本文为CoryXie原创译文,转载及有任何问题请联系cory.xie#gmail.com. 本文分析FreeBSD 10.0[ http://xrefs.info/freebsd-10.0/ ]的MAC Framework的整体流程. 在[/usr/src/sys/security/mac/mac_framework.c]中有如下一段注释,描述了MAC Framework实现的三大功能: 也就是说,1)可以按照不同的安全保护策略,实现不同的策略模块,并通过在<security/mac/mac_p…

A Mandatory Access Control (MAC) aware firewall includes an extended rule set for MAC attributes, such as a security label or path. Application labels may be used to identify processes and perform firewall rule-checking. The firewall rule set may inc…

A method is provided for implementing a mandatory access control model in operating systems which natively use a discretionary access control scheme. A method for implementing mandatory access control in a system comprising a plurality of computers,…

catalog . 引言 . 访问控制策略 . 访问控制方法.实现技术 . SELINUX 0. 引言 访问控制是网络安全防范和客户端安全防御的主要策略,它的主要任务是保证资源不被非法使用.保证网络/客户端安全最重要的核心策略之一.访问控制包括 . 入网访问控制 . 网络权限控制 . 目录级控制 . 属性控制等多种手段 访问控制相关领域知识是CISSP的重要章节,本文将重点讨论访问控制模型.及其相关的方法和技术 0x0: 访问控制概念组成 访问控制涉及到三个基本概念 . 主体 是一个主动的实体,…

A computing system is operable to contain a security module within an operating system. This security module may then act to monitor access requests by a web browser and apply mandatory access control security policies to such requests. It will be ap…

1. INTRODUCTION   The main goal of the National Computer Security Center is to encourage the widespread availability of trusted computer systems. In support of that goal a metric was created, the Department of Defense Trusted Computer System Evaluati…

A trusted computer system that offers Linux® compatibility and supports contemporary hardware speeds. It is designed to require no porting of common applications which run on Linux, to be easy to develop for, and to allow the use of a wide variety of…

1. 访问控制基本概念 访问控制是网络安全防范和客户端安全防御的重要基础策略,它的主要任务是保证资源不被非法使用.保证网络/客户端安全最重要的核心策略之一. 访问控制包括 入网访问控制 网络权限控制 目录级控制 属性控制等多种手段 访问控制相关领域知识是CISSP的重要章节,本文将重点讨论访问控制模型及其相关的方法和技术. 0x1: 访问控制概念组成元素 访问控制涉及到三个基本概念 主体:代表一个主动的实体,主体可以访问客体,它包括 用户 用户组 终端 主机 应用 客体:代表一个被动的实体,对客…

Systems and methods are provided to manage risk associated with access to information within a given organization. The overall risk tolerance for the organization is determined and allocated among a plurality of subjects within the organization. Allo…

Methods, systems, and products for governing access to objects on a filesystem. In one general embodiment, the method includes providing a framework in an operating system environment for support of a plurality of access control list (ACL) types, the…