| 支持动态调节的保密性和完整性统一模型 |
| |
| 引用本文: | 黄勇,陈小平,陈文智,姜励,潘雪增.支持动态调节的保密性和完整性统一模型[J].浙江大学学报(自然科学版 ),2009,43(8):1377-1382. |
| |
| 作者姓名: | 黄勇 陈小平 陈文智 姜励 潘雪增 |
| |
| 作者单位: | (浙江大学 计算机科学与技术学院, 浙江 杭州 310027) |
| |
| 基金项目: | 国家“863”高技术研究发展计划资助项目(2006AA01Z431);浙江省重大科技专项重点资助项目(2007C11068,2007C11088) |
| |
| 摘 要: | 针对简单结合BLP模型和Biba模型导致系统不具可用性的问题,提出了一种基于多级安全策略的保密性和完整性统一模型.以保密性和完整性作为安全模型的2个维度将主体的安全标识扩充为分离的读写权限区间,根据客体的安全标识和主体访问的历史过程,通过一定的安全转换规则动态调节主体的访问范围,实现BLP模型和Biba模型的有机结合,不仅保证了系统的保密性和完整性,而且使系统具有相当的灵活性和实用性.形式化描述了模型,并对模型的安全性进行相应的分析和证明.通过实例说明了模型的有效性和可用性.
|
| 关 键 词: | 安全模型 BLP模型 Biba模型 多级安全策略 |
Dynamically modified union model combining confidentiality and integrity |
| |
| HUANG Yong,CHEN Xiao-Ping,CHEN Wen-Zhi,JIANG Li,PAN Xue-zeng.Dynamically modified union model combining confidentiality and integrity[J].Journal of Zhejiang University(Engineering Science),2009,43(8):1377-1382. |
| |
| Authors: | HUANG Yong CHEN Xiao-Ping CHEN Wen-Zhi JIANG Li PAN Xue-zeng |
| |
| Affiliation: | College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China |
| |
| Abstract: | To resolve the problem that the simple combination of BLP and Biba models will lead to poor availability, a confidentiality and integrity dynamic union model based on multi-level security (MLS) policy was presented. The two dimensions of secure model are composed of confidentiality and integrity, on which the security label is separated into write privilege range and read privilege range respectively, whereupon subject’s access range is adjusted dynamically according to the security label of related objects and the history situation of the subject’s access, improving the agility and practicability of the model. The formal definition of this model was given, and the security was also analyzed with proof. Finally, examples were illuminated to show the effectiveness and usability of this model. |
| |
| Keywords: | security model BLP model Biba model multi-level security policy |
|
| 点击此处可从《浙江大学学报(自然科学版 )》浏览原始摘要信息 |
|
点击此处可从《浙江大学学报(自然科学版 )》下载全文 |
|
