摘要
Biba模型中的严格完整性政策能够有效地保证数据的完整性,但是该政策中主体和客体的完整性标记都是静态不变的,这会限制进程的一些原本合理的活动,从而降低应用程序的兼容性.提出严格完整性政策的动态实施方案,并给出该方案在基于Linux的安全操作系统RFSOS中的实现.该方案既可以保证系统的完整性,又能提高系统的兼容性.实验证明,这种方案对系统的整体效率的影响小于1%.
While the strict integrity policy (SIP) of Biba's model can be used to maintain integrity of data in computer systems, the integrity labels of both subjects and objects in a system are always kept static in SIP, which might lead to denial to some non-malicious access requirements and hence decreases the compatibility of applications Dynamic enforcement of this policy (DESIP) is presented, which can increase compatibility of software while keeping system integrity as strictly as SIP can The implementation of DESIP is also given based on RFSOS, a Linux-based operating system, which shows that the impact of the enforcement of DESIP on system efficiency is less than 1%
出处
《计算机研究与发展》
EI
CSCD
北大核心
2005年第5期746-754,共9页
Journal of Computer Research and Development
基金
国家"八六三"高技术研究发展计划基金项目(2002AA141080)
国家自然科学基金项目(60073022)
中国科学院知识创新工程基金项目(KGCX109)
