|
|||||
|
|
| 基于扩展BLP模型的强制存取控制的研究与实现 | |
| 引用本文: | 王琨,孙超,文峰,张霞.基于扩展BLP模型的强制存取控制的研究与实现[J].沈阳理工大学学报,2006,25(2):19-22. |
| 作者姓名: | 王琨 孙超 文峰 张霞 |
| 作者单位: | 1. 东软信息技术学院,信管系,辽宁,大连,116023 2. 东北大学 3. 沈阳理工大学 |
| 摘 要: | 在现有的安全系统中,BLP(Bell&Lapadula)模型是最广泛使用的一种,它包括强制存取控制和自主存取控制两部分.但是BLP模型的“向下读”和“向上写”的存取规则严重影响了系统的可用性和灵活性.针对上述缺陷和实际应用需要,文中采用将主体划分为属于普通用户域和特权域主体、并为特权域主体授予特权以及修改读写规则手段对BLP模型进行扩展.经过证明,扩展后的BLP模型不仅增强了数据库系统的机密性而且增强了可用性. |
| 关 键 词: | BLP模型 安全级别 强制存取控制 多级安全数据库 |
| 文章编号: | 1003-1251(2006)02-0019-04 |
| 修稿时间: | 2005年10月13 |
Research and Implementation of Mandatory Access Control Based on the Extended BLP Model |
|
| WANG Kun,SUN Chao,WEN Feng.Research and Implementation of Mandatory Access Control Based on the Extended BLP Model[J].Transactions of Shenyang Ligong University,2006,25(2):19-22. | |
| Authors: | WANG Kun SUN Chao WEN Feng |
| Affiliation: | WANG Kun~1,SUN Chao~2,WEN Feng~3 |
| Abstract: | Among the currently existing security systems,Bell & Lapadula(BLP) is mostly used,which consists of both mandatory and discretionary access controls.However,the access rule of "Read Down" and "Write Up" of the BLP model seriously affects its usability and flexibility of the system.Considering the afore-mentioned defects and actual application requirements,a method to extend BLP model is introduced by dividing the subject into general domain's subject and privileged domain's subject,authorizing the subject of the privileged domain and revising the access rules.It is proved that the extended BLP model can enhance both the confidentiality and usability of the database system. |
| Keywords: | BLP model security level mandatory access control multilevel secure database |
| 本文献已被 CNKI 万方数据 等数据库收录! | |