信息流图的分割算法

Divide Algorithm Based on Information-flow Chart Build Forest

下载PDF

导出

摘要一个多级安全系统的信息传递关系是搜索隐通道的重要依据。由于一个大型多安全级软件系统的信息传递关系非常复杂,对其直接进行信息流分析并搜索隐通道的工作量非常大,因此为进一步提高搜索和分析隐通道的效率,提出了一种将信息流图分割成信息流森林的算法。该算法首先选定一棵父树,然后通过边割集中的弧置换父树中的树枝得到新树,并能从理论上保证分割后得到的信息流森林正确继承原图的信息,即原图中信息流既未被割裂也未丢失。通过对每棵信息流树表示的信息流进行分析就可取代对整个信息流图的分析,从而有效降低了分析问题的规模。 Information-flows of mains and objects in a Multi-level security system could be used to describe an information-flow chart. This information-flow chart is the important basis of covert-channel search. But the information-flow charts in big system are intricately. Therefore, we proposed a new segmentation algorithm based on information-flow chart to build forest. Segmentation algorithm needs to ensure that information-flow forest could inherit correct information from information-flow chart. First, arbitrary full path in information-flow chart is not fragmented. Second, arbitrary full path in information-flow could not miss. Last, algorithm is able to handle the cycle flow of information. Analyzing the information flow, we can replace the entire information-flow chart. So it could effectively lower the analysis of the complexity of the problem. The new model could be used in the field of covert-channel search analysis, and improve the efficiency.

作者钱炜鞠时光王昌达宋香梅

机构地区江苏大学计算机科学与通信工程学院

出处《计算机科学》 CSCD 北大核心 2008年第10期126-130,共5页 Computer Science

基金国家自然科学基金(60573046 60773049) 江苏省高校自然科学研究计划(07KJB520016) 江苏大学高级人才项目(07JDG053)的资助

关键词信息流隐通道多级安全系统 information-flow,Covert channel,Multi-level security system

分类号 TP312 [自动化与计算机技术—计算机软件与理论] TP391.41 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献14

1Denning D. A Lattice Model of Secure Information-flow[J]. Comm.of the ACM,1976,19(5):236-246
2Kemrnerer R A. Shared resource matrix methodology: An approach to identifying storage and timing channels. ACM Trans. on Computer Systems[J]. 1983 : 256-277
3Goguen J A, Meseguer J. Security policies and security models//Proc. of the IEEE Symp. on Security and Privacy. 1982:11-20
4Tsai C R,Gligor V D. A formal method for the identification of covert storage channels in secure code. IEEE trans, on Software Engineering, 1990 : 569-580
5鞠时光,宋香梅.用于信息流分析的信息流树结构[J].江苏大学学报（自然科学版）,2005,26(5):433-436. 被引量：4
6Eckmann S T. Eliminating Formal Flows in Automated Information flow Analysis. IEEE, 1994
7郭殿春,鞠时光,余春堂,扬珍.隐通道及其搜索方法[J].计算机工程,2003,29(17):73-75. 被引量：2
8郭殿春.隐通道搜索方法研究与实现[D].硕士毕业论文.2004
9Goguen J A, Meseguer J. Unwinding and Inference Control// Proceedings of the IEEE Symposium on Security and Privacy. Oakland, California, April 1984 : 75-86
10Haigh J T,Kemmerer R A,McHugh J,et al. An Experience Using Two Covert Channel Analysis Techniques on a Real System Design. IEEE Transactions on Software Engineering, February 1987,13(2) : 157-168

二级参考文献14

1Mchugh J. Covert Channel Analysis: A Chapter of the Handbook For the Computer Security Certification of Trusted Systems. 1995-12-16.
2Denning D E. A Lattice Model of Securc Information Flow. Communications of the ACM, 1976,19(5):236-243.
3Goguen J A, Meseguer J. Security Policies and Security Models. Proceedings of the IEEE Symposium on Security and Privacy, Oackland,California, 1982-04:11-20.
4Kemmerer R A.Shared Resource Matrix Methodology: A Practical Approach to Indetifying Covert Channels. ACM Transactions on Computer Systems, 1983,1(3):256-277.
5Porras P A ,Kemmerer R A. Covert Flow Trces:A Technique for Indetifying and Analyzing Covert Storge Channels. IEEE Computer Society Symposium on Research in Security and Privacy Oakland,CA, 1991-05:36-51.
6Tsai C R, Gligor V D, Chandersekaran C S. A Formal Method for the Identification of Coven Storage Channels in Source Code. In IEEE Symposium on Security and Privacy,IEEE Computer Society, Computer Society Press, 1987-04:74-86.
7Lampson B W. A note on the confinement problem[J].CACM, 1973,16(10):613-615.
8Dorothy Denning. A lattice model of secure information flow[J]. Comm of the ACM, 1976,19(5):236-246.
9Richard A Kemmerer. Shared resource matrix methodo-logy: a practical approach to indetifying covert channels[J]. ACM Transactions on Computer Systems, 1983,1(3):256-277.
10Richard A Kemmerer. A practical approach to identi-fying storage and timing channels: twenty years later[A].In:Proceedings of the 18th Annual Computer Security Applications Conference 2002 IEEE[C].USA: Washington DC, IEEE Computer Society, 2002.

共引文献4

1宋香梅,鞠时光.基于源代码的隐通道搜索方法[J].计算机应用,2006,26(9):2127-2130.
2陈立,鞠时光,周从华,房芳,张翼.基于信息熵的隐通道能力分析[J].计算机应用研究,2009,26(8):3015-3018. 被引量：1
3康永佳,李健,胡俊,张涛.隐蔽通道信息流的研究[J].网络安全技术与应用,2010(2):62-67.
4王聪聪,鞠时光,宋香梅.隐蔽流树方法的分析与改进[J].计算机工程,2012,38(8):114-116.

1武立福,毛宇光.多级安全数据库保密性和数据完整性研究[J].计算机工程与应用,2004,40(8):174-176. 被引量：5
2崔树芹,曹玉枝.对BLP模型的改进——多级安全模型BLP在办公自动化中的应用探讨[J].计算机安全,2005(4):18-19.
3姬东耀,张福泰,王育民.多级安全系统中访问控制新方案[J].计算机研究与发展,2001,38(6):715-720. 被引量：22
4谭智勇,刘铎,司天歌,戴一奇.一种具有可信度特征的多级安全模型[J].电子学报,2008,36(8):1637-1641. 被引量：14
5王蕊娜,隋智远,方勇.一种二值文档密级标识添加方法[J].北京电子科技学院学报,2011,19(4):10-15. 被引量：2
6李沛武.多级安全工作流系统的访问控制[J].南昌水专学报,2002,21(1):16-18.
7卿斯汉,蒙杨,刘克龙.分布式应用中的多级安全密钥管理[J].电子学报,2001,29(2):369-371. 被引量：9
8许金凤,董一鸿,王诗懿,何贤芒,陈华辉.LGP-SA:分布式环境下基于模拟退火的大规模图划分算法[J].电信科学,2016,32(2):83-91. 被引量：1
9张洪军,虞俊.多级安全系统中数据聚合的无干扰属性[J].计算机工程与设计,2009,30(21):4848-4850.
10武越,刘向东.涉密环境桌面虚拟化多级安全系统设计与实现[J].信息网络安全,2014(9):101-104. 被引量：7

计算机科学

2008年第10期

浏览历史

内容加载中请稍等...

信息流图的分割算法

参考文献14

二级参考文献14

共引文献4

相关作者

相关机构

相关主题

浏览历史