Abstract:
With the widespread use of Linux operating systems, security problems is gradually exposed and become a hot topic because of excessive root privileges. To solve this problem and enhance security of Linux operating system, firstly, we model the separation of privilege, which divides the privilege of Linux system into three roles, system administrator, security administrator, and auditor. Then, this paper designs and implements the separation of privilege mechanism based on the SELinux's mandatory access control technology, which can define fine-grained permissions and security policy for each role and control user's access strictly. Finally, we implement a prototype system based on the embedded platform, which verifies the correctness and feasibility of our approaches presented in this paper. These approaches presented in this paper can be used in Linux operating system to enhance system security.