系统安全管理评估的一种改进模型

A new Model for System Security Management and Evaluation

系统安全一直以来是多用户系统设计和管理的重点。常用的模型多以用户为研究单位,采用认证和权限矩阵关联的方法达到限制用户对资源的获取控制。这种方法存在颗粒度较粗等弊病,常常为恶意用户所利用。该文提出一种以进程—资源关系作为研究对象的模型,尝试精确地量化用户行为,并能动态检测用户进程和资源状况。文章第三,四节是模型的详细说明,第五节提出了模型在系统中的应用。

Multi-user system's security is always an emphasis for system designing and managing.Usually applied method is based on user objects.It uses authentication and privilege matrix to control access to certain resources.However this kind of methods suffer from coarse granularity and something alike.So They are often took advantage of by malicious users.In this article we put forward another method based on process-resource relationship.We try to indicate the users' behavior with more accurate measurement and dynamically examine processes and resources.In the third and fourth part of this article is the detailed explain about this model.And In the5th section we provide a way to use it in a real system.