中文摘要：

策略和标签是访问控制技术中的核心内容,决定了一个访问控制系统的实施内容.现今的大部分安全系统对策略的保护较为严格,但对标签的保护却缺乏一个完善、系统的保护方案,这导致即使策略本身是安全的、完备的,恶意者仍然可以通过篡改用作策略实施判断的标签来危害系统,系统安全仍然无法保证.为此提出了一个保护架构,着重保护系统中的安全标签.它通过使用加密文件系统、完整性度量等机制扩展可信计算芯片的控制范围,将标签置于可信计算的保护范围内,从而防止标签遭受篡改,确保其安全性.最后给出其基于Linux操作系统的原型实现.

英文摘要：

Policies and labels are the most important parts in access control technique. Labels present some security properties of the subject and the object, meanwhile policies present some logical algorithms based on the security properties carried by labels. The enforcement of access control system can be mainly decided by these two factors. Nowadays most security systems can give a well protection to the policies, but almost none of them have systemic and well-defined methods to protect labels. They just believe that the operation system can do the work itself. The lack of label protection leads to a result that even the policies are secure and well-defined, malwares can still do harms to the system by tempering the labels. Then the system is unsafe in the end. An architecture mainly to protect the security labels in the system by using TPM （trusted computing module） chip is proposed. TPM chip is a kind of hardware provided by TCG （Trusted Computing Group）. It can be used to build a TCB （trusted computing base） in a secure system. But the TCB here is too small to hold labels. By using some mechanisms such as encrypting file system and integrity measurement, we extend the edge of the TPM chip＇s control area and keep the labels into this area in order to enhance the safety of access control system. Implementation of a prototype system on the Linux OS is given and the experiments show the security and efficiency of our implementation.