ROSSI | SELinux policies for fine-grained protection of Android apps | |
| Neri et al. | A model-driven approach for securing software architectures | |
| Lavrischeva et al. | Technology of assembly creation of an experimental version OS Linux kernels with quality assurance for applied and subject areas of knowledge | |
| Idani et al. | Towards a model driven formal approach for merging data, access control and business processes | |
| Jahanbanifar | A Model-based Framework for System Configuration Management | |
| Thorn | FReD: File Re-Delegation by Native Code Within Android System Services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |