摘要
多级安全是一种支持不同权限的用户和资源同时访问系统,同时确保用户和资源都只能访问其有权访问的信息的机制。在云计算中,不同用户或企业的虚拟机可能运行在同一台物理主机上,它们通常具有不同的安全等级,因此实现多级安全访问控制对保护虚拟机间的通信非常有意义。针对这一问题,文章通过对传统的BLP安全模型的模型元素、安全公理和状态转换规则进行修改,构建了适用于虚拟机环境的强制访问控制安全模型,借助SELinux技术,通过共享内存和授权表的方式实现了虚拟环境中的多级安全强制访问控制,有效增强了虚拟机之间、虚拟机与宿主机之间的访问的安全性。
Multileve l security is a mechanism that supports the simultaneous access o f users and resources w ith different privileges, w hile ensuring that both users and resources can access the inform ation that they have access to. In the cloud computing, the virtual machines that belonging to different users or enterprises may run on the same physical host, usually they have different levels o fsecurity. So it is very meaningful to implement m ultilevel secure access control policy to protect thevirtual machine communication. In reaction to the phenomenon, mandatory access control security modelthat suitable fo r the virtual machine environment was b u ilt by m odifying the model elements, security axioms and state transition rules o f the traditional BLP security model. By using SELinux technology through shared memory and authorization table way, the m ultilevel security mandatory access control in the virtual environment was realized, that effectively enhance access security between the virtual machine and virtual machine w ith the host machine.
作者
池亚平
姜停停
戴楚屏
孙尉
CHI Yaping;JIANG Tingting;DAI Chuping;SUN Wei(Communication Engineering Department, Beijing Electronic Science and Technology Institute, Beijing 100070,China;School of Communications Engineering, Xidian University, XVan Shaanxi 710071, China)
出处
《信息网络安全》
2016年第10期1-7,共7页
Netinfo Security
基金
北京市自然科学基金[416307]
中央高校基本科研业务费[328201537]
关键词
云计算
虚拟机
BLP
强制访问控制
cloud computing
virtual machine
BLP
mandatory access control
