摘要
近年来,安全保障作为操作系统安全的一个重要方面越来越受到研究者的重视。对于高安全级别操作系统,体系结构层次的结构化是必须要达到的安全保障要求,是其区别于低安全级别系统的本质特征。本文首先分析了传统信息流模型在解决安全保障问题方面的不足,然后以传统无干扰模型为基础,研究了安全保障在其中的描述和体现,提出了能够满足引用监视器假设的结构化规则。其次,提出可信管道的概念,将其应用到无干扰模型的结构化保障中,并对模型的安全性进行了证明。最后,给出了一种基于可信管道的结构化信息流控制的实现方案。
In recent years,more and more researchers have given attention to security assurance as an important aspect of an operating system security.For a high level secure operating system,structuration of the architecture level must be met as security assurance requirements,which is the essential characteristics from the low level secure system.First,the lack of the traditional information flow model on solving the problem of security is analyzed,and the description and reflection of the security assurance in the non-interference model are studied.Then structural rules are raised that can match reference monitor hypothesis.Second,the concept of the trusted pipeline is applied to the structural assurance of the non-interference model,and security of the new model is proven.Finally,an implementation scheme of structured information flow control based on the trusted pipeline is proposed.
出处
《山东大学学报(理学版)》
CAS
CSCD
北大核心
2011年第9期28-34,共7页
Journal of Shandong University(Natural Science)
基金
国家重点基础研究发展计划("973"计划)项目(2007CB311100)
国家高技术研究发展计划(863计划)项目(2009AA01Z437)
关键词
结构化
无干扰
进程
引用监视器
安全保障
structuration
non-interference
process
reference monitor
security assurance