摘要
提出系统动作对信息域的不干扰概念,并在此基础上将不干扰模型推广到非确定系统.由于基于系统动作的不干扰概念简化了系统动作序列的提取操作,该模型的单步展开条件具有简洁的形式并易于理解和使用.推广后的不干扰模型不仅能够验证静态信息流策略,还可以验证各种动态信息流策略.最后设计了一个基于动态标记的访问控制模型,并在该模型中定义了读、写、执行等操作的具体语义,然后利用不干扰模型对其安全性进行了形式化验证.
The noninterference concept for actions of system to information domains is proposed. On the basis of this concept, the noninterference model is extended to nondeterministic systems. The noninterference concept based on actions of system simplifies the "purge" of the action sequence of the system. As a result, this model has concise unwinding conditions which are easy to understand and use. The extended model can be used to verify not only static but also dynamic information flow policies. Finally, a dynamic label based access control model is designed, in which the concrete semantic of the actions such as read, write and execute are defined, and its security is verified by the noninterference model.
出处
《软件学报》
EI
CSCD
北大核心
2006年第7期1601-1608,共8页
Journal of Software
基金
国家自然科学基金~~
关键词
不干扰模型借息安全
安全模型
访问控制模型
信息流
noninterference model
information security
security model
access control model
information flow