摘要
分析了BLP模型在等级化网络应用中存在的不足,提出了一个适合于等级化网络特点的区域边界访问控制模型NBLP,该模型通过保护域间关系约束,有效地实施了多级区域边界安全互联控制;通过引入主体可信度,解决了等级化网络中特殊情况下的主体对客体的操作问题,增强了安全标记访问控制在网络应用中的灵活性与适应性;通过深入研究客体之间关系,分析了独立客体强关联性以及同类客体聚类问题而引起的泄密问题,提出了具有客体关系约束特征的访问控制,从而进一步增强了机密性安全属性的限制。
The paper analyzes the disadvantage of BLP model in the application of multi-level secure network,on the basis of which a network enclave boundary BLP model is put forward for adapting to multi-level network.It imposes protection domain relational restriction to control the connection of multi-level network enclave boundary.It uses the trust degree of network subject to solve access control between subject and object on special situation,and strengthens flexibility and adaptability of access control based on secure label.At the same time,the relation of objects is studied deeply to analyze the problem about loss of secret for the association of independent objects and aggregation of similar objects and an access control with objects relational restriction is put forward to strengthen restriction of confidentiality in multi-level network.
出处
《计算机工程与应用》
CSCD
北大核心
2011年第32期118-122,共5页
Computer Engineering and Applications
基金
国家高技术研究发展计划(863)No.2009AA01Z438
国家973计划前期研究专项(No.2011CB311801)~~
关键词
安全标记
BLP模型
可信度
客体关联
数据聚类
secure label
BLP model
trust degree
object association
data aggregation