经典BLP安全公理的一种适应性标记实施方法及其正确性

经典的 Bell & L a Padula( BL P)模型是在计算机安全系统中实现多级安全性 ( ML S)支持的基础 ,被视作基本安全公理 .结合以 L inux为基础的一个安全操作系统 ( RS- L inux)的开发 ,讨论抽象的 BL P安全公理在安全操作系统实现中的实际意义 .从理论上构造 BL P公理的一种新的实施方法 ( ABL P方法 ) ,并给出该方法的正确性证明 .ABL P方法主要由 3条访问控制规则构成 ,其特点是允许主体的当前敏感标记进行适应性调整 ,它以常规实施方法为基础 ,克服了常规实施方法在标记指派方面的不足 ,为安全判定增加了灵活性 .

AN ADAPTABLE LABELING ENFORCEMENT APPROACH AND ITS CORRECTNESS FOR THE CLASSICAL BLP SECURITY AXIOMS

The classical Bell & LaPadula (BLP) model, upon which the implementation of multilevel security (MLS) support in secure computer systems is based, is recognized as fundamental security axioms. With the development of a secure operating system, named RS-Linux, which is based on the Linux system, the practical significance of the abstract BLP security axioms in the implementation of a secure operating system is discussed. A new enforcement approach, named ABLP approach, for the BLP axioms is constructed theoretically. The correctness of the ABLP approach is proved. The ABLP approach, whose distinct characteristic is the adaptability of the current sensitivity label of a subject, mainly consists of three access control rules. It is an improvement on the basis of the ordinary enforcement approaches. Specifically, it overcomes the deficiencies of the ordinary enforcement approaches in subject label assignment and provides good flexibility for security decision.