摘要
如何有效控制不同安全域之间的信息流向以及信息的访问控制是分级保护的一个工作重点。该系统利用Windows内核的驱动框架,通过嵌入在I/0管理器和文件系统驱动模块之间的文件过滤驱动模块向信息头部写入密级标,并结合管理中心分发的密钥,实现信息的动态透明加/解密,使涉密文件只能被有相应权限的用户所访问;信息控制引擎结合访问控制策略,实现信息流向控制,杜绝高密级信息向低密级域流动。
How to effectively control the flow of information between different security domains,and access control information is classified protection a pdority.The system utilizes windows kernel driver framework,embedded file system filter driver module between I/O manager and file system driver module. File system filter driver module writing secrets level identification to the head of information,and combines management center to distribute the key, to achieve dynamic and transparent en-crypted/decrypted,so that confidentital information can only be accessed by user with have appropriate permissions;Information control engine combines access control pol-icy, to achieve control of the flow of information,and put an end to high-security classification information flow to the low-level domain.
出处
《网络安全技术与应用》
2013年第2期27-30,共4页
Network Security Technology & Application
关键词
安全域
密级标识
过滤驱动
访问控制
Secure domain
Secudty classification identifies
Filter driver
Access Control
