Supported by the National Natural Science Foundation of China under Grant No.60573042 (国家自然科学基金); the National Basic Research Program of China under Grant No.G1999035802 (国家重点基础研究发展计划(973)); the Beijing Natural Science Foundation of China under Grant No.4052016 (北京市自然科学基金)
介绍了一种研究系统特权安全问题的方法.由于其特有的迁移系统安全状态的能力,使得分析及保护系统特权都很困难,因此,传统访问控制研究中所采用的技术无法复制到该领域.在访问控制空间理论下,检查了系统特权的来源问题及其特点,从而将系统规则划分为约束规则与执行规则两类,分别描述授权的限制与效果.进一步对规则逻辑形式进行推导,发现特权操作间的特殊授权关系以及相关属性,并设计了一种快速构造授权推导图的算法.在此基础上,分析隐式授权安全问题可能存在的滥用特权威胁.最后对POSIX(portable operating system interface)标准的权能机制进行形式化描述,计算并构造其授权推导图.对标准设计中存在的滥用威胁提供了对策,有效地实现了与最小特权原则的一致性.
A scheme on studying the safety issues for privilege in systems is introduced. Since the particular faculty of transiting security states makes analyzing and protecting privilege for a system difficult, techniques used in traditional access control should not copy to this field. For this reason the features are firstly inspected by discussing the origination of privilege using access control space theory. Then rules defined for a system could be divided into two categories: constraint rules and execution rules, describing the restrictions and effect of an authorization respectively. Furthermore, a special authorization relation between different privilege operations, as well as its properties, is investigated against rules' logical patterns by deduction. A quick algorithm for constructing authorization deduction graph is also provided. Basing on it, common safety issue of implicit authorization was reviewed with the possibility to be abused. Finally this paper formalizes the capability mechanism defined by POSIX (portable operating system interface) standard, constructing ADG (authorization deduction graph) for it. The design is revised with countermeasures against privilege abusing so as to preserve consistent with the principle of least privilege.