基于Web操作系统的移动瘦终端多安全策略模型

高安全级移动办公对信息系统不断提出更高的安全需求,在此背景下出现了瘦终端(Thin-Client)解决方案。其采用云存储、分布式终端系统和集中管理,为用户提供了更好的安全性。当前的主要技术包括虚拟桌面和Web终端,其中前者是主流。近年来,Web操作系统(Web OS)的发展促使Web终端受到业界重视,但Web OS还存在机密性和完整性保护不足的问题。基于Web OS系统的特点抽象建模,提出了混合机密性模型BLP和完整性模型Biba的多安全策略模型。首先利用格将机密性标签、完整性标签和范畴集合相结合,解决了BLP与Biba信息流相反的问题；然后提出可信主体的最小特权原则来进一步约束可信主体的权限,并给予特定可信主体临时权限,以提高灵活性和可用性；最后分析模型的安全性和适用性。

Multi-policy Security Model of Mobile Thin Client Based on Web Operating System

High-security mobile office has put forward growing security requirements on information systems.In this context,thin-client based solution exists.The solution takes the advantages of cloud storage,distributed terminal system and centralized management,and provides better safeguard for users.Nowadays,the main technologies of thin client are virtual desktop infrastructure (VDI) and Web-client,in which the former is the mainstream,while the latter has received widespread attention with the development of Web-based operating system (Web OS).However,there are some problems,including lower confidentiality and integrity in the existing Web OSes.Based on the abstract modeling of Web OS,this paper proposed a hybrid model by mixing BLP model and Biba model.In order to solve the collision of information flow,a lattice structure was introduced.Since information flow model has no constraints on trusted subjects,the principle of least privilege on trusted subject was promoted.To improve the flexibility and availability,a special trusted subject was authorized to change the security level temporarily.Finally,the security and applicability were analyzed.