期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种具有可信度特征的多级安全模型 被引量:13

A Multilevel Security Model with Credibility Characteristics
下载PDF
导出
摘要 为解决现有多级安全系统中存在的可信主体安全隐患和系统可用性较差的问题,本文提出一种具有可信度特征的多级安全模型.通过在BLP模型中增加主客体的可信度标记和可信度评估函数,该模型可以准确地评估访问请求的可信度以及主客体可信度随访问行为变化的情况.以此可信度评估机制为基础,该模型建立了对可信主体的约束机制,使系统可以赋予更多主体有限程度的特权,增加了系统的灵活性和可用性. A multilevel security(MLS)model with credibility characteristics was proposed to solve the problem of trusted subjects' hidden security flaw and poor system usability in present MLS systems. By introducing credibility labels of subjects and objects and credibility evaluation functions in original BLP model, it can evaluate credibility of access requests as well as corre-sponding credibility variation of subjects and objects. Since this model establishes restriction mechanism against trusted subjects and assigns limited privileges to all subjects, it is more flexible and practicable than present security-label based MLS models.
作者 谭智勇 刘铎 司天歌 戴一奇
机构地区 清华大学计算机科学与技术系
出处 《电子学报》 EI CAS CSCD 北大核心 2008年第8期1637-1641,共5页 Acta Electronica Sinica
基金 国家自然科学基金(No.60673065)
关键词 多级安全 可信度 BLP(Bell-La Padula)安全模型 访问控制 multilevel security credibility BLP security model access control
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献8

  • 1Bell D E,LaPadula L J. Secure Computer System:Unified Exposition and Multics Interpretation [ R ]. MTR-2997, Bedford, MA:MITRE Corporation, 1976.
  • 2Bell D E,LaPadula L J. Secure Computer Systems:Mathematical Foundations[ R]. MTR-2547 Volume I, Bedford, MA: Electronic Systems Division,Air Force System Command, Hanscom AFB, 1973.
  • 3Bell D E, LaPadula L J. Secure Computer Systems: A Mathematical Model[R]. MTR-2547 Volume Ⅱ,Bedford, MA: Electronic Systems Division,Air Force System Command, Hanscom AFB, 1973.
  • 4BeU D E. Secure computer systems: A network interpretation [A] .Proceedings of the 3rd Annual Computer Security Application Conference[ C]. Vienna, VA, USA, 1987.32 - 39.
  • 5lee T M P. Using mandatory integrity to enforce“commercial” security[ A] .Proceedings of the 8th National Computer Security Conference[ C]. Gaithersburg, MD, USA, 1985. 108 - 119.
  • 6季庆光,卿斯汉,贺也平.一个改进的可动态调节的机密性策略模型[J].软件学报,2004,15(10):1547-1557. 被引量:33
  • 7石文昌,孙玉芳,梁洪亮.经典BLP安全公理的一种适应性标记实施方法及其正确性[J].计算机研究与发展,2001,38(11):1366-1372. 被引量:28
  • 8Trusted Information System Inc. Trusted Math Mathematical Model[R]. TIS TMACH EDOC-0017-96B, Trusted Information System Inc, 1996.

二级参考文献32

  • 1[1]D E Bell, L J LaPadula. Secure computer system: Unifiedexposition and MULTICS interpretation. The MITRECorporation, Tech Rep: MTR-2997 Revision 1, 1976
  • 2[2]T Y Lin. Bell and LaPadula axioms: A "new" paradigm for an"old" model. In: Proc 1992 ACM SIGSAC New SecurityParadigms Workshop. Little Compton, Rhode Island, USA,1992. 82~93
  • 3[3]V D Gligor, E L Burch, C S Chandersekaran et al. On thedesign and the implementation of secure Xenix workstations.In: Proc of the 1986 IEEE Symposium on Security andPrivacy. Oakland, California: IEEE Computer Society Press,1986. 102~117
  • 4[4]II C W Flink, J D Weiss. System V/MLS labeling andmandatory policy alternatives. AT&T Technical Journal,1988, (5/6): 53~64
  • 5[5]G L Grenier, R C Holt, M Funkenhauser. Policy vsmechanism in the secure TUNIS operating system. In: 1989IEEE Symposium on Security and Privacy. Oakland,California: IEEE Computer Society Press, 1989. 84~93
  • 6[6]P A Karger, M E Zurko, D W Bonin et al. A VMM securitykernel for the VAX architecture. In: 1990 IEEE ComputerSociety Symposium on Research in Security and Privacy.Oakland, California: IEEE Computer Society Press, 1990. 2~19
  • 7[7]N A Waldhart. The army secure operating system. In: 1990IEEE Computer Society Symposium on Research in Securityand Privacy. Oakland, California: IEEE Computer SocietyPress, 1990. 50~60
  • 8[8]DoD 5200.28-STD, Department of Defense Trusted ComputerSystem Evaluation Criteria. Department of Defense.Washington, DC, 1985
  • 9[9]DTOS generalized security policy specification. SecureComputing Corporation. Tech Rep: DTOS CDRL A019, 1997
  • 10[10]R Spencer, S Smalley, P Loscocco et al. The flask securityarchitecture: System support for diverse security policies. In:Proc of the 8th USENIX Security Symposium. Washington,DC, 1999. 123~139

共引文献50

同被引文献143

引证文献13

二级引证文献71

电子学报
2008年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部