近年來隨著科技的進步，人們的生活充斥著資通訊產品。在大量使用資通訊產品的背後，潛藏在其中的資安議題也節節升溫。包含常見的機敏資料竊取、檔案加密勒索、殭屍電腦等。遭受攻擊前，可透過定期更新軟體修補漏洞，職員資安訓練等作為預防策略。若不幸遭受攻擊，會希望將損失拉到最低。
攻擊代表惡意侵入系統，若能限制惡意對象的能力，應可降低他對系統所造成的損害，在惡意侵入系統的過程中應會牽動存取控制機制，因此系統若具備強健的存取控制應能有效降低傷害。
在本研究中，我們依據各項情境，建構Security-Enhanced Linux (SELinux)客製化準則，設法降低危害發生的可能性，同時也讓新建的label具備功能性。共有4個項目，其中有3項是policy module，功用分別為：降低行程被非法使用者終止的可能性、給予使用者網路權限、給予使用者使用sudo 指令的權限，最後一項是依據一般用途及伺服器用途的電腦配置SELinux Boolean。

In recent years, with the advancement of technology, people's lives are full of technology products. Thus, the number of security issues become more, including data breach, ransomware, zombie computer, etc. Usually, we can regularly update the software to patch vulnerabilities as precautions for attacks. But, if unfortunately the system is attacked, we will want to minimize the loss. An attack represents a malicious object intrudes system. If we can limit it, the damage it caused would be less. In the process of invading the system, it might touch the access control mechanism. Therefore, if the system has strong access control, we could expect it would effectively make the damage less.
In this thesis, we customize the SELinux policy based on some scenarios. There are four policy modules. One is used to reduce the possibility of the process being terminated by a hacker, another is used to give a user network rights, and the other is used to give the user permission to use sudo command. Besides, we configure SELinux Boolean for ordinary usage and server usage of a computer.

[1]Knud Lasse Lueth, "State of the IoT 2018: Number of IoT devices now at 7B – Market accelerating," 8 August 2018. [Online]. Available: https://iot-analytics.com/state-of-the-iot-update-q1-q2-2018-number-of-iot-devices-now-7b/. [Accessed 17 7 2019].
[2]"BREACH LEVEL INDEX," Gemalto, [Online]. Available: https://breachlevelindex.com/. [Accessed 17 July 2019].
[3]Ponemon Institute, "Types of cyber attacks experienced by companies worldwide as of August 2017," [Online]. Available: https://www.statista.com/statistics/474937/cyber-crime-attacks-experienced-by-global-companies/. [Accessed 17 July 2019]
[4]IDC, "Size of the information security technology market " [Online]. Available: https://www.statista.com/statistics/640141/worldwide-information-security-market-size/. [Accessed 17 July 2019].
[5]Frank Mayer, Karl MacMillan, David Caplan, SELinux by Example: Using Security Enhanced Linux, Prentice Hall, 2006.
[6]U. S. Department of Defense, Trusted Computer System Evaluation Criteria, United States Department of Defense, 1985.
[7]Neil Smyth, "Mandatory, Discretionary, Role and Rule Based Access Control," in Security+ Essentials, Payload Media, 2010.
[8]Pavol Lupt´ak, "NSA Security-Enhanced Linux," 2004.
[9]Stephen Smalley, Configuring the SELinux Policy, NSA, 2005, p. 5~6.
[10]Chris Wright and Crispin Cowan, Stephen Smalley, James Morris, Greg Kroah-Hartman, "Linux Security Modules: General Security Support for the Linux Kernel," in USENIX Security Symposium, 2002.
[11]Red Hat, SELinux User's and Administrator's Guide, 2019.
[12]Richard Haines, The SELinux Notebook, Richard Haines, 2014.
[13]Sven Vermeulen, SELinux System Administration, Packt, 2016.
[14]Sven Vermeulen, SELinux Cookbook, Packt, 2014.