摘要
为解决现有多级安全系统中存在的可信主体安全隐患和系统可用性较差的问题,本文提出一种具有可信度特征的多级安全模型.通过在BLP模型中增加主客体的可信度标记和可信度评估函数,该模型可以准确地评估访问请求的可信度以及主客体可信度随访问行为变化的情况.以此可信度评估机制为基础,该模型建立了对可信主体的约束机制,使系统可以赋予更多主体有限程度的特权,增加了系统的灵活性和可用性.
A multilevel security(MLS)model with credibility characteristics was proposed to solve the problem of trusted subjects' hidden security flaw and poor system usability in present MLS systems. By introducing credibility labels of subjects and objects and credibility evaluation functions in original BLP model, it can evaluate credibility of access requests as well as corre-sponding credibility variation of subjects and objects. Since this model establishes restriction mechanism against trusted subjects and assigns limited privileges to all subjects, it is more flexible and practicable than present security-label based MLS models.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2008年第8期1637-1641,共5页
Acta Electronica Sinica
基金
国家自然科学基金(No.60673065)