摘要
安全标记与信息客体绑定,一直是制约多级安全走向网络实用化的关键问题。针对这一问题,提出了一种基于信息客体统一化描述的安全标记绑定方法。通过分析客体类型,给出了基于数据树的多类型客体的统一表示模型,据此基于数据树遍历给出了客体与安全标记绑定算法,并讨论了客体的相关操作及其访问控制机制的实施。该方法不仅可提高安全标记绑定的灵活性,实现多类型信息客体与安全标记绑定的统一,而且可实施更为细粒度的访问控制,解决系统间异构数据交换控制难的问题。
How to bind secure label to information object is always a key problem that restricts MLS from practicality on network.This paper puts forward a method for binding secure label to information object based on unified description of information object.Firstly,this method analyzes types of information objects,and establishes unified description model of multi-types information objects based data tree.Then,an algorithm about binding secure label to information object is given based on traversal of tree.Finally,operations on information object in multilevel security network are discussed.The method can not only unify the method of binding between multi-types information object and secure label,which may improve flexibility of binding,but also accomplish fine-grained mandatory access control,which may solve the problem that access control of heterogeneous data among multilevel secure system is more difficult.
作者
曹利峰
李海华
杜学绘
陈性元
CAO Lifeng;LI Haihua;DU Xuehui;CHEN Xingyuan(The PLA Information Engineering University, Zhengzhou 450004, China;The Henan Industry and Trade Vocational College, Zhengzhou 450001, China)
出处
《计算机工程与应用》
CSCD
北大核心
2017年第9期103-110,共8页
Computer Engineering and Applications
基金
国家自然科学基金(No.61502531)
国家高技术研究发展计划(863)(No.2012AA012704)
关键词
等级保护
多级安全
数据树
安全标记
标记绑定
classified security protection
Multilevel Security(MLS)
data tree
secure label
binding of secure label
