一种基于用户意愿的数据保护模型

A Data Protection Model Based on User's Intention

下载PDF

导出

摘要基于最小特权原理,从分析进程的访问权限出发,提出了一种防御恶意程序攻击的数据保护模型.该模型对DAC访问控制机制进行了增强,当进程实际访问用户数据时,进程必须先获得操作用户的意愿,用户根据进程的任务赋予进程访问系统最小必需数据集的权限,使进程无法访问任务之外的数据集,防止进程因权限过大破坏用户数据.测试结果表明,该模型可以有效地阻止进程的非法访问而确保数据不被窃取或破坏. After analyzing the access rights of the processes, this paper presents a data-protection model which will prevent the attack of the malicious processes on the base of minimal privilege principle. This model has reinforced the DAC access control mechanism. When process accesses user＇s data, the process has to gain the user＇s intention. Based on the task of the process, the user will endow the process minimal rights to access the related data, which will prevent the process from accessing data that are not concerned with the task. Thus it will prevent process destroy user＇s data because of overusing access rights. The test result shows that this model can effectively stop the unauthorized access and protect data from destructing or stealing.

作者曹四化何鸿君罗莉冯涛

机构地区国防科学技术大学计算机学院

出处《武汉大学学报（理学版）》 CAS CSCD 北大核心 2006年第5期574-577,共4页 Journal of Wuhan University:Natural Science Edition

基金国防预研基金资助项目(51436050505KG0101)

关键词信息安全数据保护用户意愿 information security data protection intention of user

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献14

1The International Organization for Standardization.Common Criteria for Information Technology Security Evaluation [EB/OL]. [2006-01-15]. http://www.commoncriteriaportal.org/ public/files/ ppfiles/ PP-9806. pdf.
2Sandhu R, Coyne E J, Feinstein H L. Role-Based Access Control Models[J]. IEEE Computer, 1996,29(2 ):38-47.
3Sandhu R, Ferraiolo D F, Kuhn D R. The NIST Model for Role-Based Access Control: Towards a Unified Standard[C]//Proceedings of the Fifth ACM Work-shop on Role-Based Access Control. New York: ACM Press, 2000 : 47-63.
4Chandramouli R, Sandhu R. Role Based Access Control Features in Commercial Database Management Systems [EB/OL]. [2006-01-15]. http://csrc. hist.gov/rbac / RBAC_DBMS_Com parison.pdf.
5Chandramouli R. A Framework for Multiple Authorization Types in a Healthcare Application System[C]//17th Annual Computer Security Applications Conference. Washington: IEEE Computer Society Press, 2001:137-148.
6Chandramouli R. Specification and Validation of Enterprise Access Control Data for Conformance to Model and Policy Constraints [EB/OL]. [2006-01-18]. http ://csrc.nist. gov/rbac/Access_ control_ data _ spec _validate.pdf .
7Ferraiolo D F, Kuhn D R. Role Based Access Control[EB/OL].[2006-01-15]. http://csrc.nist.gov/rbac/ferraiolo-kuhn- 92.pdf.
8Microsystems S. Java Security Architecture[EB/OL].[2006-03-15]. http://java. sun.com/j2se/1. 5. 0/docs/guide/security/spec/security-specTOC.fro. html.
9Prabhat K, Lakhotia A. Analysis and Detection of Computer Viruses and Worms: An annotated bibliography[J]. ACM SIGNPLAN Notices, 2002,37 ( 2 ) :29-35.
10Cohen F. Computational Aspects of Computer Viruses[J]. Computers and Security, 1989,8(9) :325.

1张苏,华英.基于角色的访问控制中职责分离的设计与实现[J].电脑知识与技术,2009,5(8):6105-6107. 被引量：1
2张丽娜,何远.基于用户意愿的智能手机安全监控方法研究[J].电视技术,2012,36(18):44-46. 被引量：1
3甄保社.使用IE浏览器的一些常见问题及解决方案[J].中华医学图书情报杂志,2002,11(4):54-55.
4曹四化,何鸿君.基于用户意愿的改进BLP模型IB_BLP[J].计算机工程,2006,32(23):171-173. 被引量：2
5何鸿君,罗莉,曹四化,宁京宣,李朋,董黎明.基于用户意愿的文件访问控制策略[J].国防科技大学学报,2007,29(6):54-58. 被引量：2
6网络安全技巧秀[J].网友世界,2005(12):45-45.
7阿飒.防范恶意程序攻击[J].电脑校园,2002(8):36-36.
8何春.假如没有IE[J].电脑知识与技术（过刊）,2005(5):84-85.
9艾文.自己动手修复数据[J].软件世界,2006(7):73-73.
10卞斌.PKI风险[J].信息网络安全,2001(10). 被引量：1

武汉大学学报（理学版）

2006年第5期

浏览历史

内容加载中请稍等...

一种基于用户意愿的数据保护模型

参考文献14

相关作者

相关机构

相关主题

浏览历史