中文摘要：

基于安全操作系统SLinux的设计开发实践,采用信息流序列来描述信息流和隐蔽通道,阐述了基于信息流分析的隐蔽通道的分类,刻画了隐蔽通道信息流分类特性,探讨了隐蔽通道完备性处理方法。在此基础上,提出了基于信息流分析的隐蔽通道通用检查框架,设计了隐蔽通道信息流标志优化规则,通过实例验证分析,说明该方法能够有效地限制隐蔽通道信息流组合扩散、减少误报伪非法流,能有效简化隐蔽通道的分析过程。

英文摘要：

Based on the secureity OS（SLinux） designing and implementing,this paper adopted information flow sequence to represent information flows and covert channels.Categorized the covert channels according to their information flow characteristics and discussed the integral method of dealing with covert channel.On this basis,proposed a general framework for covert channel identification founded on information flow analysis,and designed the optimization rules of covert channel identification.The framework and the rules can decrease the illegal flow of misinformation by restricting information flow combination spread,and provide the basis process for improving of anglicizing covert channel.