摘要：

对SELinux策略服务器在安全性和脆弱性方面存在的问题进行分析，基于可信计算提出信任特征的概念，将其引入到SELinux策略服务器的设计中，给出一种基于信任特征的SELinux策略服务器体系结构。通过用户空间安全服务器与策略管理服务器的构建解决脆弱性问题，提供可信实体信任特征，解决安全性问题，有效完善了SELinux体系结构。

关键词: 可信计算, 安全增强Linux, 策略服务器, 信任特征, 策略管理服务器

Abstract: The problem about security and vulnerability of SELinux policy server in mainstream operating system is analyzed. This paper introduces the definition of trusted characteristic, and puts forward a SELinux policy server architecture based on trusted characteristic. This method can solve the problem of vulnerability effectively by building user-space security server and policy management server, and the problem of security by carrying out trusted characteristic of trusted entities. It provides a new way to perfect SELinux.

Key words: trusted computing, Security Enhanced Linux(SELinux), policy server, trusted characteristic, Policy Management Server(PMS)

中图分类号: 

• TP309