摘要
在研究等级化信息系统特点的基础之上,给出了一个等级化网络环境下安全通道建立协议LTEP,该协议通过联合机制确立了不同等级、不同敏感级的信息系统间通信关系,依据虚拟主体转换以及安全标记映射规则,实现了不同等级信息系统内通信主体的授权,克服了安全标记的异构性问题,而且协议所构建的多级安全通道能够有效地实现不同敏感级别信息传输的相互隔离。拓展了基于串空间的安全协议分析方法,从认证性、机密性、完整性等几个方面对LTEP协议进行了安全性分析。
This paper analyzes the characteristics of classified information system, and puts forward a secure tunnel establishment protocol in classified network. The protocol establishes the relation of communication among different classified or level information systems by coalition, and according to virtual subject and mapping rules of secure label, it accomplishes authorization of subject and overcomes the heterogeneous of secure label in different information systems, moreover, multi-level secure tunnel established by the protocol may insulate different level information. It extends the method of secure protocol analysis based on strand space, and analyzes security of the protocol on authentication, confidentiality, integrality and so on.
出处
《计算机工程与应用》
CSCD
2012年第20期117-122,135,共7页
Computer Engineering and Applications
基金
国家高技术研究发展计划(863)(No.2009AA01Z438)
国家973计划前期研究专项(No.2011CB311801)
河南省杰出科技创新人才计划(No.114200510001h)
关键词
等级保护
多级安全
安全通道
虚拟主体
串空间
classified security protection
Multi-Level Secure(MLS)
secure tunnel
virtual subject
strand space
