摘要： 分析LSM框架的基本设计思想和Linux系统上原有的可执行程序访问控制机制存在的问题，在此基础上讨论在LSM框架下可执行程序强制访问控制机制的设计。作为验证，基于Linux2.6.11内核实现了一个可执行程序强制访问控制系统原型，对如何在操作系统中实现可执行程序的强制访问控制具有指导意义。

关键词: LSM框架, 强制访问控制, 可执行程序

Abstract: This paper analyses the main design idea of Linux Security Module(LSM) and the problem of the intrinsic access control mechanism of Linux executable program, and discusses the design of Mandatory Access Control(MAC) mechanism of executable program based on LSM. As the demonstration, it implements a MAC system prototype based on Linux kernel 2.6.11. The illumination that how to implement MAC of executable program in operating system is given.

Key words: Linux Security Module(LSM), Mandatory Access Control(MAC), executable program

中图分类号: 

• N945