CN107547520B - Method for constructing flash security module - Google Patents
Method for constructing flash security module Download PDFInfo
- Publication number
- CN107547520B CN107547520B CN201710642192.XA CN201710642192A CN107547520B CN 107547520 B CN107547520 B CN 107547520B CN 201710642192 A CN201710642192 A CN 201710642192A CN 107547520 B CN107547520 B CN 107547520B
- Authority
- CN
- China
- Prior art keywords
- security
- access
- representing
- module
- hook
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a flash security module, a construction method and a mobile Web system, wherein the flash security module comprises: the security server is used for providing security policy decision, keeping the mapping between the security identifier and the security context, distributing the security identifier for the newly-built object and controlling the content cached by the access vector to be correct and consistent; the object manager is respectively in communication connection with the security server, the access vector buffer and the hook in the mobile Web system, and is used for providing an interface for re-accessing, marking and multi-instance decision making from the security server, providing the access vector buffer to allow the object manager to cache an access decision result, and providing the object manager to receive and process a security policy change notification, wherein the multi-instance decision making specifies which member of the multi-instance resource set is accessed by a specific request; the access vector buffer is used for caching a preset security policy. The problem of insufficient security caused by the adoption of autonomous access control in the current mobile Web system can be solved.
Description
Technical Field
The invention relates to the technical field of information security of mobile equipment, in particular to a method for constructing a flash security module.
Background
At present, a capability (capability) system is introduced into a security architecture of an operating system, and a main aim of the capability system is to solve a problem of a super user. The components of the rights include: an identifier for identifying the object, a field defining the type of the object, and a field defining the access rights. The property can be regarded as the protection name of the object, and the methods for using the property by different systems can be greatly different, but the properties are as follows: (1) a capability is a name used by an object system-wide, valid throughout the system, and unique throughout the system. (2) A capability must contain a part to determine the access that the capability allows to the object named with it; (3) a capability can only be created by the underlying part of the system, and a principal owning a certain capability has the right to move, copy or pass it as a parameter. Control of the capability is typically achieved by two methods, the first being to always give the capability stored in a special location, such as a capability field and a capability register, and the second being to add an extra tag field after each memory word. Two basic properties of capabilities are that they can be passed from one accessing principal to another; and an access agent with certain capabilities cannot modify or forge any capabilities without the permission of the operating system TCB. However, the capability mechanisms, while popular, are not well suited to providing versatility in policies, as they allow holders of capabilities to control the direct inheritance of such capabilities, yet support the important requirements of security policies to control the ability to coordinate the inheritance of access rights to policies.
Currently, a reference monitor in the security architecture of an operating system is responsible for controlling access of programs to resources in the system, and it ensures that all references to resources by the programs are arbitrated by a grant mechanism. In a Web API (access interface of system hardware resources), access control is performed based on an access rule in an ACL by using the idea of a reference monitor. The advantage of this approach is the ability to partition the permissions of the system into finer granularity, i.e., each file is given an ACL as an extended attribute to describe the permission configuration for all principals, which allows any given permission to be assigned to any user and file. Although the Web API at the system resource call interface adopted by the current Web OS uses this idea to control the access of the system sensitive resource based on the access control list, which can play a certain security role to some extent, this method: 1) the efficiency is low, and as the system resource and the number of users increase, the ACL is too large to cause huge performance loss. 2) Still belong to DAC's access control, can not effectively resist trojan, unauthorized access scheduling problem.
In view of this, how to solve the problem of insufficient security caused by the generally adopted autonomous access control in the current mobile Web system becomes a technical problem to be solved at present.
Disclosure of Invention
In order to solve the above technical problems, embodiments of the present invention provide a flash security module, a construction method, and a mobile Web system, which can solve the problem of insufficient security caused by the common adoption of autonomous access control by the current mobile Web system.
In a first aspect, an embodiment of the present invention provides a flash security module of a mobile Web system, including: an object manager, a security server and an access vector buffer;
the security server is used for providing security policy decision, keeping the mapping between the security identifier and the security context, distributing the security identifier for the newly created object and controlling the content cached by the access vector to be correct and consistent;
the object manager is respectively in communication connection with the security server, the access vector buffer and the hook in the mobile Web system, and is used for providing an interface for re-accessing, marking and multi-instance decision making from the security server, providing the access vector buffer to allow the object manager to buffer the access decision result, and providing the object manager to receive and process a security policy change notice, wherein the multi-instance decision making specifies which member of a multi-instance resource set is accessed by a specific request;
and the access vector buffer is used for buffering a preset security policy.
In a second aspect, an embodiment of the present invention provides a method for constructing a flash security module of the mobile Web system, where the method includes:
adding a security domain to the kernel data structure;
inserting hooks into key points in the kernel code for calling to realize access control on key resources of the kernel and the system;
adding a general security system call, said system call allowing said flash security module to write a new system call for security-related applications, comprising: module descriptor, system call descriptor and parameter list;
providing functions for registering and deregistering the security module;
defining a security policy group for the Web OS;
all security-related functions are added to the flash security module.
Optionally, the security domain is a fixed length string, called a security identifier; alternatively, the security domain is a variable-length segment of data, referred to as a security context.
Optionally, the hook function in the hook call includes:
a system hook function to control system-sensitive behavior or system-level operation that is not controlled by other hook functions other than the system hook function;
a program load hook function for checking the ability of a process to execute an executable program and managing changes to security domains in the process;
a file system hook function comprising: object super blocks, inodes and files defined by a Linux virtual file system are used for packaging three types of file system hook functions of interface settings required by the development of a bottom layer file system;
the process hook function is used for controlling access to basic information of a process contained in the object task _ struct which is responsible for kernel process scheduling;
the network hook function is used for carrying out safety control on network connection and is arranged at key points of a socket layer, an application layer, data packet transmission, a network layer, network equipment and network connection;
and the inter-process communication hook function is used for designing corresponding hook functions for inter-process direct communication aiming at different Web OS platforms.
Optionally, the function of providing registration and deregistration of the security module includes:
for the selected security policy module, registering in the flash security module through register _ security (), specifically including: setting a global operation security _ ops to make the kernel inquire all hook functions related to the selected security policy module; once the security policy module is loaded, it becomes part of the system's security policy and is not covered by subsequent policy modules until it is unregistered by the unit _ security () function; after a security policy module logs off, the hook is replaced with a default value, and the default value indicates that nothing is done; when a plurality of security policy modules are simultaneously supported, a security policy module loaded later registers to a previous security policy module through a function mod _ reg _ security (), and deregisters through mod _ unreg _ security ().
Optionally, the defining a security policy group for the Web OS includes:
for a subject's access request to an object, performing access control according to a security level defined in a security domain, comprising: dividing the body into three classes S according to the type of applicationw,、SlAnd Sc(ii) a Set of trusted subjects ST=Sc,SlRepresenting native code of a Web application or their corresponding operations, SwRepresenting remote code or their operations; classifying objects into four classes O according to the types and storage characteristics of the objectsu、Op、OsAnd Ov,OuRepresenting the general user-space domain, OpRepresenting trusted user-space domain, OsRepresenting the system space domain, OvRepresents the virus protection domain and implements the following access control:
autonomous security: si∈S,Oj∈O,SiCan access O in x-wayjIf and only if x ∈ MijWherein S is a subject set, i is 1, …, n, n is the number of subjects in the subject set S, O is an object set, j is 1, …, M, M is the number of objects in the object set O, M is the number of objects in the object set S, M is the numberijTo access the matrix, MijStorage body SiTo object OjAccess mode of (2);
simple and safe: si∈S,Oj∈O,SiCan read OjAnd if and only if
Wherein, L (S)i) Is a main body SiSet of security marks of, L (O)j) Is object OjA set of security markers of (a);
free-write characteristics: si∈S,Oj∈O,SiCapable of writing OjAnd if and only if
Strict write characteristics: si∈S,Oj∈O,SiCapable of writing OjIf and only if L (S)i)=L(Oj)
Inter-domain isolation axiom: current access status (S) for all subjects and objectsi,OjAnd x) satisfies:
Oj∈Ouand Si∈SlThen x ∈ { a, w, r, e }, where x denotes the current access mode, { a, w, r, e } denotes the access mode set, a denotes the access mode set as write-only, w denotes the access mode set as read-write, r denotes the access mode set as read-only, and e denotes the access mode set as execute;
Oj∈Ouand Si∈SwThen x ═ e;
Oj∈Ou∪Osand Si∈STThen x ∈ { a, w, r, e }, STRepresenting a set of trusted subjects;
Oj∈Osand Si∈Sw∪SlThen x ═ e;
Oj∈Ovif S isi=UnN is a particular value, then x ∈ { a, w }, where UnRepresenting the nth privileged user, a representing that the access mode is write only, and w representing that the access mode is read and write;
Oj∈Osif S isi=UmM is a particular value, then x ∈ { a, w }, where UmRepresents the mth privileged user;
trusted subject minimum authority axiom: for privileged operation St=u1∪u2∪u3∪u4∪…∪unThey are mapped into different roles, u, by a role mapping function RA1,…,ui,…,unRepresenting privileges and assigning these roles to designated users in the system, using U1,U2,…,UmIndicates that RA (u) is obtainedi)=Ui(ii) a Thus, there are m privileged users in the operating system, which together complete the privileged operation of the system, each privileged user UiWith only the minimum privileges required to perform its work, and not to control the entire system, P (U), alonei)=min(∑ujJ is more than or equal to 1 and less than or equal to n), i is more than or equal to 1 and less than or equal to m
Optionally, the type of the application includes: locally packaging the stored and installed system application, the local code of the Web application, and the remote code of the Web application.
Optionally, the type and storage characteristics of the object include: a general user space domain, a trusted user space domain, a system space domain, and a virus protection domain.
In a third aspect, an embodiment of the present invention provides a mobile Web system, including: the flash security module described above.
According to the technical scheme, the flash security module, the construction method and the mobile Web system can solve the problem of insufficient security caused by the fact that the current mobile Web system generally adopts autonomous access control, the flash system is applied to the mobile Web operating system, the corresponding mandatory access control policy group is made, the mandatory access control based on the security identification or the security policy group can be achieved, flexible dynamic policies are supported, the policy implementation and the policy decision are separated, the object manager is responsible for the policy implementation, the security server is responsible for the policy decision, when the security policy of one system needs to be modified, other key components such as a reference monitor and the like do not need to be modified, only the policy stored in the security policy server needs to be updated, and the security of the mobile Web system is improved.
Drawings
Fig. 1 is a schematic structural diagram of a flash security module of a mobile Web system according to an embodiment of the present invention;
fig. 2 is a schematic view for referring to a process of reading a system file by a Web application in a mobile Web system including the flash security module according to the embodiment shown in fig. 1 according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a method for constructing a flash security module of the mobile Web system according to the embodiment shown in fig. 1 according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 shows a schematic structural diagram of a flash security module of a mobile Web system according to an embodiment of the present invention, and as shown in fig. 1, a flash security module 10 of a mobile Web system according to this embodiment includes: an object manager 01, a security server 02 and an access vector buffer 03;
the security server 02 is configured to provide a security policy decision, maintain mapping between a security identifier and a security context, allocate a security identifier to a newly created object, and control the content of the access vector cache 03 to be correct and consistent;
the object manager 01 is in communication connection with the security server 02, the access vector buffer 03 and hooks in the mobile Web system respectively, and is used for providing interfaces for re-accessing, marking and multi-instance decision making from the security server 02, providing the access vector buffer 03 to allow the object manager 01 to cache access decision results, and providing the object manager 01 to receive and process security policy change notifications, wherein the multi-instance decision making specifies which member of a multi-instance resource set is accessed by a specific request;
the access vector buffer 03 is configured to buffer a preset security policy.
In a specific application, in a mobile Web system including the flash security module of this embodiment, referring to fig. 2, a process of a Web application reading a system file includes:
① when the Web application READs (READ ()) system FILEs, it sends a READ request of FILE _ READ ② first needs to call the corresponding interface of the flash security module by the hook (security _ FILE _ permission ()) after checking by DAC (autonomous access control) policy 3632 to improve efficiency ④ checks if the required rights of FILE _ READ request exist according to the policy cached in the access vector buffer AVC (call AVC _ has _ permission ()).
It will be appreciated that the main advantage of flash is to separate policy enforcement from policy decision making, with the Object Manager (OM) responsible for policy enforcement and the Security Server (SS) responsible for policy decision making. When OM receives a request, it first queries the access vector buffer (AVC), and if there is no proper buffered result, it will submit the query to SS through the internal decision interface. And the SS makes a safety decision according to the strategy logic, returns the safety decision to the OM and updates the AVC at the same time. The main objective of flash is to provide flexibility and versatility of security policies, and compared with other architectures, the most important advantage is to support dynamic policies, that is, policy implementation and decision making in a system are separated, and when a security policy of a system needs to be modified, other key components such as a reference monitor do not need to be modified, but only the policy stored in a security policy server needs to be updated. In addition, the flash also supports an authority revocation mechanism and provides cache to improve the execution efficiency of the system.
The operating system in the internet form is required to be a terminal which can support a wide range of flexible security policies, but the implementation of flexible policies in the operating system is troublesome, in that the flexible security system must support fine access control on the underlying object so as to execute the high-level functions of security policy control; the system must ensure that the growth of access rights and security policies remain consistent; the policy is not fixed in the usual case. To account for changes in policies and to support dynamic policies, the system must have a mechanism to revoke previously granted access rights.
The flash security module of the mobile Web system of the embodiment can solve the problem of insufficient security caused by the fact that the current mobile Web system generally adopts autonomous access control, the flash system is applied to the mobile Web operating system, a corresponding mandatory access control policy group is made, the mandatory access control based on a security identifier or a security policy group can be realized, a flexible dynamic policy is supported, the policy implementation and the policy decision are separated, the object manager is responsible for the policy implementation, and the security server is responsible for the policy decision. In addition, the flash security module is independent, authority loading and logout mechanisms can be supported, and higher system execution efficiency is provided relative to the authority system.
Fig. 3 is a flowchart illustrating a method for constructing a flash security module of the mobile Web system according to an embodiment of the present invention, and as shown in fig. 3, the method for constructing a flash security module of the mobile Web system according to the embodiment includes steps 301-306:
301. security domains are added to the kernel data structure.
Wherein the security domain is a fixed-length string called a security identifier; alternatively, the security domain is a variable-length segment of data, referred to as a security context.
In a specific application, in order to make the security policy execute correctly, the code that needs to add the security domain structure includes: task _ struct of a process, inode (index node) of a pipe, a file, a socket, a file, linux _ bind structure of a program, a file being executed by a process, super _ block of a file system, and the like.
302. And inserting hook calls at key points in the kernel code to realize access control on key resources of the kernel and the system.
In a specific application, a series of hooks and hook calls provided by a Linux Security Module (LSM) may be utilized to determine whether these system critical resources can be accessed, and a hook function in the hook call may include:
a system hook function for controlling system-sensitive behavior or system-level operations that are not controlled by other hook functions other than the system hook function, such as setting a host name and a domain name of a system, system reboot, access of an I (input)/O (output) port, and the like;
a program load hook function for checking the ability of a process to execute an executable program and managing a change of security domain in the process (since Linux _ bind m in Linux describes an executable program loaded by execve (2), a hook function can be set here to check the ability of a process to execute an executable program and manage a change of security domain in the process);
a file system hook function comprising: three types of file system hook functions of interface setting required by the development of a bottom layer file system are packaged in an object super block (superblock), an inode (index node) and a file (file) defined by a Linux virtual file system;
a process hook function for controlling access to basic information (such as user and user group ID (identification), resource restriction, scheduling policy, and priority) of a process contained in an object task _ struct responsible for kernel process scheduling;
the network hook function is used for carrying out safety control on network connection and is arranged at key points of a socket layer, an application layer, data packet transmission, a network layer, network equipment and network connection;
the inter-process communication hook function is used for designing corresponding hook functions for inter-process direct communication aiming at different Web OS platforms, because the existing Web OS systems such as Firefox OS do not allow the inter-process direct communication.
303. Adding a general security system call sys _ security (), wherein the system call allows the flash security module to write a new system call for a security-related application, and the method comprises the following steps: module descriptor, system call descriptor, and parameter list (i.e., sys _ security (unidentified int id, unidentified int call, unidentified area))
In a specific application, the specific implementation of the flash security module to write a new system call for a security-related application may be designed according to a specific system.
304. Functions are provided for registering and deregistering the security module.
In a specific application, the step 304 may register, for the selected security policy module, in the flash security module through register _ security (), and specifically may include: setting a global operation security _ ops to make the kernel inquire all hook functions related to the selected security policy module; once the security policy module is loaded, it becomes part of the system's security policy and is not covered by subsequent policy modules until it is unregistered by the unit _ security () function; after a security policy module logs off, the hook is replaced with a default value, and the default value indicates that nothing is done; when a plurality of security policy modules are simultaneously supported, a security policy module loaded later registers to a previous security policy module through a function mod _ reg _ security (), and deregisters through mod _ unreg _ security ().
305. A set of security policies for the Web OS is defined.
In a specific application, the step 305 may include:
for a subject (typically a process) to access an object (e.g., a file, pipe, directory, etc.), according to the definition in the secure domainSecurity level for access control, comprising: dividing the body into three classes S according to the type of applicationw,、SlAnd Sc(ii) a Set of trusted subjects ST=Sc,SlRepresenting native code of a Web application or their corresponding operations, SwRepresenting remote code or their operations; classifying objects into four classes O according to the types and storage characteristics of the objectsu、Op、OsAnd Ov,OuRepresenting the general user-space domain, OpRepresenting trusted user-space domain, OsRepresenting the system space domain, OvRepresents the virus protection domain and implements the following access control:
autonomous security: si∈S,Oj∈O,SiCan access O in x-wayjIf and only if x ∈ MijWherein S is a subject set, i is 1, …, n, n is the number of subjects in the subject set S, O is an object set, j is 1, …, M, M is the number of objects in the object set O, M is the number of objects in the object set S, M is the numberijTo access the matrix, MijStorage body SiTo object OjAccess mode of (2);
simple and safe: si∈S,Oj∈O,SiCan read OjAnd if and only if
Wherein, L (S)i) Is a main body SiSet of security marks of, L (O)j) Is object OjA set of security markers of (a);
free-write characteristics: si∈S,Oj∈O,SiCapable of writing OjAnd if and only if
Strict of the nature of theWriting characteristics: si∈S,Oj∈O,SiCapable of writing OjAnd if and only if
Inter-domain isolation axiom: current access status (S) for all subjects and objectsi,OjAnd x) satisfies:
(1)Oj∈Ouand Si∈SlThen x ∈ { a, w, r, e }, where x denotes the current access mode, { a, w, r, e } denotes the access mode set, a denotes the access mode set as write-only, w denotes the access mode set as read-write, r denotes the access mode set as read-only, and e denotes the access mode set as execute;
(2)Oj∈Ouand Si∈SwThen x ═ e;
(3)Oj∈Ou∪Osand Si∈STThen x ∈ { a, w, r, e }, STRepresenting a set of trusted subjects;
(4)Oj∈Osand Si∈Sw∪SlThen x ═ e;
(5)Oj∈Ovif S isi=UnN is a particular value, then x ∈ { a, w }, where UnRepresenting the nth privileged user, a representing that the access mode is write only, and w representing that the access mode is read and write;
(6)Oj∈Osif S isi=UmM is a particular value, then x ∈ { a, w }, where UmRepresents the mth privileged user;
trusted subject minimum authority axiom: for privileged operation St=u1∪u2∪u3∪u4∪…∪unThey are mapped into different roles, u, by a role mapping function RA1,…,ui,…,unExpress privileges and assign these roles to the systemBy a specified user of (1), U1,U2,…,UmIndicates that RA (u) is obtainedi)=Ui(ii) a Thus, there are m privileged users in the operating system, which together complete the privileged operation of the system, each privileged user UiWith only the minimum privileges required to perform its work, and not to control the entire system, P (U), alonei)=min(∑ujJ is more than or equal to 1 and less than or equal to n), i is more than or equal to 1 and less than or equal to m
Wherein the type of the application comprises: locally packaging the stored and installed system application, the local code of the Web application, and the remote code of the Web application.
Wherein, the types and storage characteristics of the objects comprise: a general user space domain, a trusted user space domain, a system space domain, and a virus protection domain.
The convention of the symbol elements can be referred to the following table 1.
TABLE 1
306. All security-related functions are added to the flash security module.
By applying the flash system to the mobile Web operating system, a corresponding mandatory access control policy group is made, the mandatory access control based on a security identifier or a security policy group can be realized, a flexible dynamic policy is supported, the policy implementation is separated from the policy decision, an object manager is responsible for the policy implementation, and a security server is responsible for the policy decision. In addition, the flash security module is independent, authority loading and logout mechanisms can be supported, and higher system execution efficiency is provided relative to the authority system.
An embodiment of the present invention further provides a mobile Web system, including: the flash security module.
The mobile Web system of the embodiment can solve the problem of insufficient security caused by the fact that the current mobile Web system generally adopts autonomous access control, a flash system is applied to a mobile Web operating system, a corresponding mandatory access control policy group is made, the mandatory access control based on a security identifier or a security policy group can be realized, a flexible dynamic policy is supported, the policy implementation and the policy decision are separated, an object manager is responsible for the policy implementation, a security server is responsible for the policy decision, when the security policy of one system needs to be modified, other key components such as a reference monitor and the like do not need to be modified, only the policy stored in the security policy server needs to be updated, and the security of the mobile Web system is improved. In addition, the flash security module is independent, authority loading and logout mechanisms can be supported, and higher system execution efficiency is provided relative to the authority system.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means/systems for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element. The terms "upper", "lower", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience in describing the present invention and simplifying the description, but do not indicate or imply that the referred devices or elements must have a specific orientation, be constructed and operated in a specific orientation, and thus, should not be construed as limiting the present invention. Unless expressly stated or limited otherwise, the terms "mounted," "connected," and "connected" are intended to be inclusive and mean, for example, that they may be fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
In the description of the present invention, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description. Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present invention is not limited to any single aspect, nor is it limited to any single embodiment, nor is it limited to any combination and/or permutation of these aspects and/or embodiments. Moreover, each aspect and/or embodiment of the present invention may be utilized alone or in combination with one or more other aspects and/or embodiments thereof.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
Claims (5)
1. A method for constructing a flash security module of a mobile Web system is characterized by comprising the following steps:
adding a security domain to the kernel data structure;
inserting hooks into key points in the kernel code for calling to realize access control on key resources of the kernel and the system;
adding a general security system call, said system call allowing said flash security module to write a new system call for security-related applications, comprising: module descriptor, system call descriptor and parameter list;
providing a function for registering and deregistering a security module, comprising: for the selected security policy module, registering in the flash security module through register _ security (), specifically including: setting a global operation security _ ops to make the kernel inquire all hook functions related to the selected security policy module; once the security policy module is loaded, it becomes part of the system's security policy and is not covered by subsequent policy modules until it is unregistered by the unit _ security () function; after a security policy module logs off, the hook is replaced with a default value, and the default value indicates that nothing is done; when a plurality of security policy modules are supported simultaneously, the security policy module loaded later registers to the previous security policy module through a function mod _ reg _ security (), and the registration is cancelled through mod _ unreg _ security ();
defining a security policy group for the Web OS;
adding all safety-related functions into a flash safety module;
wherein the defining a security policy group for the Web OS comprises:
for a subject's access request to an object, performing access control according to a security level defined in a security domain, comprising: dividing the body into three classes S according to the type of applicationw,、SlAnd Sc;SlRepresenting native code of a Web application or their corresponding operations, SwRepresenting remote codes or their operations, ScRepresenting a set of trusted subjects; classifying objects into four classes O according to the types and storage characteristics of the objectsu、Op、OsAnd Ov,OuRepresenting the general user-space domain, OpRepresenting trusted user-space domain, OsRepresenting the system space domain, OvRepresents the virus protection domain and implements the following access control:
autonomous security: si∈S,Oj∈O,SiCan access O in x-wayjIf and only if x ∈ MijWherein S is a subject set, i is 1, …, n, n is the number of subjects in the subject set S, O is an object set, j is 1, …, M, M is the number of objects in the object set O, M is the number of objects in the object set S, M is the numberijTo access the matrix, MijStorage body SiTo object OjAccess mode of (2);
simple and safe: si∈S,Oj∈O,SiCan read OjAnd if and only if
Wherein, L (S)i) Is a main body SiSet of security marks of, L (O)j) Is object OjSafety signRecording a set;
free-write characteristics: si∈S,Oj∈O,SiCapable of writing OjAnd if and only if
Strict write characteristics: si∈S,Oj∈O,SiCapable of writing OjAnd if and only if
Inter-domain isolation axiom: current access status (S) for all subjects and objectsi,OjAnd x) satisfies:
Oj∈Ouand Si∈SlThen x ∈ { a, w, r, e }, where x denotes the current access mode, { a, w, r, e } denotes the access mode set, a denotes the access mode set as write-only, w denotes the access mode set as read-write, r denotes the access mode set as read-only, and e denotes the access mode set as execute;
Oj∈Ouand Si∈SwThen x ═ e;
Oj∈Ou∪Osand Si∈STThen x ∈ { a, w, r, e }, STRepresenting a set of trusted subjects;
Oj∈Osand Si∈Sw∪SlThen x ═ e;
Oj∈Ovif S isi=UnN is a particular value, then x ∈ { a, w }, where UnRepresenting the nth privileged user, a representing that the access mode is write only, and w representing that the access mode is read and write;
Oj∈Osif S isi=UmM is a particular value, then x ∈ { a, w }, where UmRepresents the mth privileged user;
trusted subject minimum authority axiom: for privileged operation St=u1∪u2∪u3∪u4∪…∪unThey are mapped into different roles, u, by a role mapping function RA1,…,ui,…,unRepresenting privileges and assigning these roles to designated users in the system, using U1,U2,…,UmIndicates that RA (u) is obtainedi)=Ui(ii) a Thus, there are m privileged users in the operating system, which together complete the privileged operation of the system, each privileged user UiWith only the minimum privileges required to perform its work, and not to control the entire system, P (U), alonei)=min(∑ujJ is more than or equal to 1 and less than or equal to n), i is more than or equal to 1 and less than or equal to m
2. The method according to claim 1, characterized in that said security domain is a string of fixed length, called security identifier; alternatively, the security domain is a variable-length segment of data, referred to as a security context.
3. The method of claim 1, wherein the hook function in the hook call comprises:
a system hook function to control system-sensitive behavior or system-level operation that is not controlled by other hook functions other than the system hook function;
a program load hook function for checking the ability of a process to execute an executable program and managing changes to security domains in the process;
a file system hook function comprising: object super blocks, inodes and files defined by a Linux virtual file system are used for packaging three types of file system hook functions of interface settings required by the development of a bottom layer file system;
the process hook function is used for controlling access to basic information of a process contained in the object task _ struct which is responsible for kernel process scheduling;
the network hook function is used for carrying out safety control on network connection and is arranged at key points of a socket layer, an application layer, data packet transmission, a network layer, network equipment and network connection;
and the inter-process communication hook function is used for designing corresponding hook functions for inter-process direct communication aiming at different Web OS platforms.
4. The method of claim 1, wherein the type of application comprises: locally packaging the stored and installed system application, the local code of the Web application, and the remote code of the Web application.
5. The method of claim 1, wherein the type and storage characteristics of the object include: a general user space domain, a trusted user space domain, a system space domain, and a virus protection domain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710642192.XA CN107547520B (en) | 2017-07-31 | 2017-07-31 | Method for constructing flash security module |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710642192.XA CN107547520B (en) | 2017-07-31 | 2017-07-31 | Method for constructing flash security module |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107547520A CN107547520A (en) | 2018-01-05 |
| CN107547520B true CN107547520B (en) | 2020-07-07 |
Family
ID=60970470
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710642192.XA Expired - Fee Related CN107547520B (en) | 2017-07-31 | 2017-07-31 | Method for constructing flash security module |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107547520B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108989300B (en) * | 2018-07-03 | 2021-03-09 | 苏州浪潮智能科技有限公司 | Storage environment IP authority control method and system |
| CN113726917B (en) * | 2020-05-26 | 2024-04-12 | 奇安信网神信息技术(北京)股份有限公司 | Domain name determination method and device and electronic equipment |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103281339A (en) * | 2013-06-21 | 2013-09-04 | 上海辰锐信息科技公司 | Safety controlling system of mobile terminal |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8434125B2 (en) * | 2008-03-05 | 2013-04-30 | The Boeing Company | Distributed security architecture |
| CN101727545A (en) * | 2008-10-10 | 2010-06-09 | 中国科学院研究生院 | Method for implementing mandatory access control mechanism of security operating system |
| CN101727555A (en) * | 2009-12-04 | 2010-06-09 | 苏州昂信科技有限公司 | Access control method for operation system and implementation platform thereof |
| CN101997912A (en) * | 2010-10-27 | 2011-03-30 | 苏州凌霄科技有限公司 | Mandatory access control device based on Android platform and control method thereof |
| CN102542182A (en) * | 2010-12-15 | 2012-07-04 | 苏州凌霄科技有限公司 | Device and method for controlling mandatory access based on Windows platform |
| US9069931B2 (en) * | 2012-06-08 | 2015-06-30 | Red Hat, Inc. | Extending SELinux policy with enforcement of file name translation |
-
2017
- 2017-07-31 CN CN201710642192.XA patent/CN107547520B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103281339A (en) * | 2013-06-21 | 2013-09-04 | 上海辰锐信息科技公司 | Safety controlling system of mobile terminal |
Non-Patent Citations (2)
| Title |
|---|
| 基于可信网络的访问控制模型的研究;程瑶;《中国优秀硕士学位论文全文数据库 信息科技辑》;20100715;第I139-94页 * |
| 移动环境下Flask框架的改进;程瑶 等;《计算机工程与设计》;20090228;第880-896页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107547520A (en) | 2018-01-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9916475B2 (en) | Programmable interface for extending security of application-based operating system | |
| Heuser et al. | {ASM}: a programmable interface for extending android security | |
| CN108363920B (en) | System call policy for containers | |
| US9122575B2 (en) | Processing system having memory partitioning | |
| US7490191B2 (en) | Sharing information between guests in a virtual machine environment | |
| Schreckling et al. | Kynoid: real-time enforcement of fine-grained, user-defined, and data-centric security policies for android | |
| US9219740B2 (en) | Access control system and method | |
| US8904400B2 (en) | Processing system having a partitioning component for resource partitioning | |
| US20060265561A1 (en) | System and method for out of user space block mode I/O directly between an application instance and an I/O adapter | |
| EP3367291B1 (en) | Label transition for mandatory access controls | |
| KR20090010872A (en) | Method and apparatus for managing access privileges in a cldc osgi environment | |
| US7657662B2 (en) | Processing user space operations directly between an application instance and an I/O adapter | |
| US10140462B2 (en) | Stackable file system with user space policy management | |
| US10831915B2 (en) | Method and system for isolating application data access | |
| US20180067848A1 (en) | Memory access control method and system | |
| US20150007318A1 (en) | Managing device driver cross ring accesses | |
| US8635664B2 (en) | Method and system for securing application program interfaces in unified extensible firmware interface | |
| CN107547520B (en) | Method for constructing flash security module | |
| WO2017016231A1 (en) | Policy management method, system and computer storage medium | |
| US7577761B2 (en) | Out of user space I/O directly between a host system and a physical adapter using file based linear block address translation | |
| CN117693737A (en) | Protection of processes for setting up subdirectories and network interfaces for container instances | |
| US10242174B2 (en) | Secure information flow | |
| KR101535792B1 (en) | Apparatus for configuring operating system and method thereof | |
| US20170249173A1 (en) | Guest protection from application code execution in kernel mode | |
| US10523590B2 (en) | Channel-based mandatory access controls |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200707 Termination date: 20210731 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |