摘要
经典的BLP模型是解决保密性问题的理论基础 ,Biba模型是一种简明易实现的完整性模型 在应用系统中数据的共享和安全是一对矛盾 在将应用系统抽象为应用类的基础上 ,引入完整性规则集代表信息的可信度 ,结合BLP模型和Biba模型构造了一种应用类通信的安全模型 ,并给出了模型的形式化描述和正确性证明 应用类通信安全模型不仅解决了保密性问题 ,而且解决了完整性问题 以支持B/S文电传输应用系统的安全为例 ,给出了在操作系统中实现应用类通信安全模型的方法 。
The classical BLP model is recognized as the theoretical foundation of solving confidentiality problem. Biba model of solving integrity is easily realized in secure computer systems. In order to solve the contradiction between information sharing and security in the application system, a new application class communication security model is constructed theoretically based on the abstraction of application class. The new model introduces integrity rules to measure the trust level of sharing information between different application classes, thus combining BLP model and Biba model with no conflict. A formal description and verification on the model is detailed, which provides both the confidentiality and integrity for the system. With the development of a secure file transfer application system, which is based on the browser/server application pattern, the way to implement the new model in the Linux operating system is described and the performance of the system is discussed.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2005年第2期322-328,共7页
Journal of Computer Research and Development
基金
国家"九七三"重点基础研究发展规划基金项目 (G19990 3 5 80 1)
