摘要: 介绍强制访问控制(MAC)方法和在Linux主流内核版本中MAC主要的实现技术,包括SELinux和SMACK。将SMACK应用到典型的嵌入式设备?——智能手机上,通过定义SMACK规则为第三方软件构造沙盒。测试结果表明,与SELinux相比,SMACK具有较少的内存消耗和较高的运行效率,更适用于嵌入式系统。
关键词:
强制访问控制,
简单强制访问控制内核,
嵌入式系统,
安全,
沙盒
Abstract: This paper starts from an introduction of Mandatory Access Control(MAC) and presents some technologies which implement it in Linux mainline kernel, including SELinux and SMACK, and gives an example in detail of how to define SMACK rule set to address the requirements of constructing sandbox for third-party applications in Linux based mobile phone. Result of test indicates that running smack has fewer memory consumption and more efficient CPU performance comparing with SELinux, and SMACK is more suitable for embedded system. .
Key words:
Mandatory Access Control(MAC),
Simplified Mandatory Access Control Kernel(SMACK),
embedded system,
security,
sandbox
中图分类号:
阮越, 郑啸. 嵌入式系统中的SMACK应用研究[J]. 计算机工程, 2011, 37(5): 161-163,166.
RUAN Huo, ZHENG Chi. Application Research of SMACK in Embedded System[J]. Computer Engineering, 2011, 37(5): 161-163,166.