多级安全机制是指能在计算机系统中处理多个不同敏感级别信息的方法,传统的多级安全机制一般需要可信操作系统支持,但这不仅在实现上难度大,而且还会导致应用兼容性问题和难以克服的安全隐通道问题。这里提出一种基于虚拟化技术的多级安全机制结构,它通过强安全隔离机制避免不同安全级别信息之间的交叉污染和隐通道问题,通过无缝支持商用操作系统和既有应用的设计机制降低多级安全系统的应用难度和实现成本。基于虚拟化技术的多级安全机制还通过采用显式安全标记和隐式安全标记相结合的方法,简化了系统的安全管理。%MLS (Multilevel security) mechanism is a method to process information with different sensitivities or different security level in computer system.Traditional MLS mechanism usually requires the support of trusted operating system, and however, this requirement would face great challenges in implementation, and lead to the problems of application compatibility and security covert channel. Thus the virtualization-based MLS architecture is presented in this paper, which could eliminate the possibility of cross-contamination between information of different security levels by strong isolation mechanism, and reduce the difficulties and cost in the application of MLS mechanism by seamlessly supporting COTS operating system and legacy applications. The virtualization-based MLS could also simplify the security management by integrating implicit security label and explicit label in same system.
展开▼
