Security of information system requires a secure operation system. Security kernel meets the requirement and provides a bedrock to security of operation system. This paper extracts the deficiency of traditional security kernel, presents a security kernel mechanism supporting policy flexibility, simplified secure interface. It optimizes the performance by reused policy cache, provids a method to revoke granted permissions and assures the atomicity of revocation permissions and granting new permissions. As a result, all refinements help security kernel to improve its flexibility, extensibility and portability.
展开▼