期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

安全操作系统授权撤销机制的研究

Research of Revoking Mechanism of Authorization in Secure Operating System
下载PDF
导出
摘要 1引言 为保障系统的安全性,现代信息系统都采用了基于访问控制的安全机制.访问控制包含身份认证、授权和审计等功能,其基本思想一般是采用引用监视器来拦截用户进程的系统调用操作,通过安全策略匹配检查,授予或拒绝用户访问敏感信息的权限. Revoking operation is a very important component of access control. The lack of effective revoking operation impinges on supporting dynamic security policies in secure operation system. Analyzing authorization system,this paper presents a revoke policy which supports cascade and noncascade revocation. The policy adopts Hash authorization list and critical-based callback function to implement revocation of point to point and point to plane. Our experiments in security kernel show the mechanism is feasible,which provides the basis of further researching dynamic security policies in secure operation system.
作者 吴新勇 熊光泽
机构地区 电子科技大学计算机科学与工程学院
出处 《计算机科学》 CSCD 北大核心 2003年第10期89-92,共4页 Computer Science
关键词 安全操作系统 授权撤销机制 授权选项方式 计算机系统 Secure operating system, Access control,Authorization system,Revocation of permissions
分类号 TP316 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献12

  • 1吴新勇,熊光泽.支持动态策略的安全核(Security Kernel)机制的研究[J].计算机科学,2002,29(11):154-156. 被引量:3
  • 2Majetic I, Leiss E L. Authorization and Revocation in Object-Oriented Databases. IEEE Trans. on Knowlegde and Data Engineering, 1997,19(4).
  • 3Bertino E, Jajodia S, Samarati P. A Non-Timestamped Authorization Model for Relational Databases. In:Proc. of the 3rd ACM Conf. on Computer and Communications Security, New Delhi, India,1996. 169~178.
  • 4Hagstrom A, et al. Revocations-A Classification. In: 14th IEEE Computer Security Foundations Workshop (CSFW'01), 2001.
  • 5Secure Computing Corporation. DTOS Lessons Learned Report.DTOS CDRL A008,June 1997.
  • 6Spencer R, et al. The Flask Security Architecture: System Support for Diverse Security Policies. In:Proc. of the 8th USENIX Security Symposium, Aug. 1999.
  • 7Loscocco P, Smalley S. Integrating Flexible Support for Security Policies into the Linux Operating System, [NSA Technical Report]. http: // www. nsa. gov/selinux/slinux-abs. html,October, 2000.
  • 8Hawblitzel C, yon Eicken T. Type System Support for Dynamic Revocation. ACM SIGPLAN Workshop on Compiler Support for System Software, May 1999.
  • 9Housley R, et al. Internet X, 509 Public Key Infrastructure Certificate and CRL Profile. RFC 2459, Jan. 1999.
  • 10Cooper D A. A more efficient use of delta-CRLs. In:Proc. of the 2000 IEEE Symposium on Security and Privacy,May 2000. 190~202.

二级参考文献14

  • 1NCSC. Trusted Computer System Evaluation Criteria. Department of Defence U.S.A. 1985. DoD .5200. 28-STD
  • 2Trusted Information Systems, Inc. Trusted Mach System Architecture. Oct. 1 995
  • 3Key Logic, Inc. Introduction to KeySAFE. Key Logic Document SEC009
  • 4Secure Computing Corporation. DTOS Lessons Learned Report. DTOS CDRL A008,June 1997
  • 5Loscocco P,Smalley S. Integrating Flexible Support for Security Policies into the Linux Operating, NSA Labs, Jan. 2001
  • 6中软安全增强Linux.http:∥linux.cosix.com.cn
  • 7King R. Safety kernel enforcement of software safety policies: [Doctor Thesis]. USA: University of Virginia ,1995
  • 8Graham G S,Denning P J. Protection - principles and practice. In: Proc. AFIPS 1972 SJCC, AFIPS Press, 1972,40:417~429
  • 9Bell D E,La Padula L J. Secure computer systems: Mathematical foundations and model: [Technical Report M74-244]. The MITRE Corporation, May 1973
  • 10O'Brien R C,Rogers C. Developing applications on LOCK. In: Proc. 14th National Computer Security Conf. Washington, DC, Oct. 1991. 147~156

共引文献2

计算机科学
2003年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部