- 论坛徽章:
- 0
|
你参考一下吧.
Security Integration Architecture (SIA)
All security mechanisms on Tru64 UNIX are part of the Security Integration Architecture (SIA), which isolates security-sensitive commands from the specific security mechanisms. This eliminates the need to modify the security-sensitive commands for each new security mechanism.
Tru64 UNIX includes the following C2 security features:
Discretionary Access Controls (DAC) -- Allows users to define how the resources they create can be shared. Optional ACLs provide greater granularity of file system object protection at the individual user level than the default DAC protection. The ACL mechanism is designed to POSIX draft 13 with some draft 15 enhancements.
Auditing -- Allows users to monitor normal and unauthorized usage of a system with a choice of a GUI or command-line interface.
Identification and Authentication -- Password length and lifetime are based on the Department of Defense Password Management Guideline (Green Book). Features include extensive login controls, such as automatic account lockout, account vacationing, per terminal settings for delays and maximum consecutive failed logins, password usage history, and system-generated password.
Object Reuse -- Ensures that the physical storage that is assigned to shared objects or that is released prior to reassignment to another user does not contain data from previous users.
Integrity -- Allows users to validate the correct operation of hardware, firmware, and software components of the Trusted Computing Base (TCB).
System Architecture -- A separate execution domain is maintained for the Trusted Computing Base (TCB) components using hardware memory management to protect the TCB while it is executing. |
|
免费注册
发表于 2007-01-30 08:13
