Security Enhanced LinuxµÄÀúÊ·

       Ò»¸öСÀúÊ·½«ÓÐÖúÓÚ°ïÖúÄúÀí½â Security-Enhanced Linux£¨SELinux£©——¶øÇÒËü±¾ÉíÒ²ÊǶÎÓÐȤµÄÀúÊ·¡£
ÃÀ¹ú¹ú¼Ò°²È«¾Ö
£¨National
Security
Agency£¬NSA£©³¤Ê±¼äÒÔÀ´¾Í¹Ø×¢´ó²¿·Ö²Ù×÷ϵͳÖÐÊÜÏ޵ݲȫÄÜÁ¦¡£±Ï¾¹£¬ËûÃǵŤ×÷Ö®Ò»¾ÍÊÇҪȷ±£ÃÀ¹ú¹ú·À²¿Ê¹ÓõļÆËã»úÔÚÃæÁÙûÍêûÁ˵Ĺ¥»÷ʱ
±£³Ö°²È«¡£NSA ·¢Ïִ󲿷ֲÙ×÷ϵͳµÄ°²È«»úÖÆ£¬°üÀ¨ Windows ºÍ´ó²¿·Ö UNIX ºÍ Linux ϵͳ£¬Ö»ÊµÏÖÁË“Ñ¡ÔñÐÔ·ÃÎÊ¿ØÖÆ
£¨discretionary access control£©”£¨DAC
£©»úÖÆ¡£DAC »úÖÆÖ»ÊǸù¾ÝÔËÐгÌÐòµÄÓû§µÄÉí·ÝºÍÎļþµÈ¶ÔÏóµÄËùÓÐÕßÀ´¾ö¶¨³ÌÐò¿ÉÒÔ×öʲô¡£NSA ÈÏΪÕâÊÇÒ»¸öÑÏÖصÄÎÊÌ⣬ÒòΪ DAC ±¾Éí¶Ô´àÈõµÄ»ò¶ñÒâµÄ³ÌÐòÀ´ËµÊÇÒ»¸ö²»ºÏ¸ñµÄ·À»¤Õß¡£È¡¶ø´úÖ®µÄ£¬NSA ³¤ÆÚÒÔÀ´Ò»Ö±Ï£Íû²Ù×÷ϵͳͬÑùÄÜÖ§³Ö“Ç¿ÖÆ·ÃÎÊ¿ØÖÆ
£¨mandatory access control£©”£¨MAC
£©»úÖÆ¡£
MAC
»úÖÆʹµÃϵͳ¹ÜÀíÔ±¿ÉÒÔ¶¨ÒåÕû¸öϵͳµÄ°²È«²ßÂÔ£¬Õâ¸ö²ßÂÔ¿ÉÒÔ»ùÓÚÆäËûÒòËØ£¬ÏñÊÇÓû§µÄ½ÇÉ«¡¢³ÌÐòµÄ¿ÉÐÅÐÔ¼°Ô¤ÆÚʹÓᢳÌÐò½«ÒªÊ¹ÓõÄÊý¾ÝµÄÀàÐ͵ȵȣ¬À´
ÏÞÖƳÌÐò¿ÉÒÔ×öÄÄЩÊÂÇé¡£Ò»¸öСÀý×Ó£¬ÓÐÁË MAC
ºóÓû§²»ÄÜÇáÒ׵ؽ«“±£Ãܵģ¨Secret£©”Êý¾Ýת»¯Îª“²»±£Ãܵģ¨Unclassified£©”µÄÊý¾Ý¡£²»¹ý£¬MAC
ʵ¼ÊÉÏ¿ÉÒÔ×öµÄ±ÈÄÇÒª¶àµÃ¶à¡£
NSA ÒѾ­Óë²Ù×÷ϵͳÌṩÉ̺Ï×÷Á˶àÄ꣬µ«ÊǺܶàÕ¼ÓÐ×î´óÊг¡µÄÌṩÉ̶ÔÓÚ½« MAC ¼¯³É½øÀ´Ã»ÓÐÐËȤ¡£¼´Ê¹ÊÇÄÇЩ¼¯³ÉÁË MAC µÄÌṩÉÌҲͨ³£Êǽ«Æä×öΪ“µ¥¶ÀµÄ²úÆ·”£¬¶ø²»Êdz£¹æ²úÆ·¡£Ò»²¿·ÖÔ­ÒòÖ»ÊÇÒòΪ¾ÉʽµÄ MAC ²»¹»Áé»î¡£
ÓÚÊÇ
NSA µÄÑо¿Á¦Á¿¾¡Á¦È¥Ê¹ MAC ¸üÁé»î²¢ÇÒ²¢ÈÝÒ×±»°üº¬ÔÚ²Ù×÷ϵͳÖС£ËûÃÇʹÓà Mach
²Ù×÷ϵͳ¿ª·¢ÁËËûÃǵÄ˼ÏëµÄÔ­ÐÍ£¬ºóÀ´·¢ÆðµÄ¹¤×÷À©Õ¹ÁË“Fluke”Ñо¿²Ù×÷ϵͳ¡£²»¹ý£¬ÄÑÒÔÈÃÈËÃÇÐÅ·þÕâЩ˼Ïë¿ÉÒÔÊÊÓÃÓÚ “ÕæʵµÄ”²Ù×÷ϵͳ
£¬ÒòΪËùÓÐÕâЩ¹¤×÷¶¼»ùÓÚ΢Ð͵ēÍæ¾ß¼¶µÄ”Ñо¿ÏîÄ¿¡£¼«ÉÙ¿ÉÒÔÔÚÔ­ÐÍÖ®Íâ½øÐг¢ÊÔÒԲ鿴ÕâЩ˼ÏëÔÚÕæʵµÄÓ¦ÓóÌÐòÖй¤×÷µÃÈçºÎ¡£NSA
²»ÄÜ˵·þ¾ßÓÐËùÓÐȨµÄÌṩÉÌÀ´Ìí¼ÓÕâЩ˼Ï룬¶øÇÒ NSA ҲûÓÐȨÀûÈ¥ÐÞ¸Ä˽ÓеIJÙ×÷ϵͳ¡£Õâ²»ÊǸöÐÂÎÊÌ⣻¶àÄêÇ° DARPA
ÊÔͼǿÖÆËüµÄ²Ù×÷ϵͳÑо¿ÈËԱʹÓÃ˽ÓеIJÙ×÷ϵͳ Windows£¬µ«Óöµ½Á˺ܶàÎÊÌâ¡£
ÓÚÊÇ£¬NSA żȻ·¢ÏÖÁËÒ»¸ö»ØÏëÆðÀ´ËƺõÏÔ¶øÒ×¼ûµÄÏë·¨£ºÊ¹ÓÃÒ»¸ö²»ÊÇ Íæ¾ßµÄ¿ª·ÅÔ´´úÂë²Ù×÷ϵÍ