期刊文献+

一种对多级安全模型安全性的分析方法 被引量:15

A Security Proof Method for Multilevel Security Models
下载PDF
导出
摘要 由于BLP模型的基本安全公理不能完全证明模型的安全性,因此,在分析BLP改进模型的安全性时,如果模型的安全策略十分复杂而不能直接判断其安全性,或者模型由于改变了安全属性定义等而动了基本安全公理的推理基础时,应从其他角度证明改进模型的安全性.利用基于系统动作的不干扰模型,从信息流的角度给出一种对多级安全模型的形式化分析方法,为多级安全模型的安全性验证提供了一种新的途径.该不干扰模型把不干扰关系扩展到系统动作之间,提出了新的单步展开定理,可描述多级安全模型中的动态策略.通过以ABLP与DBLP模型为实例进行分析,说明了该分析方法的实用性. Some variants of BLP model can not prove whether their security policies match multilevel security requirements due to the limitation of security proof method of BLP model. It is pointed out that basic security theorem can only show whether a model match its security properties. So it is necessary to find a new way to formally analyze the improved BLP models instead of using basic security theorem as the original BLP, especially when the security of their improved rules is too complicated to judge directly or when the definition of security properties has been modified, which is considered as the reasoning basics of basic security theorem. In order to accomplish this, a security proof method is developed which takes advantages of a new noninterference model and provides a way to prove the security of multilevel security models from the point of view of information flow. The new noninterference model reclaims the definition of transitive noninterference relationship between system actions, presents a new unwinding theorem, and offers a great help in expressing dynamic policies of multilevel security models. To show practicability of the new noninterference model and the formal method, the security properties of ABLP and DBLP models are examined as examples.
出处 《计算机研究与发展》 EI CSCD 北大核心 2008年第10期1711-1717,共7页 Journal of Computer Research and Development
基金 国家自然科学基金项目(60673065) 江苏省网络与信息安全重点实验室基金项目(BM2003201)~~
关键词 BLP模型 多级安全 不干扰模型 访问控制 安全模型 BLP model multilevel security noninterference model access control security model
  • 相关文献

参考文献9

二级参考文献50

  • 1季庆光,卿斯汉,贺也平.一个改进的可动态调节的机密性策略模型[J].软件学报,2004,15(10):1547-1557. 被引量:33
  • 2[1]D E Bell, L J LaPadula. Secure computer system: Unifiedexposition and MULTICS interpretation. The MITRECorporation, Tech Rep: MTR-2997 Revision 1, 1976
  • 3[2]T Y Lin. Bell and LaPadula axioms: A "new" paradigm for an"old" model. In: Proc 1992 ACM SIGSAC New SecurityParadigms Workshop. Little Compton, Rhode Island, USA,1992. 82~93
  • 4[3]V D Gligor, E L Burch, C S Chandersekaran et al. On thedesign and the implementation of secure Xenix workstations.In: Proc of the 1986 IEEE Symposium on Security andPrivacy. Oakland, California: IEEE Computer Society Press,1986. 102~117
  • 5[4]II C W Flink, J D Weiss. System V/MLS labeling andmandatory policy alternatives. AT&T Technical Journal,1988, (5/6): 53~64
  • 6[5]G L Grenier, R C Holt, M Funkenhauser. Policy vsmechanism in the secure TUNIS operating system. In: 1989IEEE Symposium on Security and Privacy. Oakland,California: IEEE Computer Society Press, 1989. 84~93
  • 7[6]P A Karger, M E Zurko, D W Bonin et al. A VMM securitykernel for the VAX architecture. In: 1990 IEEE ComputerSociety Symposium on Research in Security and Privacy.Oakland, California: IEEE Computer Society Press, 1990. 2~19
  • 8[7]N A Waldhart. The army secure operating system. In: 1990IEEE Computer Society Symposium on Research in Securityand Privacy. Oakland, California: IEEE Computer SocietyPress, 1990. 50~60
  • 9[8]DoD 5200.28-STD, Department of Defense Trusted ComputerSystem Evaluation Criteria. Department of Defense.Washington, DC, 1985
  • 10[9]DTOS generalized security policy specification. SecureComputing Corporation. Tech Rep: DTOS CDRL A019, 1997

共引文献68

同被引文献158

引证文献15

二级引证文献48

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部