发明名称 |
SECURE POLICY DESCRIPTION METHOD AND APPARATUS FOR SECURE OPERATING SYSTEM |
摘要 |
<p>A method and a device for setting up a security policy for a secure OS(Operating System) are provided to remove complexity by reducing the number of types and rules remarkably based on comparison with a usual SELinux(Security Enhanced Linux) security policy setting mode, and enable a user having no specialize knowledge to set up or control the desired security policy easily. An SELinux security policy template(51) comprises a form for setting up a subject, an object, and a subject's right for the object. A converting module(52) converts the security policy template into a TE(Type Enforcement) security policy(53) applicable to SELinux. The security policy includes a subject element defining the subject accessing the object, an object element defining the object accessed by the defined subject, a right element defining an access authority between the defined object and subject, and a transition element defining domain transition. The converting module includes a parser(521) parsing the security policy template, and a generator(522) generating more than one of a subject domain, the domain transition, an object type, and a TE operation from the parsed data, and generating TE context by combining the same.</p> |
申请公布号 |
KR20080051972(A) |
申请公布日期 |
2008.06.11 |
申请号 |
KR20060123871 |
申请日期 |
2006.12.07 |
申请人 |
INDUSTRY FOUNDATION OF CHONNAM NATIONAL UNIVERSITY;ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE |
发明人 |
KIM, DONG WOOK;KIM, KANG HO;AN, BAIK SONG;JUNG, SUNG IN;KIM, MYUNG JOON;NOH, BONG NAM;KIM, JUNG SUN;KIM, MIN SOO;JUNG, JONG MIN |
分类号 |
G06F21/00;G06F9/00;G06F9/06;G06F9/44 |
主分类号 |
G06F21/00 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|