期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于非传递无干扰理论的二元多级安全模型研究 被引量:11

Research of duality and multi-level security model based on intransitive noninterference theory
下载PDF
导出
摘要 提出了一个新的基于非传递无干扰理论的二元多级安全模型,其分别依据BLP和Biba模型的思想保护信息的机密性和完整性。为增强模型的实际可用性,引入了机密性可信域和完整性可信域,其在机密性检查室和完整性检查室内对违反安全策略的操作进行检查。基于信息流的非传递无干扰理论对于该模型进行了严格的形式化描述,并证明了其安全性,近一步讨论了其在Linux操作系统中的实现和在实际中的应用。该研究对于国家信息内容安全基础设施中敏感信息的保护具有一定的理论和实用价值。 A novel duality and multi-level security model (DMLSM) based on intransitive noninterference theory was proposed, which protects confidentiality of information based on BLP model and integrity based on Biba model. To enhance the usability of model, it introduces confidentiality trusted domain and integrality trusted domain which check the operations that violate the security policy in confidentiality check-room or integrity check-room respectively, then allow or refuse the access. The strict formal description of the model based on intransitive noninterference theory of information flow is given; furthermore, it proves the security of the model. The implementation of the model in Linux operating system is discussed and the application of model in practice is also demonstrated. The research gives Some contributes on the protection for sensitive important information and national information content security infrastructure.
作者 刘威鹏 张兴
机构地区 中国科学院研究生院信息安全国家重点实验室 解放军信息工程大学电子技术学院
出处 《通信学报》 EI CSCD 北大核心 2009年第2期52-58,共7页 Journal on Communications
基金 国家重点基础研究发展计划("973"计划)基金资助项目(2007CB311100)~~
关键词 多级安全 BLP模型 BIBA模型 二元多级安全模型 非传递无干扰理论 multi-level security BLP model Biba model duality and multi-level security model intransitive noninterference theory
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献11

  • 1BELL D E, LAPADULA L J. Secure Computer System: Unified Exposition and MULTICS Interpretation[R]. MTR-2997 Rev 1, the MITRE Corporation, Bedford,MA, USA, 1976.
  • 2BIBA K J. Integrity Considerations for Secure Computer Systems. Technical Report[R]. MTR 3153, the Mitre Corporation, 1977.
  • 3REINHOLD V N. Morrie Gasser Building a Secure Computer System[M]. 1988.
  • 4SANDHU R S. Lattice-based access control models[J]. IEEE Computer, 1993, 26(11):9-19.
  • 5蔡谊,郑志蓉,沈昌祥.基于多级安全策略的二维标识模型[J].计算机学报,2004,27(5):619-624. 被引量:28
  • 6LI Y E SHEN C X. A new security model of operating system[J]. Science in China(Series E), 2006, 36(4): 347-356.
  • 7谢钧,许峰,黄皓.基于可信级别的多级安全策略及其状态机模型[J].软件学报,2004,15(11):1700-1708. 被引量:19
  • 8RUSHBY J. Noninterference, Transitivity, and Channel-Control Security Poficies[R]. Stanford Research Institute, Tech Rep: CSL-92-02, 1992.
  • 9HAIGH J T, YONG W D. Extending the noninterference model of MLS for SAT[A]. Proceedings of the Symposium on Security and Privacy[C]. Oakland, CA, 1986.232-239.
  • 10GOGUEN J A. Meseguer Security policies and security models[A]. Proc of the 1982 IEEE Symposium on Security and Privacy[C]. 1982.11- 20.

二级参考文献12

  • 1Sandhu RS. Lattice-Based access control models. IEEE Computer, 1993,26(11):9-19.
  • 2Thomsen DJ, Haigh JT. A comparison of type enforcement and Unix setuid implementation of well-formed transactions. In: Proc. of the 6th Annual Computer Security Applications Conf. Tucson: IEEE Computer Society Press, 1990. 304~312.
  • 3Clark DD, Wilson DR. A comparison of commercial and military computer security policies. In: Proc. of the 1987 IEEE Symp. on Security and Privacy. Oakland: IEEE Computer Society Press, 1987. 184-194.
  • 4Rushby J. Noninterference, transitivity, and channel-control security policies. Technical Report, CSL-92-02, Menlo Park: Stanford Research Institute, 1992.
  • 5Rushby J. Design and verification of secure systems. In: Proc. of the 8th ACM Symp. on Operating System Principles. Pacific Grove: ACM Press, 1981. 12-21.
  • 6Zhong Q, Edwards N. Security risk control of COTS-based applications. Technical Report, HPL-97-108, Bristol: HP Laboratories, 1997.
  • 7Walker KM, Sterne DF, Badger LM, Petkac MJ, Sherman DL, Oostendorp KA. Confining root programs with domain and type enforcement (DTE). In: Proc. of the 6th USENIX Security Symp. San Jose: USENIX Association, 1996. 21~36.
  • 8Schellhorn G, Reif W, Schairer A, Karger P, Austel V, Toll D. Verification of a formal security model for multiapplicative smart cards. In: Proc. of the 6th European Symp. on Research in Computer Security. Toulouse: Springer-Verlag, 2000. 17~36.
  • 9Bell D.E., Lapadula L.J.. Secure computer systems. Mitre Corporation, Bedford, MA, USA: Technical Report MTR-2547 (Vol Ⅰ-Ⅲ), 1973
  • 10Biba K.J.. Integrity considerations for secure computer systems. Mitre Corporation, Bedford, MA, USA: Technical Report MTR-3153, 1977

共引文献40

同被引文献139

引证文献11

二级引证文献22

通信学报
2009年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部