基于Clark-Wilson完整性策略的安全监视模型

传统的计算机设计系统的安全监视功能存在日志数据冗余和异常线索检测时延过长等固有问题.由于安全监视功能的日志数据项主要是由系统实施的安全策略所决定,所以采用关系模式,通过形式地描述、分析著名的Clark-Wilson完整性策略,从而精确确定了与各条策略相关的最小日志项集,然后将其应用于基于Clark-Wilson完整性策略的形式化安全监视模型(CW-SMM).该模型不但可以有效解决Clark-Wilson安全策略适用系统的日志数据冗余问题,而且也可以彻底解决异常线索检测中的时延问题.

A Secure Monitoring Model Based on the Clark-Wilson Integrity Policies

The redundant data in log files and the delay for detecting abnormal trails are the inherent problems existing in the traditional secure monitoring subsystem of a computer system. In this paper, it is identified that the system security policies determine the logging data items in a secure monitoring function. By formally describing and analyzing the famous Clark-Wilson integrity policies with the corresponding relation patterns, the minimal logging data items set involved in these security policies is precisely determined. A formal secure monitoring model based on Clark-Wilson integrity policies (CW-SMM) is proposed. The CW-SMM has the characteristics of both minimal logging data and auto-detecting of the system abnormal trails in time, and can thoroughly solve the problems mentioned above.