The paper extracts the concept of Centralization Group Decision Making(CGDM) and Decentralization Group Decision Making(DGDM) from management systems on bases of studies on Informational Centralization Process(ICP) an...The paper extracts the concept of Centralization Group Decision Making(CGDM) and Decentralization Group Decision Making(DGDM) from management systems on bases of studies on Informational Centralization Process(ICP) and Informational Decentralization Process(IDP), then the similarities and differences between CGDM and DGDM are presented. Further, the taxonomy of CGDM and DGDM is researched.展开更多
Flume, which implements decentralized information flow control (DIFC), allows a high security level process to "pre-create" secret files in a low security level directory. However, the pre-create mechanism makes s...Flume, which implements decentralized information flow control (DIFC), allows a high security level process to "pre-create" secret files in a low security level directory. However, the pre-create mechanism makes some normal system calls unavailable, and moreover, it needs priori knowledge to create a large quantity of objects, which is difficult to estimate in practical operating systems. In this paper, we present an extended Flume file access control mechanism, named Effect, to substitute the mechanism of pre-create, which permits write operations (create, delete, and rename a file) on directories and creates a file access virtual layer that allocates operational views for each process with noninterference properties. In the end, we further present an analysis on the security of Effect. Our work makes it easier for multi-user to share confidential information in decentralized information flow control systems.展开更多
基金This work is supported by National Natural Science Foundation of China (79870 0 71)
文摘The paper extracts the concept of Centralization Group Decision Making(CGDM) and Decentralization Group Decision Making(DGDM) from management systems on bases of studies on Informational Centralization Process(ICP) and Informational Decentralization Process(IDP), then the similarities and differences between CGDM and DGDM are presented. Further, the taxonomy of CGDM and DGDM is researched.
基金Supported by the National Natural Science Foundation of China(61003268,61103220,91118003,61173138,61170022)Hubei Provincial Natural Science Foundation(2010CDB08601)The Fundamental ResearchFunds for the Central Universities (3101038,274629)
文摘Flume, which implements decentralized information flow control (DIFC), allows a high security level process to "pre-create" secret files in a low security level directory. However, the pre-create mechanism makes some normal system calls unavailable, and moreover, it needs priori knowledge to create a large quantity of objects, which is difficult to estimate in practical operating systems. In this paper, we present an extended Flume file access control mechanism, named Effect, to substitute the mechanism of pre-create, which permits write operations (create, delete, and rename a file) on directories and creates a file access virtual layer that allocates operational views for each process with noninterference properties. In the end, we further present an analysis on the security of Effect. Our work makes it easier for multi-user to share confidential information in decentralized information flow control systems.
