多级安全性政策的历史敏感性

History Sensitivity of the Multilevel Security Policies

对安全政策灵活性的支持是现代安全操作系统追求的目标之一,DTOS(distributed trusted operating system)项目提出了安全政策格的思想,为安全政策灵活性的研究提供了一种很好的手段.然而,DTOS项目给出的安全政策的格描述把多级安全性(multi-level security,简称MLS)政策认定为静态安全政策.首先,从理论上构造MLS政策的一个实施策略,说明MLS政策具有历史敏感性,从而具有动态特征,不能简单地作为静态安全政策对待.同时,给出所构造的实施策略的实现算法,说明该实施策略与常规实施策略具有相同的复杂度,是一个实用的实施策略.由此证明,可以找到合理、灵活、实用的实施策略,使MLS政策具有历史敏感性,从而证明把MLS政策认定为静态安全政策的不合理性.

Supporting for the security policy flexibility is one of the goals of modern secure operating systems. The DTOS (distributed trusted operating system) program put forth a concept of security policy lattice, which provides a good way for the research on security policy flexibility. However, it is claimed in the DTOS program抯 description of security policy lattice that MLS (multi-level security) policies are static policies. First, an enforcement scheme for a MLS policy is constructed theoretically, which shows that MLS policies are of history sensitivity and hence have dynamic characteristics, and so that MLS policies can not be simply taken as static policies. Then, an implementation algorithm for the constructed enforcement scheme is given. It is illustrated that the constructed enforcement scheme is of the same complexity as the ordinary enforcement scheme and so is an applicable scheme. As a result, it can be affirmed that reasonable, flexible and practically feasible schemes are available to make MLS policies to be of history sensitivity. Consequently, the improperness of the assertion that MLS policies are static policies is exhibited.