摘要
软件只有处于运行状态其中寄生的隐通道才能工作,并对系统形成实质性的安全威胁.应用软件的执行需要操作系统的支撑.在多安全级操作系统中,赋予主体的安全级是通过赋予用户和代表用户的进程实现的.本文提出一种基于进程调度的动态隐通道消除算法LTHC,其核心思想是在操作系统进程优先级调度算法的基础上增设安全级的约束,构造一个按安全级排列的进程运行阶梯,迫使信息只能单向地从低向较高的安全级流动.LTHC算法具有进程公平调度和处理死锁的机制,对存储隐通道和时间隐通道均有效.
Only is lodging software running, covert channels are active and threat is tangible. Execution of application software depends on operating system. In multilevel secure operating system, security levels assign to subjects are implemented by give security levels to users and processes which represent users. A new algorithm for covert channels elimination named LTHC is presented to mandate sensitive information flows from low security level to higher only, which sort processes according to their security levels into an execution queue by add security level restrictions on process priority scheduling algorithm. LTHC can eliminate both storage channels and timing channels, moreover, it has mechanism to schedule processes fairly and avoid dead lock.
出处
《小型微型计算机系统》
CSCD
北大核心
2009年第2期236-241,共6页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(60773049)资助
江苏省自然科学基金项目(BK2007086)资助
江苏省高校自然科学研究计划项目(07KJB520016)资助
江苏大学高级人才项目(07JDG053)资助
关键词
隐通道
安全级
安全模型
安全策略
进程调度
covert channel
security level
security model
security policy
processes scheduling
