期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种主机系统可适应综合安全模型的研究

Research on an Adaptable Integrated Security Model of Host System
下载PDF
导出
摘要 综合入侵检测与访问控制相关安全技术,基于P2DR思想,提出了一种适用于主机系统的可适应综合安全模型,并以之为参考设计了一个原型系统,基本验证了其可行性和有效性。该模型以动态策略管理为基础,形成一个集防护、检测和响应为一体的完整安全体系,从而对主机系统实施综合安全保护。 Combined the security technologies of intrusion detection and access control,this paper put forward an adaptable integrated security model of host system based on the principle of P^2DR.Furthermore,a host security prototype was designed upon the model,and reversely verified the model's feasibility and effectivity.With the dynamic policy management of the model,the integrated host security system which is composed of protection,detection and response processes can be realized to fully protect host.
作者 刘渊 赵强 姜建国 黄钧 崔蔚
机构地区 中国工程物理研究院计算机应用研究所
出处 《计算机应用研究》 CSCD 北大核心 2004年第11期139-141,共3页 Application Research of Computers
基金 中国工程物理研究院重点基金资助项目(2000Z0605)
关键词 主机安全 入侵检测 访问控制 动态策略 Host Security Intrusion Detection Access Control Dynamic Policy
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献7

  • 1ISO/IEC15408,Common Criteria for Information Technology Security Evaluation[S].Switzerland:The International Organization for Stan- dardization,1999.
  • 2Loscocco P,Smalley S.Integrating Flexible Support for Security Policies into the Linux Operating System [R].NAI Labs,2001.
  • 3Computer Associates International Inc.eTrust Access Control for UNIX Whitepaper[EB/OL].http://www3.ca.com/files/whitepapers/etrust_access_control_for_unix.pdf,2001.
  • 4Walker K M,Sterne D F,Lee Badgr M,et al.Confining Root Programs with Domain and Type Enforcement[C].California: Proceedings of the 6 USENIX UINX Security Symposium,1996.
  • 5DoD 5200.28- STD,Trusted Computer System Evaluation Criteria[S].Washington: Department of Defence U.S.A,1985.
  • 6马恒太,蒋建春,陈伟锋,卿斯汉.基于Agent的分布式入侵检测系统模型[J].软件学报,2000,11(10):1312-1319. 被引量:122
  • 7吴新勇,熊光泽.支持动态策略的安全核(Security Kernel)机制的研究[J].计算机科学,2002,29(11):154-156. 被引量:3

二级参考文献21

  • 11,Bishop M. A model of security monitoring. In: Proceedings of the 5th Annual Computer Security Applications Conference. 1989. 46~52. http://seclab.cs. ucdavis.edu/papers.html
  • 22,Staniford-Chen S, Cheung S, Crawford R et al. GrIDS: a graph based intru sion detection system for large networks. In: Proceedings of the 19th National Information Systems Security Conference, Vol 1. National Institute of Standards a nd Technology, 1996. 361~370
  • 33,Hochberg J, Jackson K, Stallings C et al. NADIR: an automated system for detecting network intrusion and misuse. Computers and Security, 1993,12(3):235~2 48
  • 44,White G B, Fisch E A, Pooch U W. Cooperating security managers: a peer-based intrusion detection system. IEEE Network, 1996,10(1):20~23
  • 55,Forrest S, Hofmeyr S A, Somayaji A. Computer immunology. Communications of th e ACM, 1997,40(10):88~96
  • 66,Hunteman W. Automated information system alarm system. In: Proceedings of the 20th National Information Systems Security Conference. National Institute of Standards and Technology, 1997
  • 77,Porras P A, Neumann P G. EMERALD: event monitoring enabling responses to anom alous live disturbances. In: Proceedings of the 20th National Information System s Security Conference. National Institute of Standards and Technology, 1997
  • 8NCSC. Trusted Computer System Evaluation Criteria. Department of Defence U.S.A. 1985. DoD .5200. 28-STD
  • 9Trusted Information Systems, Inc. Trusted Mach System Architecture. Oct. 1 995
  • 10Key Logic, Inc. Introduction to KeySAFE. Key Logic Document SEC009

共引文献123

计算机应用研究
2004年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部