支持动态策略的安全核(Security Kernel)机制的研究被引量：3

Research of Security Kernel Mechanism Supporting Dynamical Policies

下载PDF

导出

摘要 Security of information system requires a secure operation system. Security kernel meets the requirement and provides a bedrock to security of operation system. This paper extracts the deficiency of traditional security kernel, presents a security kernel mechanism supporting policy flexibility, simplified secure interface. It optimizes the performance by reused policy cache, provids a method to revoke granted permissions and assures the atomicity of revocation permissions and granting new permissions. As a result, all refinements help security kernel to improve its flexibility, extensibility and portability. Security of information system requires a secure operation system. Security kernel meets the requirement and provides a bedrock to security of operation system. This paper extracts the deficiency of traditional security kernel, presents a security kernel mechanism supporting policy flexibility, simplified secure interface. It optimizes the performance by reused policy cache, provids a method to revoke granted permissions and assures the atomicity of revocation permissions and granting new permissions. As a result, all refinements help security kernel to improve its flexibility, extensibility and portability.

作者吴新勇熊光泽

机构地区电子科技大学计算机科学与工程学院

出处《计算机科学》 CSCD 北大核心 2002年第11期154-156,140,共4页 Computer Science

基金国防预研项目基金

关键词安全操作系统动态策略安全核机制应用程序计算机 Security kernel, TCB, Policy flexibility, Permission revocation

分类号 TP316 [自动化与计算机技术—计算机软件与理论]

引文网络
相关文献

参考文献14

1NCSC. Trusted Computer System Evaluation Criteria. Department of Defence U.S.A. 1985. DoD .5200. 28-STD
2Trusted Information Systems, Inc. Trusted Mach System Architecture. Oct. 1 995
3Key Logic, Inc. Introduction to KeySAFE. Key Logic Document SEC009
4Secure Computing Corporation. DTOS Lessons Learned Report. DTOS CDRL A008,June 1997
5Loscocco P,Smalley S. Integrating Flexible Support for Security Policies into the Linux Operating, NSA Labs, Jan. 2001
6中软安全增强Linux.http:∥linux.cosix.com.cn
7黎忠文,熊光泽.安全(Safety)内核机制的研究与实现[J].计算机科学,2001,28(4):87-90. 被引量：3
8King R. Safety kernel enforcement of software safety policies: [Doctor Thesis]. USA: University of Virginia ,1995
9Graham G S,Denning P J. Protection - principles and practice. In: Proc. AFIPS 1972 SJCC, AFIPS Press, 1972,40:417～429
10Bell D E,La Padula L J. Secure computer systems: Mathematical foundations and model: [Technical Report M74-244]. The MITRE Corporation, May 1973

二级参考文献3

1王志平.硬实时操作系统研究：博士论文[M].成都：电子科技大学,2000..
2王志平，博士学位论文，2000年
3蒋继洪，计算机系统、数据库系统和通信网络的安全与保密，1995年

共引文献2

1黎忠文,李乐民.分布式控制系统防危体系的设计与实现[J].系统仿真学报,2001,13(S2):458-462.
2黎忠文,熊光泽,李乐民.分布式系统安全保障新体系的研究[J].电子学报,2003,31(4):564-568. 被引量：6

同被引文献23

1[2]Schneider F B. Enforceable security policies. ACM Transactions on Information and System Security (TISSEC), 2000,3 (1)
2[3]Badger L, et al. Practical Domain and Type Enforcementfor UNIX. In: Proc. of the 1995 IEEE Symposiumon Security and Privacy,Oakland,California,May 1995. 66～77
3[4]Ravi Sandhu. Role-based access control models. IEEE Computer,1996,29(2): 38～47
4[6]Bell D E,LaPadula L J. Secure Computer Systems : Mathematical Foundations : [ESD-TR-73-278]. Vol. Ⅰ, AD 770 768, Electronic Systems Division, Air Force Systems Command, Hanscom Air Force Base, Bedford, MA,USA, Nov. 1973
5[7]Biba. Integrity Considerations for Secure Computer Systems:[ESD-TR-76-372 ]. Electronic Systems Division, Air Force Systems Command,Hanscom Air Force Base,Bedford,MA,USA,Apr. 1977
6Majetic I, Leiss E L. Authorization and Revocation in Object-Oriented Databases. IEEE Trans. on Knowlegde and Data Engineering, 1997,19(4).
7Bertino E, Jajodia S, Samarati P. A Non-Timestamped Authorization Model for Relational Databases. In:Proc. of the 3rd ACM Conf. on Computer and Communications Security, New Delhi, India,1996. 169～178.
8Hagstrom A, et al. Revocations-A Classification. In: 14th IEEE Computer Security Foundations Workshop (CSFW'01), 2001.
9Secure Computing Corporation. DTOS Lessons Learned Report.DTOS CDRL A008,June 1997.
10Spencer R, et al. The Flask Security Architecture: System Support for Diverse Security Policies. In:Proc. of the 8th USENIX Security Symposium, Aug. 1999.

引证文献3

1吴新勇,熊光泽,桑楠.多安全策略集成性问题的分析与解决[J].计算机科学,2004,31(5):117-120.
2刘渊,赵强,姜建国,黄钧,崔蔚.一种主机系统可适应综合安全模型的研究[J].计算机应用研究,2004,21(11):139-141.
3吴新勇,熊光泽.安全操作系统授权撤销机制的研究[J].计算机科学,2003,30(10):89-92.

1黎忠文,熊光泽.安全核机制的分析[J].电子科技大学学报,2001,30(1):62-65. 被引量：4
2陈志平,雷航,杨霞,李欢.嵌入式安全操作系统的研究和实现[J].计算机工程,2007,33(1):83-85. 被引量：10
3吴志刚,Fang Binxing,Hu Mingzeng.Web-Based Computing Resource Agent Publishing[J].High Technology Letters,2000,6(4):46-49.
4Cao Zhongqing Zhou Benkuan Institute of Computational Engineering Science, Southwest Jiaotong University, Chengdu 610031, China.Object─OrientedFiniteElementProgramminginC＋＋[J].Journal of Modern Transportation,1996,13(1):79-90.
5新产品&工具[J].程序员,2008(11):122-123.
6黄天戍,李秀红.RTOS数据采集系统中实时处理与高速性的设计考虑[J].微计算机信息,2005,21(10S):95-97. 被引量：8
7李杰,李亚文,张锁平,张鹏.实时操作系统VxWorks在海洋观测系统的应用[J].海洋技术,2014,33(6):118-122. 被引量：1
8翟桂锋,曾庆凯.Flask结构对象管理器的通用设计与实现[J].中国电子商情（通信市场）,2010(3):95-98. 被引量：1
9Wen-Yong Wang Wen-Gang Han Yu Xiang.TaraxOS: An Operation System for Wireless Sensor Networks[J].Journal of Electronic Science and Technology of China,2009,7(3):202-206.
10阿军.Vista引导菜单是汉字的[J].网友世界,2006(21):33-33.

计算机科学

2002年第11期

浏览历史

内容加载中请稍等...

支持动态策略的安全核(Security Kernel)机制的研究被引量：3

参考文献14

二级参考文献3

共引文献2

同被引文献23

引证文献3

相关作者

相关机构

相关主题

浏览历史

支持动态策略的安全核(Security Kernel)机制的研究 被引量：3

参考文献14

二级参考文献3

共引文献2

同被引文献23

引证文献3

相关作者

相关机构

相关主题

浏览历史

支持动态策略的安全核(Security Kernel)机制的研究被引量：3