Abstract: A mandatory access control technique is proposed which is based on P2DR and cannot be bypassed. The framework of Unix host security monitoring system is constructed on multi-level security policy model through strong authentication, encapsulated Unix command and mandatory access control based on P2DR. And the system is mainly applied to Unix host security protection in secret network environment.

Key words: Host security, Mandatory access control, Security audit, P2DR

摘要： 提出了一种基于P2DR的、不可旁路的强制访问控制技术。通过强身份认证、封装Unix命令和基于P2DR的强制访问控制，以多级安全策略模型为基础构建了Unix主机安全监控系统框架，重点应用于涉密网络中Unix主机的安全防护。

关键词: 主机安全, 强制访问控制, 安全审计, P2DR