特权约束系统职责隔离问题研究

Separation of Duty in Privileged Operating Systems

下载PDF

导出

摘要特权控制操作系统最重要的资源,需要应用职责隔离原则,确保特权安全.与现有研究不同,从特权隐式授权方面探讨对职责隔离的支持问题.通过分析特权来源,将特权定义分解为约束规则与执行规则,弥补了现有访问控制研究中对权限效果描述不足的缺陷.两类规则间的逻辑推导说明授权间的推导关系,即特权间存在隐式授权,可能不满足职责隔离要求.利用授权推导关系图准确而全面地反映了特权机制的所有隐式授权.从特权的职责隔离属性,及职责隔离对特权的机制要求两方面探讨上层职责隔离需求与底层特权控制实施的一致性问题.以目前广泛应用的POSIX权能机制为例,给出其形式化模型BMPS模型的定义,指出该机制支持职责隔离存在的问题,并对该机制进行了改进,给出满足职责隔离要求的特权策略实施方案. In operating systems, privilege is used to control the most important resources and functions, so administrators must enforce separation of duty （SoD） to ensure privilege safety. In this paper, how privilege would support SoD is studied by analyzing the issue of implicit authorization. The source of privilege is first discussed, and the definition of privilege is decomposed into restriction rules and execution rules. The execution rules explain the effects of privilege precisely, which are ignored by most access control models. Then by logically deducing rules, authorization is further deduced, which indicates that there is implicit authorization in privilege mechanisms. Implicit authorization may cause violation of SoD constraints, so all implicit authorizations are displayed in an authorization deduction graph. By exploring the properties and the mechanism requirements of SoD, the consistency between SoD constraints and the privilege mechanism can be ensured. Finally, the POSIX capability mechanism is taken as an example, and formalized into the BMPS model. Its deficiencies in supporting Sold are found and corrected, and a feasible security policy consistent with the SoD requirements is provided.

作者蔡嘉勇卿斯汉刘伟

机构地区中国科学院软件研究所基础软件国家工程研究中心

出处《计算机研究与发展》 EI CSCD 北大核心 2008年第4期666-676,共11页 Journal of Computer Research and Development

基金北京市自然科学基金项目(4052016) 国家自然科学基金项目(60573042) 国家“九七三”重点基础研究发展规划基金项目(G1999035802)

关键词特权约束规则执行规则推导职责隔离 privilege constraint rule execution rule deduction separation of duty

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献14

1Department of Defense Standard, Department of Defense. DoD 5200. 28 STD Trusted Computer Syslem Evaluation Criteria [S]. Washington DC, 1985
2季庆光,卿斯汉,贺也平.支持POSIX权能机制的一个新的特权控制的形式模型[J].中国科学（E辑）,2004,34(6):683-700. 被引量：5
3D D Clark, D R Wilsyn. A comparison of commercial and military computer security policies [C], In: Proc of the 1987 IEEE Symp on Security and Privacy. Los Alamitos, CA: IEEE Computer Society Press, 1987. 184-194
4R S Sandhu, E J Coyne, H L Feinstein, et al. Role based access control models [J].Computer, 1996, 29(2) : 38-47
5Portable Applications Standards Committee of IEEE Computer Society. PSSG Draft 17, Standards Project, Draft Standard for Information Technology-Portable Operating System Interface (POSIX)[S].New York: IEEE, Inc., 1997
6T Jaeger, X Zhang, A Edwards. Policy management using access control spaces [J]. ACM Trans on Information and System Security, 2003, 6(3) : 327-364
7M Gasser. Building a Secure Computer System [M]. New York: van Nostrand Reinhold Co., 1988
8E Bertino, B Catania, E Ferrari, et al. A logical framework for reaching about access control models [J]. ACM Trans on Information and System Security, 2003, 6( 1 ): 71-127
9M A Harrison, W L Ruzzo, J D Ullman. Proteetion in operating systems [ J ]. Communications of the ACM, 1976, 19 (8) : 461 -471
10F Rabbiti, E Bertino. W Kim, et al. A model of authorization for next-generation database systems [J]. ACM Trans of Database Systems, 1991, 16( 1 ) : 88-131

二级参考文献24

1[18]Ferraiolo D F, Barkley J F, Kuhn D R. A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Infoemation and System Security, Vol.2, No. 1, February 1999. 34～64
2[19]Clark D D, Wilson D R. A comparison of commercial and military security policies. In: Proceedings of 1987 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, April 1987,184～238
3[20]Ferraiolo D F, Cugini J A, Kuhn D R. Role-based control(RBAC): features and motivations, In: Proceedings. 11th Annual Computer Security Applications Conference, December 1995, 241～248
4[1]Curry, D. A. Improving the security of your UNIX system, Technology report ITSTD-721-FR-90-21, SRI International, April 1990
5[2]IBM server group, Addressing secrity issues in Linux. A Linux White Paper, 2000
6[3]Data General, Managing security on DG/UX system, manual 093-701138-4, Data General Corporation,Westboro, MA01580, Nov. 1996
7[4]Cowan C, Beattie S, Kroach-Hartman G, et al. SubDomain: parsimonious server security, 14th USENIX Systems Administration Conference (LISA 2000), New Orleans, LA, December 2000, 355～367
8[5]Chandramouli R. A framework for multiple authorization types in a healthcare application system. In:Proc. 17th Annual Computer Security Applications Conference, December 2001, 137～148
9[6]Hoffman J. Implementing RBAC on a type enforced system. In: Proc. 13th Annual Computer Security Applications Conference, December 1997, 158～163
10[7]Sandhu R S, Coyne E J, Feinstein H L, et al. Role Based Access Control Models. IEEE Computer, vol 29, Num 2, February 1996, 38～47

共引文献4

1沈晴霓,卿斯汉,李丽萍.一种多层次特权控制机制的设计与实现[J].计算机研究与发展,2006,43(3):423-428. 被引量：1
2唐柳英,卿斯汉.混合RBAC-DTE策略的多角色管理[J].计算机学报,2006,29(8):1419-1426. 被引量：13
3陈亚莎,赵勇,刘燕,沈昌祥.高安全级信息系统中的特权控制机制及其模型研究[J].山东大学学报（理学版）,2011,46(9):57-60. 被引量：3
4李瑜,赵勇,梁鹏.面向服务进程的用户权限隔离模型[J].计算机工程,2011,37(23):141-143. 被引量：2

1季庆光,卿斯汉,贺也平.支持POSIX权能机制的一个新的特权控制的形式模型[J].中国科学（E辑）,2004,34(6):683-700. 被引量：5
2郑志蓉,赫方,岳阳.一种基于良构应用的多级安全策略模型[J].计算机工程,2008,34(3):168-170.
3王柠,刘国华,石丹妮.基于指纹和推导模型的泄密信息检测方案[J].燕山大学学报,2012,36(6):511-518.
4蔡嘉勇,卿斯汉,刘伟,何建波.基于规则推导的特权隐式授权分析[J].软件学报,2008,19(8):2102-2113. 被引量：3
5孙红娜.访问控制实施难[J].网管员世界,2007(21):81-81.
6华凡,刘希玉,邹文玲.基于UML活动图的工作流过程建模研究[J].山东师范大学学报（自然科学版）,2007,22(4):33-36.
7佚名.学会Windows帮助文件的使用[J].软件指南,2003(10):28-28.
8谭琼玲.浅谈面向对象设计的接口隔离原则[J].中外企业家,2009(3X):144-145.
9俞晓,左友东.基于OAUTH2.0的高校统一认证中心[J].计算机系统应用,2014,23(8):59-62. 被引量：1
10铁菊红,李长河,彭辉.一种基于虚拟执行规则的工作流实例迁移方法[J].计算机应用,2006,26(3):688-691. 被引量：3

计算机研究与发展

2008年第4期

浏览历史

内容加载中请稍等...

特权约束系统职责隔离问题研究

参考文献14

二级参考文献24

共引文献4

相关作者

相关机构

相关主题

浏览历史