安全操作系统的体系架构及其实现模型
|
摘要
信息技术和互联网技术的迅猛发展在给人们带来了生活方便的同时也引入了众多的安全问题,比如众所周知的计算机病毒、黑客攻击等。因此,对于计算机信息系统的安全性研究也日益得到人们的重视和关注,而操作系统又是所有计算机信息系统的基石和关键,所以研究和开发安全操作系统具有重要意义,特别是设计和开发具有自主知识产权、高安全性和高可靠性的安全操作系统对于我国的国家安全和国防安全具有重要的现实意义。
本文首先总结了20世纪60年代到现在安全操作系统领域的研究成果和最新发展趋势,给出了计算机系统安全的五个基本需求:保密性、完整性、可用性、可控性以及可审查性,并分析了计算机系统安全威胁的主要来源和方法。接着阐述了计算机信息系统的安全评价标准,包括美国的TCSEC、国际通用标准CC以及中国的国家标准GB17895-1999。然后深入研究了安全核及其相关概念,详细分析了操作系统的安全机制及实现技术。
安全策略模型是设计和实现安全操作系统的基础,本文深入研究了各种典型的安全策略模型,并分析了它们各自的优点和不足。支持多级安全策略和动态安全策略是安全操作系统现在研究的热点和今后的发展趋势,因此本文接着分析了GFAC、DGSA、DTOS、Flask等几种典型的支持多级安全策略和动态安全策略的体系结构。
Linux操作系统由于其开放源码、性能出声等特点,成为开发我国具有自主版权的安全操作系统的良好平台,本文深入剖析了Linux操作系统的各种安全机制和安全缺陷,详细分析了基于Linux内核开发安全操作系统的轻量级通用访问控制框架——LSM(Linux Security Module)。
本文最后提出并实现了一种基于Linux的安全操作系统模型——
NisecLinux。该系统实现了基于网络访问的强制访问控制机制;通过防火墙和入侵检测系统的联动大大增强了系统的安全防护能力;通过VPN技术使数据传输的安全性得到了保障;采用数字水印日志作为安全审计技术保证了日志的完整性;精简了内核和文件系统使系统的性能得以改善。
With the convenience contributed by rapid development of information technology and network, numerous secure problems have been introduced, such as well-known computer virus and the attacks of hacker etc. Therefore, the research of security in computer information system has arose the attention and recognition increasingly, because operating system is the footstone and key of all the computer information system, the research and implement of the secure operating system has important meanings, especially the design and implement of the secure operating system with our own property, high security and high reliability has important realism meanings for security of our country and defense.
This paper first summarizes the research results of the field in secure operating system from the sixties of the twentieth century, and points out the trends in the future, and presents five basic requirement of computer system security: confidentiality, integrality, usability, the ability of control and audit, and analyzes causations compromising operating system. Then describes criterias for information technology security evaluation including TCSEC of America, CC standard and GB17895-1999 of China, and explores the security kernel and its corresponding concept, analyzes the security mechanism and implement methods.
Security policy model is foundation of designing and implementing secure operating system, this paper explores representative security policy model, and
analyzes its strongpoint and disadvantage. Supporting multi-policies and dynamicial policies is the research trends of the secure operating system, so then this paper analyzes the popular architecture supporting it, such as GFAC, DGSA, DTOS and Flask etc.
Linux operating system has become well platform of implementing our own independent secure operating system because of its performance and open source. This paper explores security mechanism of Linux operating system and its limitation, and describes a lightweiht, general purpose, access control framework for Linux kernel——LSM(Linux Security Module).
A secure operating system model named NisecLinux has been presented and implemented at the end of the paper. NisecLinux has the mandatory access control mechanism based on network access; its ability of security has been greatly enhanced by an intrusion detection system related with a firewall; the security of data transfer has been ensured via the technology of virtual private network; the integrity of log has been ensured by adopting digital watermark log as the technology of security audit; the performance of the NisecLinux has been improved by condensing the kernel and file system.
本文首先总结了20世纪60年代到现在安全操作系统领域的研究成果和最新发展趋势,给出了计算机系统安全的五个基本需求:保密性、完整性、可用性、可控性以及可审查性,并分析了计算机系统安全威胁的主要来源和方法。接着阐述了计算机信息系统的安全评价标准,包括美国的TCSEC、国际通用标准CC以及中国的国家标准GB17895-1999。然后深入研究了安全核及其相关概念,详细分析了操作系统的安全机制及实现技术。
安全策略模型是设计和实现安全操作系统的基础,本文深入研究了各种典型的安全策略模型,并分析了它们各自的优点和不足。支持多级安全策略和动态安全策略是安全操作系统现在研究的热点和今后的发展趋势,因此本文接着分析了GFAC、DGSA、DTOS、Flask等几种典型的支持多级安全策略和动态安全策略的体系结构。
Linux操作系统由于其开放源码、性能出声等特点,成为开发我国具有自主版权的安全操作系统的良好平台,本文深入剖析了Linux操作系统的各种安全机制和安全缺陷,详细分析了基于Linux内核开发安全操作系统的轻量级通用访问控制框架——LSM(Linux Security Module)。
本文最后提出并实现了一种基于Linux的安全操作系统模型——
NisecLinux。该系统实现了基于网络访问的强制访问控制机制;通过防火墙和入侵检测系统的联动大大增强了系统的安全防护能力;通过VPN技术使数据传输的安全性得到了保障;采用数字水印日志作为安全审计技术保证了日志的完整性;精简了内核和文件系统使系统的性能得以改善。
With the convenience contributed by rapid development of information technology and network, numerous secure problems have been introduced, such as well-known computer virus and the attacks of hacker etc. Therefore, the research of security in computer information system has arose the attention and recognition increasingly, because operating system is the footstone and key of all the computer information system, the research and implement of the secure operating system has important meanings, especially the design and implement of the secure operating system with our own property, high security and high reliability has important realism meanings for security of our country and defense.
This paper first summarizes the research results of the field in secure operating system from the sixties of the twentieth century, and points out the trends in the future, and presents five basic requirement of computer system security: confidentiality, integrality, usability, the ability of control and audit, and analyzes causations compromising operating system. Then describes criterias for information technology security evaluation including TCSEC of America, CC standard and GB17895-1999 of China, and explores the security kernel and its corresponding concept, analyzes the security mechanism and implement methods.
Security policy model is foundation of designing and implementing secure operating system, this paper explores representative security policy model, and
analyzes its strongpoint and disadvantage. Supporting multi-policies and dynamicial policies is the research trends of the secure operating system, so then this paper analyzes the popular architecture supporting it, such as GFAC, DGSA, DTOS and Flask etc.
Linux operating system has become well platform of implementing our own independent secure operating system because of its performance and open source. This paper explores security mechanism of Linux operating system and its limitation, and describes a lightweiht, general purpose, access control framework for Linux kernel——LSM(Linux Security Module).
A secure operating system model named NisecLinux has been presented and implemented at the end of the paper. NisecLinux has the mandatory access control mechanism based on network access; its ability of security has been greatly enhanced by an intrusion detection system related with a firewall; the security of data transfer has been ensured via the technology of virtual private network; the integrity of log has been ensured by adopting digital watermark log as the technology of security audit; the performance of the NisecLinux has been improved by condensing the kernel and file system.
引文
刘克龙, 安全Linux操作系统及安全Web系统的形式化建模与实现, 中国科学院软件研究所博士学位论文, 2002.1.
Jean E. Smith and Fred W. Weingarten, Eds., Research Challenges for the Next Generation Internet. Computing Research Association, May 1997, Report from the Workshop on Research Directions for the Next Generation Internet.
石文昌, 安全操作系统研究的发展. 计算机科学. Vol.29 No.6, 2001.
David E. Bell and Leonard J. LaPadula, Secure Computer System: Unified Exposition and MULTICS Interpretation, MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA 01730 (Mar. 1976); also ESD-TR-75-306, rev. 1, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01731
CSC-STD-001-83, Department of Defense Standard. Department of Defense Trusted Computer System Evaluation Criteria. DoD Computer Security Center, Aug 1983.
DoD 5200.28-STD, Department of Defense Standard. Department of Defense Trusted Computer System Evaluation Criteria. National Computer Security Center, Ft. Meade, MD, USA, Dec 1985.
The International Organization for Standardization. Common Criteria for Information Technology Security Evaluation, ISO/IEC 15408, 1999.
卿斯汉, 刘文清, 刘海峰. 操作系统安全导论. 北京: 科学出版社. 2003.
中国国家质量技术监督局, 计算机信息系统安全保护等级划分准则, GB17895-1999, 1999.10
James P. Anderson. Computer Security Technology Planning Study Volume II.ESD-TR-73-51, Vol. II, Electronic System Division, Air Force Systems Command, Hanscom Field, Bedford, MA, USA, Oct 1972.
Grace H. Nibaldi. Specification of a Trusted Computing Base. M79-228, The MITRE Corporation, Bedford, MA, USA, 1979.
NCSC-TG-030. Version 1. NCSC A Guide to Understanding Covert Channel Analysis of Trusted Systems, Nov. 1993.
Ray Spencer, Stephen Smalley, Peter Loscocco, Mike Hibler, David Andersen, and Jay Lepreau. The Flask Security Architecture: System Support for Diverse Security Policies. In Proceedings of the Eighth USENIX Security Symposium, pages 123–139, August 1999.
郑晓妹, 安全操作系统访问控制机制研究, 南京航空航天大学硕士学位论文, 2002.1.
Robert N.M. Watson. TrustedBSD: Adding Trusted Operating System Features to FreeBSD. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX’01), June 2001.
Amon Ott. The Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension.In Proceedings of the 8th International Linux Kongress, November 2001.
Peter Loscocco and Stephen Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX ’01), June 2001.
Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, and John F. Farrell. The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. In Proceedings of the 21st National Information Systems Security Conference, pages 303–314, October 1998.
Chris Wright, Crispin Cowan, Stephen Smalley, James Morris, Greg Kroah-Hartman, Linux Security Modules: General Security Support for the Linux Kernel. USENIX Security 2002.
Andreas Grunbacher. Extended Attributes and Access Control Lists for Linux. World-wide web page available at http://acl.bestbits.at/, December 2001.
孙锐, 操作系统安全原理分析, 中国科学技术大学硕士学位论文, 2001.6.
Serge Hallyn and Phil Kearns. Domain and Type Enforcement for Linux. In Proceedings of the 4th Annual Linux Showcase and Conference, October 2000.
NCSC-TG-001, NCSC A Guide to Understanding Audit in Trusted Systems, July. 1987.
梁洪亮, 支持多安全政策的安全操作系统的研究与实施, 中国科学院软件研究所博士学位论文, 2002.6.1.
Sandhu R S, Coyne E J, Feinstein H L. Role-Based Access Control Models. IEEE Computer, 29(2), 1996.
贾春福, 徐伟, 郑辉, Linux系统内核级安全审计方法研究, 计算机工程与应用, 2002.6.
刘海峰, 卿斯汉, 刘文清, 安全操作系统审计的设计与实现, 计算机研究与发展,
Vol.38,No.10, 2001.10.
Roger (Buzz) King, Security Maintenance Mediation: a technology for preventing unintendedsecurity breaches, Concurrency and Computation, Vol.16, No.1, 2004.
FAYE COKER, NSA Security Enhanced Linux, Linux Journal, Vol.Aug, Issue 112, 2003.
E. Eugene Schultz, Windows 2000 Security: A Postmortem Analysis, Network Security, Vol.Jan, 2004.
K.J. Biba. Integrity constraints for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, Massachussetts, April 1977.
D. D. Clark, D. R. Wilson: A Comparison of Commercial and Military Computer Security Policies. IEEE Symposium on Security and Privacy 1987: 184-195.
David F.C. Brewer and Michael J. Nash, The Chinese Wall Security Policy. Proc. of the IEEE Symposium on Research in Security and Privacy, May 1989, Oakland, pp. 206-214.
D.D. Clark, D.R. Wilson, Non Discretionary Controls Commercial Applications. Proc. of the IEEE Symposium on Security and Privacy, pages 184-194, April 1997.
Abrams, M. D., Eggers, K. W., La Padula, L. J., Olson, I. M., A Generalized Framework for Access Control: An Informal Description, Proceedings of the 13th National Computer Security Conference, Oktober 1990.
Secure Computing Corporation. DTOS Generalized Security Policy Specification. DTOS CDRL A019, Secure Computing Corporation, Roseville, Minnesota, Jun 1997.
单智勇, 孙玉芳, 通用访问控制框架扩展研究, 计算机研究与发展, Vol.40, No.2, 2003.
单智勇, 环境适应的通用多安全政策支持框架研究, 计算机研究与发展, Vol.40, No.2, 2003.
石文昌, 孙玉芳, 多级安全性政策的历史敏感性, 软件学报, Vol.14, No.1, 2003.
梁洪亮, 孙玉芳, 一个安全标记公共框架的设计与实现, 软件学报, Vol.14, No.3, 2003.
沈熙, 谢俊元, Linux通用访问控制框架的设计, 计算机工程与应用, Vol.39, No.11, 2003.
石文昌, 孙玉芳, 安全操作系统非传统开发模式研究, 计算机科学, Vol.30, No.2, 2003.
王元珍, 汪皓, 基于信息流的存储隐通道标识方法研究, 小型微型计算机系统, Vol.22, No.4, 2001.4.
朱虹, 冯玉才, 隐通道识别技术研究, 计算机科学, Vol.27, No.5, 2000.
刘建伟, 安全审计追踪技术综述, 信息安全与通信保密. 2001(7). 37-39.
阮越, Linux安全访问控制, 北京科技大学硕士学位论文, 2003.3.
石文昌, 安全操作系统开发方法的研究与实施, 中国科学院软件研究所博士学位论文, 2001.12.
唐烨, 安全操作系统实时审计分析的设计与实现, 中国科学院硕士学位论文, 2002.6.
董光宇, 高安全等级操作系统及网络服务的标识鉴别机制, 中国科学院硕士学位论文, 2002.6.
王加森, 基于LINUX的安全操作系统, 西南交通大学硕士学位论文, 2002.3.
郑鹏, 一种基于Linux的安全操作系统的设计与实现, 武汉大学硕士学位论文, 2002.5.
Merike Kaeo著,潇湘工作室译,《网络安全性设计》,人民邮电出版社,2000.10.
W.Richard Stevens著,施振川等译,《UNIX网络编程(第1卷)》,清华大学出版社,2000.9.
毛德操,胡希明,《Linux内核源代码情景分析(上册)》,浙江大学出版社,2001.9
毛德操,胡希明,《Linux内核源代码情景分析(下册)》,浙江大学出版社,2001.9
李善平,陈文智,《边干边学——LINUX内核指导》,浙江大学出版社,2002.8
陈莉君,《深入分析Linux内核源代码》,人民邮电出版社,2002.8
Alessandro Rubini & Jonathan Corbet著,魏永明等译,《LINUX设备驱动程序》,中国电力出版社,2002.11
Daniel P. Bovet, Marco Cesati; Understanding the Linux Kernel (2nd Edition), O'Reilly, Dec 2002
Steve Shah著,杨涛等译,《LINUX管理员指南》,机械工业出版社,2001.1.
William Stallings著,潇湘工作室译,《网络安全要素——应用与标准》,人民邮电出版社,2000.11.
徐延明等,《LINUX编程指南与实例》,人民邮电出版社,2000.8.
K.Wall等著,猋勇等译,《GNU/LINUX编程指南》,清华大学出版社,2000.6.
D.A.Rusling等著,朱珂等译,《LINUX编程白皮书》,机械工业出版社,2000.4.
Matt Welsh著,洪峰译,《LINUX权威指南》, 中国电力出版社,2000.3.
Bruce Schneier著,吴世忠等译,《应用密码学—协议、算法与C源程序》,机械工业出版社,2000.1.
卢开澄,《计算机密码学》,清华大学出版社,1998.
W. Richard Stevens著,尤晋元等译,《UNIX环境高级编程》,机械工业出版社,2000.2.
Brian W. Kernighan & Rob Pike著, 陈向群等译,《UNIX编程环境》,机械工业出版社,1999.10.
David J. Kruglinski著,潘爱民、王国印译,《Visual C++技术内幕》,清华大学出版社,1999.1.
Dave Roberts著,希望图书创作室译,《Internet协议手册》,海洋出版社,1998.12.
樊成丰等,《网络信息安全&PGP加密》,清华大学出版社,1998.8.
http://www-900.ibm.com/developerWorks/cn/, IBM中国开发网站
http://lsm.immunix.org/, WireX Communications. Linux Security Module
http://www.rsbac.org, RSBAC Homepage,
http://www.kernel.org, Linux内核主页
http://kernelnewbies.org, 内核学习网站
http://www.kerneltrap.org, 内核开发相关信息和论坛
http://www.kerneltrap.org , Kernel Hacking HOWTO文档
http://www.nongnu.org/lkdp/, 内核文档
http://www.linuxdevices.com, 嵌入式Linux信息资源
Jean E. Smith and Fred W. Weingarten, Eds., Research Challenges for the Next Generation Internet. Computing Research Association, May 1997, Report from the Workshop on Research Directions for the Next Generation Internet.
石文昌, 安全操作系统研究的发展. 计算机科学. Vol.29 No.6, 2001.
David E. Bell and Leonard J. LaPadula, Secure Computer System: Unified Exposition and MULTICS Interpretation, MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA 01730 (Mar. 1976); also ESD-TR-75-306, rev. 1, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01731
CSC-STD-001-83, Department of Defense Standard. Department of Defense Trusted Computer System Evaluation Criteria. DoD Computer Security Center, Aug 1983.
DoD 5200.28-STD, Department of Defense Standard. Department of Defense Trusted Computer System Evaluation Criteria. National Computer Security Center, Ft. Meade, MD, USA, Dec 1985.
The International Organization for Standardization. Common Criteria for Information Technology Security Evaluation, ISO/IEC 15408, 1999.
卿斯汉, 刘文清, 刘海峰. 操作系统安全导论. 北京: 科学出版社. 2003.
中国国家质量技术监督局, 计算机信息系统安全保护等级划分准则, GB17895-1999, 1999.10
James P. Anderson. Computer Security Technology Planning Study Volume II.ESD-TR-73-51, Vol. II, Electronic System Division, Air Force Systems Command, Hanscom Field, Bedford, MA, USA, Oct 1972.
Grace H. Nibaldi. Specification of a Trusted Computing Base. M79-228, The MITRE Corporation, Bedford, MA, USA, 1979.
NCSC-TG-030. Version 1. NCSC A Guide to Understanding Covert Channel Analysis of Trusted Systems, Nov. 1993.
Ray Spencer, Stephen Smalley, Peter Loscocco, Mike Hibler, David Andersen, and Jay Lepreau. The Flask Security Architecture: System Support for Diverse Security Policies. In Proceedings of the Eighth USENIX Security Symposium, pages 123–139, August 1999.
郑晓妹, 安全操作系统访问控制机制研究, 南京航空航天大学硕士学位论文, 2002.1.
Robert N.M. Watson. TrustedBSD: Adding Trusted Operating System Features to FreeBSD. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX’01), June 2001.
Amon Ott. The Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension.In Proceedings of the 8th International Linux Kongress, November 2001.
Peter Loscocco and Stephen Smalley. Integrating Flexible Support for Security Policies into the Linux Operating System. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX ’01), June 2001.
Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, and John F. Farrell. The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. In Proceedings of the 21st National Information Systems Security Conference, pages 303–314, October 1998.
Chris Wright, Crispin Cowan, Stephen Smalley, James Morris, Greg Kroah-Hartman, Linux Security Modules: General Security Support for the Linux Kernel. USENIX Security 2002.
Andreas Grunbacher. Extended Attributes and Access Control Lists for Linux. World-wide web page available at http://acl.bestbits.at/, December 2001.
孙锐, 操作系统安全原理分析, 中国科学技术大学硕士学位论文, 2001.6.
Serge Hallyn and Phil Kearns. Domain and Type Enforcement for Linux. In Proceedings of the 4th Annual Linux Showcase and Conference, October 2000.
NCSC-TG-001, NCSC A Guide to Understanding Audit in Trusted Systems, July. 1987.
梁洪亮, 支持多安全政策的安全操作系统的研究与实施, 中国科学院软件研究所博士学位论文, 2002.6.1.
Sandhu R S, Coyne E J, Feinstein H L. Role-Based Access Control Models. IEEE Computer, 29(2), 1996.
贾春福, 徐伟, 郑辉, Linux系统内核级安全审计方法研究, 计算机工程与应用, 2002.6.
刘海峰, 卿斯汉, 刘文清, 安全操作系统审计的设计与实现, 计算机研究与发展,
Vol.38,No.10, 2001.10.
Roger (Buzz) King, Security Maintenance Mediation: a technology for preventing unintendedsecurity breaches, Concurrency and Computation, Vol.16, No.1, 2004.
FAYE COKER, NSA Security Enhanced Linux, Linux Journal, Vol.Aug, Issue 112, 2003.
E. Eugene Schultz, Windows 2000 Security: A Postmortem Analysis, Network Security, Vol.Jan, 2004.
K.J. Biba. Integrity constraints for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, Massachussetts, April 1977.
D. D. Clark, D. R. Wilson: A Comparison of Commercial and Military Computer Security Policies. IEEE Symposium on Security and Privacy 1987: 184-195.
David F.C. Brewer and Michael J. Nash, The Chinese Wall Security Policy. Proc. of the IEEE Symposium on Research in Security and Privacy, May 1989, Oakland, pp. 206-214.
D.D. Clark, D.R. Wilson, Non Discretionary Controls Commercial Applications. Proc. of the IEEE Symposium on Security and Privacy, pages 184-194, April 1997.
Abrams, M. D., Eggers, K. W., La Padula, L. J., Olson, I. M., A Generalized Framework for Access Control: An Informal Description, Proceedings of the 13th National Computer Security Conference, Oktober 1990.
Secure Computing Corporation. DTOS Generalized Security Policy Specification. DTOS CDRL A019, Secure Computing Corporation, Roseville, Minnesota, Jun 1997.
单智勇, 孙玉芳, 通用访问控制框架扩展研究, 计算机研究与发展, Vol.40, No.2, 2003.
单智勇, 环境适应的通用多安全政策支持框架研究, 计算机研究与发展, Vol.40, No.2, 2003.
石文昌, 孙玉芳, 多级安全性政策的历史敏感性, 软件学报, Vol.14, No.1, 2003.
梁洪亮, 孙玉芳, 一个安全标记公共框架的设计与实现, 软件学报, Vol.14, No.3, 2003.
沈熙, 谢俊元, Linux通用访问控制框架的设计, 计算机工程与应用, Vol.39, No.11, 2003.
石文昌, 孙玉芳, 安全操作系统非传统开发模式研究, 计算机科学, Vol.30, No.2, 2003.
王元珍, 汪皓, 基于信息流的存储隐通道标识方法研究, 小型微型计算机系统, Vol.22, No.4, 2001.4.
朱虹, 冯玉才, 隐通道识别技术研究, 计算机科学, Vol.27, No.5, 2000.
刘建伟, 安全审计追踪技术综述, 信息安全与通信保密. 2001(7). 37-39.
阮越, Linux安全访问控制, 北京科技大学硕士学位论文, 2003.3.
石文昌, 安全操作系统开发方法的研究与实施, 中国科学院软件研究所博士学位论文, 2001.12.
唐烨, 安全操作系统实时审计分析的设计与实现, 中国科学院硕士学位论文, 2002.6.
董光宇, 高安全等级操作系统及网络服务的标识鉴别机制, 中国科学院硕士学位论文, 2002.6.
王加森, 基于LINUX的安全操作系统, 西南交通大学硕士学位论文, 2002.3.
郑鹏, 一种基于Linux的安全操作系统的设计与实现, 武汉大学硕士学位论文, 2002.5.
Merike Kaeo著,潇湘工作室译,《网络安全性设计》,人民邮电出版社,2000.10.
W.Richard Stevens著,施振川等译,《UNIX网络编程(第1卷)》,清华大学出版社,2000.9.
毛德操,胡希明,《Linux内核源代码情景分析(上册)》,浙江大学出版社,2001.9
毛德操,胡希明,《Linux内核源代码情景分析(下册)》,浙江大学出版社,2001.9
李善平,陈文智,《边干边学——LINUX内核指导》,浙江大学出版社,2002.8
陈莉君,《深入分析Linux内核源代码》,人民邮电出版社,2002.8
Alessandro Rubini & Jonathan Corbet著,魏永明等译,《LINUX设备驱动程序》,中国电力出版社,2002.11
Daniel P. Bovet, Marco Cesati; Understanding the Linux Kernel (2nd Edition), O'Reilly, Dec 2002
Steve Shah著,杨涛等译,《LINUX管理员指南》,机械工业出版社,2001.1.
William Stallings著,潇湘工作室译,《网络安全要素——应用与标准》,人民邮电出版社,2000.11.
徐延明等,《LINUX编程指南与实例》,人民邮电出版社,2000.8.
K.Wall等著,猋勇等译,《GNU/LINUX编程指南》,清华大学出版社,2000.6.
D.A.Rusling等著,朱珂等译,《LINUX编程白皮书》,机械工业出版社,2000.4.
Matt Welsh著,洪峰译,《LINUX权威指南》, 中国电力出版社,2000.3.
Bruce Schneier著,吴世忠等译,《应用密码学—协议、算法与C源程序》,机械工业出版社,2000.1.
卢开澄,《计算机密码学》,清华大学出版社,1998.
W. Richard Stevens著,尤晋元等译,《UNIX环境高级编程》,机械工业出版社,2000.2.
Brian W. Kernighan & Rob Pike著, 陈向群等译,《UNIX编程环境》,机械工业出版社,1999.10.
David J. Kruglinski著,潘爱民、王国印译,《Visual C++技术内幕》,清华大学出版社,1999.1.
Dave Roberts著,希望图书创作室译,《Internet协议手册》,海洋出版社,1998.12.
樊成丰等,《网络信息安全&PGP加密》,清华大学出版社,1998.8.
http://www-900.ibm.com/developerWorks/cn/, IBM中国开发网站
http://lsm.immunix.org/, WireX Communications. Linux Security Module
http://www.rsbac.org, RSBAC Homepage,
http://www.kernel.org, Linux内核主页
http://kernelnewbies.org, 内核学习网站
http://www.kerneltrap.org, 内核开发相关信息和论坛
http://www.kerneltrap.org , Kernel Hacking HOWTO文档
http://www.nongnu.org/lkdp/, 内核文档
http://www.linuxdevices.com, 嵌入式Linux信息资源
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |