摘要
BLP(Bell&LaPadula)模型是用来在计算机系统内实施多级安全政策和自主安全政策的一种访问控制模型。本文将系统时间看成一个基本的安全要素,提出了带时间特性的BLP模型(BLP with Time Character:记为BLP—T),并将之形式化。BLP—T解决了主客体安全标记随时间的变化问题,以及主体可自主地决定其他的哪些主体可以在何时访问他拥有的客体。最后,将BLP—T应用于Linux,得到了一个原型。实验证明,该原型可以实现主客体安全标记时间特性、主体对客体的时间约束。BLP—T使得BLP模型呈现出环境敏感性。
BLP(Bell&LaPadula)model is used to implement Multi-Level Security Policy (MLS)and Discretionary Access Control Policy(DAC)in computer system. In this paper, system time is look as a basic secure element, BLP-T (BLP with Time Character)is presented, and formalized. BLP-T resolves problems that secure labels of subject and object are changed along with time, and that the subject discretionarily decides that who, by when, can access his owns objects. Finally,BLP-T is implemented on Linux,and gain a demo. It is proved that this demo can realize time character of secure labels and time constraint between subject and object. BLP- T makes the BLP model take on environment sensitivity.
出处
《计算机科学》
CSCD
北大核心
2007年第5期92-95,共4页
Computer Science
基金
国家863宽带VPN项目863-104-03-01课题资助
2003年度四川省科技攻关项目03GG007-007资助