Netinfo Security ›› 2015, Vol. 15 ›› Issue (12): 34-41.doi: 10.3969/j.issn.1671-1122.2015.12.006

Previous Articles     Next Articles

Research and Implementation on Process Access Control Based on SELinux Mandatory Access Control

ZHANG Tao1, ZHANG Yong2(), NING Ge3, CHEN Zhong1   

  1. 1. School of Electronics Engineering & Computer Sciences, Peking University, Beijing 100871,China
    2. Key Lab of Information Newwork Security of Ministry of Public Security, Shanghai 201204,China
    3.China Information Technology Security Evaluation Center, Beijing 100085,China
  • Received:2015-10-27 Online:2015-12-20 Published:2016-01-04

Abstract:

In face of the problem that the vulnerabilities of the common service or process in the Linux system are used to cause the system control to be easily lost, the paper proposes a process access control based on SELinux mandatory access control (PBACS), which can do fine-grained access control for files, processes and services, and can effectively mitigate security threats that caused by the vulnerabilities of system services, thus makes the server system more secure. The paper gives functional test and performance test on PBACS. Test result shows that PBACS meets design requirements, and can provide lower access control granularity in system process level. PBACS can be widely applied to reinforce Linux server system.

Key words: process access control, SELinux, mandatory access control, TE model, privilege escalation

CLC Number: