期刊文献+

Xen混合多策略模型的设计与形式化验证

Design and Formal Verification of Xen Hybrid Multi-police Model
下载PDF
导出
摘要 Xen作为一种虚拟化工具因开源、高效等特点而受到越来越多的关注。作为Xen安全的基础,XSM决定了其安全性。原生XSM没有对系统资源进行安全分级,并且以虚拟机为管理对象使得Dom0作为一个唯一管理域不符合最小特权,文中设计了一种混合多策略模型SV_HMPMD。在该模型中,针对BLP引入多级安全标签,从而增加BLP的实用性,并通过DTE和RBAC对特权进行更细致的划分,从而对Dom0特权进行合理限制。提出了一种分层模型,利用该模型对混合模型进行形式化的描述。运用系统不变量构造访问规则的安全属性需求,通过Isabelle/HOL对模型设计与安全需求的一致性进行验证。 As a popular open-source virtualization tools,XEN has attracted more and more attention.XSM,as a Xen security model,determins its security.Native XSM does not carry on safe differentiated control design to system source and uses Dom0 as unique virtual machines administrative domain that does not meet minimum privileges.According to these questions,we designed a hybrid multi-police model named SV_HMPMD.In order to improve BLP's practicability,the model introduces multi-level security labels.In order to divide the privilege in detail,we combined DTE with RBAC.We designed a hierarchical model that describes SV_HMPMD by formal methods for xsm to verify the consistency between achievements and security requirements by the tools named Isabelle/HOL.
出处 《计算机科学》 CSCD 北大核心 2017年第10期134-141,共8页 Computer Science
基金 国家重点研发计划项目:协同精密定位技术(2016YFB0501900) 国家重点基础研究发展计划("973"计划)基金(2012CB315900)资助
关键词 SV_HMPMD 语义模型 形式化证明 Isabelle/HOL定理证明 SV_HMPMD,Semantic model,Formal p ro o f,Theorem proving of Is a b e l le /H O L
  • 相关文献

参考文献3

二级参考文献48

  • 1蔡谊,郑志蓉,沈昌祥.基于多级安全策略的二维标识模型[J].计算机学报,2004,27(5):619-624. 被引量:28
  • 2蔡远利,于振华,张新曼.多Agent系统形式化建模方法研究[J].系统仿真学报,2007,19(14):3151-3157. 被引量:10
  • 3周巢尘.形式语义学引论[M].长沙:湖南科学技术出版社,1985.
  • 4Abadi M,Budiu M, Erlingsson U,et al. Control-flowintegrity principles, implementations, and applications [J].ACM Trans on Information and System Security, 2009,13(1): 1-40.
  • 5Chen Ping, Xiao Hai,Shen Xiaobin, et al. DROP: Detectingreturn-oriented programming malicious code [C] //Proc of the5th Int Conf on Information Systems Security (ICISS'09).Berlin: Springer, 2009 : 163-177.
  • 6Chen Ping, Xiao Xing, Hao Han, et al. Efficient detection ofthe return-oriented programming malicious code [C] //Proc ofthe 6th Int Conf on Information Systems Security(ICISS,10).Berlin: Springer, 2010: 140-155.
  • 7Bevier W R. A verified operating system lernel [D]. Austin:University of Texas at Austin, 1987.
  • 8Klein G,Elphinstone K,Heiser G, et al. seL4: Formalverification of an OS kernel [C] //Proc of the 22nd ACMSymp on Operating Systems Principles ( SOSP'09 ). NewYork: ACM, 2009: 207-220.
  • 9Gargano M, Hillebrand M, Leinenbach D, et al. On thecorrectness of operating system kernels [G] //LNCS 3603 ?Proc of the 18th Int Conf on Theorem Proving in HigherOrVler Logics(TPHOLs,05). Berlin: Springer, 2005 : 1-16.
  • 10Stampoulis A,Shao Z. VeriML: Typed computation oflogical terms inside a language with effects [C] //Proc of the15th ACM SIGPLAN Int Conf on Functional Programming(ICFP’10). New York: ACM, 2010: 333-344.

共引文献14

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部