一种基于信息流控制的多级安全通道模型

A Multi-level Secure Channel Model Based on Information Flow Control

针对安全通信及多级安全访问控制应对网络通信数据等级保护这两种模型存在的缺陷,明确了安全通道、实体、安全客体、系统状态、安全系统等几个概念,定义了由创建、打开、读、写、关闭等构成的操作集,给出了安全通道操作、安全通道处理约束、安全标记调整等模型安全规则构成的安全通道操作规则集合,保证了通道操作、安全标记调整、信息流控制的可靠及安全,构建了一种基于安全标记的网络安全通信模型。对模型定理作了进一步的证明,提出一个模型实例,并与相关模型进行了性能对比,该模型具有通用性、灵活性等特点,实现了多级网络环境下不同密级信息流的隔离保护与安全传输。

Aiming at the defects of the two models of secure communication and multi-level secure access control dealing with the hierarchical protection of network communication data, we define several concepts, such as secure channel, entity, security object, system state and security system, and define the operation set composed of creation, opening, reading, writing and closing. Present a set of safe channel operation rules composed of safe channel operation, safe channel processing constraints, safe tag adjustment and other model safety rules to ensure the reliability and security of channel operation, safe tag adjustment and information flow control, and construct a safe network communication model based on security tag. The model theorem is further proved, a model example is presented, and the performance of the model is compared with that of the relevant model. The model has the characteristics of universality and flexibility, and realizes the isolation protection and secure transmission of different secret levels of information flow in multilevel network environment.