基于认证可信度的BLP模型研究

Research on Authentication Trustworthiness-based BLP Model

该文扩展认证可信度的相关概念,描述当前系统中认证和授权相脱节的情况下如何将两者通过认证可信度结合起来,提出认证可信度与BLP相结合的模型:基于认证可信度的BLP模型,要求主体对客体的访问必须经过可信度安全特性和BLP模型安全策略的双重判定。模型体现了实际系统对不同用户认证可信度授予不同访问权限的需要,防止通过弱认证机制获得低认证可信度的用户访问高敏感信息。

This paper extends the concepts of authentication trustworthiness,and describes how to combine authenti-cation and authorization with authentication trustworthiness under the condition that authentication and authorization are disjointed in current systems.This paper puts forward the authentication trustworthiness -based BLP Model,which associates the authentication trustworthiness with BLP model.The model requires that the subject who wants to access the object must be evaluated with authentication trustworthiness security property and the security policies of the BLP model.This model embodies the need of systems that different user with different authentication trustworthiness should be authorized with different rights,and can prevent the users who acquire lower authentication trustworthiness by weaker authentication mechanisms from accessing sensitive information.