| 摘要 |
<p>The present invention relates to a Linux operating system based on multi-level based security, wherein access restriction is differentially made according to the levels of users in the kernel level of the Linux operating system. Provided is a configuration comprising: an access control unit for controlling the access with respect to users by applying a BLP(Bell-La Padula) model; a reference monitoring unit provided with a subject security label defining a permission rating and a protection category for a subject, and an object security label defining a permission rating and a protection category for an object; a kernel mode encryption unit referring to the permission rating and the protection category recorded to the subject security label and the object security label to automatically decide whether to encrypt or not and execute the encryption according to the permission rating and the protection category recorded to a file; and a real-time monitoring unit for recording the access to the file in real time using a dynamic database. According to the Linux operating system based on multi-level based security as above, it is possible to overcome the limitations of security measures of an application program level provided on the opened Linux operating system, and to provide the fundamental and basic security infrastructure, thereby resolving increasing security problems.</p> |
