For solving the complexity and difficulty problems in configuration in access control mechanism, this paper introduced a MAC (mandatory access control) mechanism which combined label mechanism and multilevel security. CBAC described how a subject might accessed an object by the specific key. Based on this method, it gave a design for the new access control policy and mechanism, also the policy and realization for CBAC on LSM frame work. As a result,by setting keys, it limited the super-user's ability, put appropriate rights to the normal users and achieved file sharing.%针对现有访问控制策略和机制复杂的特点,结合标签机制和多级安全的策略,以强制访问控制为基础,提出了一种新的访问控制机制.该机制的思想是根据客体的访问密钥来最终决定主体对客体有何种访问权限.基于这种思想将访问控制策略和机制进行了设计,给出了一种在LSM(Linux安全模块)框架下基于密钥对文件进行访问的策略实现方法.该访问控制方法通过设置密钥给了用户一定的自主权,限制了高级用户的部分权限,实现了文件共享.
展开▼