分别从信息安全和系统安全角度对多级安全文件系统的实现进行了分析,提出了一种面向多级安全的文件系统实现机制,即基于多级安全的访问控制方法和分区数据的隔离保证措施.采用以分区为单位来隔离卷空间的外存管理方式,以高可靠文件系统的事务特征确保内外存数据的一致性,该机制不仅符合多级安全的分区隔离思想,实现了不同分区间数据的隔离,而且能够保证在意外情况下数据的一致性.为了验证提出的多级安全文件系统实现机制的可行性与正确性,在现有分区操作系统上对该文件系统进行了测试与验证.测试结果表明,多级安全文件系统实现机制不仅能够确保访问控制安全,还能确保多级安全的分区隔离特性,使得应用分区只能根据所配置的安全策略进行安全的文件操作.%This paper presents a multi-level security file system implementation mechanism.The realization of muti-level security file system is analyzed from the point of view of information security and system security,and the access control method based on multi-level security and the isolation guarantee of parttion data are put forward.The method of parttion management mode of the volume space,and the transaction characteristics of realiable file system are ensured to ensure the consistency of the internal and external data.The mechansism not only conforms to the multi-level security parttion isolation idea,but also achieves the data of different parttions isolation,and to ensure consistent data in case of accident.In order to verify the feasibility and correctness of the multi-level security file systemimplementation mechanism proposed in this paper,the file system is tested and verified on the existing partition operating system.The test results show that the multi-level security file system implementation mechanism proposed in this paper can not only ensure the security of access control,but also ensure the multi-level security partition isolation feature,so that the application partition can not only carry on the safe file operation according to the configured security policy.
展开▼
