共查询到20条相似文献,搜索用时 15 毫秒
1.
With new methods for enforcing security policies comes the opportunity to formulate application-specific policies. But leveraging that flexibility might prove a difficult problem, not only in practice, but also in theory. 相似文献
2.
A security property for trusted multilevel systems, restrictiveness, is described. It restricts the inferences a user can make about sensitive information. This property is a hookup property, or composable, meaning that a collection of secure restrictive systems when hooked together form a secure restrictive composite system. It is argued that the inference control and composability of restrictiveness make it an attractive choice for a security policy on trusted systems and processes 相似文献
3.
Even in the well-protected IBM MVS operating system users can force breaches in the standard protection mechanisms and obtain control over the entire installation regardless of RACF or TOP SECRET protection software. This paper encourages computing center management to appoint security officers to prevent and detect security violations. The need for these officers will be demonstrated as a consequence of the violations shown. 相似文献
4.
Multilevel security (MLS) is specifically created to protect information from unauthorized access. In MLS, documents are assigned to a security label by a trusted subject e.g. an authorized user and based on this assignment; the access to documents is allowed or denied. Using a large number of security labels lead to a complex administration in MLS based operating systems. This is because the manual assignment of documents to a large number of security labels by an authorized user is time-consuming and error-prone. Thus in practice, most MLS based operating systems use a small number of security labels. However, information that is normally processed in an organization consists of different sensitivities and belongs to different compartments. To depict this information in MLS, a large number of security labels is necessary.The aim of this paper is to show that the use of latent semantic indexing is successful in assigning textual information to security labels. This supports the authorized user by his manual assignment. It reduces complexity by the administration of a MLS based operating system and it enables the use of a large number of security labels. In future, the findings probably will lead to an increased usage of these MLS based operating systems in organizations. 相似文献
5.
针对采用传统MLS模型实现的系统可用性和灵活性较低的问题,提出了一种基于动态安全级的MLS模型Dynamic MLS。模型使用由流入信息最高安全级和流出信息最低安全级组成的动态安全级代替传统BLP模型中的当前安全级,并依此对主体访问客体的行为进行更灵活的控制。模型在BLP模型11条规则的基础上对其中的5条规则进行了改进,并通过形式化方法证明了改进模型的正确性。最后给出了模型在增加linux系统安全性方面的应用。 相似文献
6.
一种基于互信的特权分离虚拟机安全模型研究 总被引:1,自引:0,他引:1
虚拟机的安全问题一直是关注的热点。传统管理域Dom0权限过大, 使用户的隐私受到威胁; 同时, 攻击者一旦攻破Dom0, 会给所有用户带来威胁。针对这些问题, 提出一种基于互信的特权分离(MTSP)安全模型, 对Dom0的特权进行分割, 将漏洞较多的设备驱动独立出来, 形成驱动域; 把影响用户隐私的操作分离, 为每个用户创建一个DomU管理域; 其余的形成Thin Dom0。系统的启动需要用户和虚拟机监控器共同来完成, 起到相互制约的作用。结合该模型, 给出了原型实现, 并且进行了安全性分析及性能测试。结果表明, 该模型可以有效地保护用户隐私, 分散安全风险, 并且隔离故障。 相似文献
7.
为了满足多密级、特殊密码环境下的Web服务安全性,分析了SOAP消息多密级安全的实现原理,提出了SOAP消息多密级安全标识协议和SOAP消息多密级安全保障协议,设计并实现了一个基于上述协议的SOAP消息安全模型.该模型利用多密级密码服务接入技术,实现了SOAP消息多密级安全保障,验证了多密级安全协议的完整性、可用性. 相似文献
8.
9.
Lu W.-P. Sundareshan M.K. 《IEEE transactions on pattern analysis and machine intelligence》1990,16(6):647-659
A model is presented that precisely describes the mechanism that enforces the security policy and requirements for a multilevel secure network. The mechanism attempts to ensure secure flow of information between entities assigned to different security classes in different computer systems connected to the network. The mechanism also controls the access to the network devices by the subjects (users and processes executed on behalf of the users) with different security clearances. The model integrates the notions of nondiscretionary access control and information flow control to provide a trusted network base that imposes appropriate restrictions on the flow of information among the various devices. Utilizing simple set-theoretic concepts, a procedure is given to verify the security of a network that implements the model 相似文献
10.
Summary. We set out a modal logic for reasoning about multilevel security of probabilistic systems. This logic contains expressions
for time, probability, and knowledge. Making use of the Halpern-Tuttle framework for reasoning about knowledge and probability,
we give a semantics for our logic and prove it is sound. We give two syntactic definitions of perfect multilevel security
and show that their semantic interpretations are equivalent to earlier, independently motivated characterizations. We also
discuss the relation between these characterizations of security and between their usefulness in security analysis. 相似文献
11.
对多级分布式的大型网络进行集中安全管理,可以有效提高网络的安全防御能力和安全管理效率,成为网络安全研究的一个迫切问题。阐述一种多级分布式安全管理系统(MD-SMSMultilevelandDistributedSecurityManagementSystem),首先描述其体系结构,然后讨论设备建模和应急处理等问题,最后以Worm_Sasser蠕虫为例,分析其网络协同防御能力。 相似文献
12.
为了提高分布式环境下多级安全实施的正确性和可行性,提出了一个分布式多级安全保护核心架构--分布式可信计算基(DTCB)。DTCB具有三层结构,包括系统层可信计算基、模块层可信计算基和分区层可信计算基,实现了从模块间、分区间到分区内部的逐步细化的信息流和访问控制,有效降低了分布式环境下多级安全实施的复杂性。最后,采用组合无干扰模型形式化证明了DTCB的安全性,结果表明,DTCB能够从整体上为分布式系统提供较好的多级安全保护。 相似文献
13.
14.
为基于不可信计算机系统来构建一个可信的多级安全(MLS)大系统,提出一种新型的跨域引用监视器及其多级安全模型。该跨域引用监视器采用现有的商业现货(COTS)产品,使用一个或多个独立的计算机,在两个或多个不同的网络之间,通过满足EAL7的单向传输硬件装置来连接。基于该跨域监视器实现了以数据为中心的多级安全模型。该模型允许信息从低密级网络流向高密级网络,也允许高密级网络把低密级数据发布给低密级网络,禁止高密级网络的高密级信息和无密级标记信息流向低密级网络,并已在分级保护的网络系统中成功应用。通过安全模型和安全策略的形式化描述和证明表明,基于该安全模型构建可信MLS大系统是可行的。 相似文献
15.
针对网格环境下用户和资源数量巨大所带来的管理困难、系统单点失效以及可扩展性差等问题,提出了一种基于自治系统的多级网格安全管理模型.该模型通过提取网格资源的共性进行自治系统的划分,根据用户访问资源的所属关系执行不同的安全策略.最后在软件平台下对该安全模型的性能进行了仿真和分析,测试结果表明,该模型对保障网格安全行之有效,有效地减小了管理服务器的负荷,缩短了授权时间,性能得到了提高. 相似文献
16.
Studies on employee responses to the information security policy (ISP) demands to show that employees who experience stress over the demands would resort to emotion-focused coping to alleviate the stress and subsequently violate the ISP. However, their intent to engage in problem-focused coping to meet the ISP demands and possibly reduce ISP violations has yet to be analysed. We argue that both types of coping responses coexist in employee responses to ISP demands and they together influence ISP violation intention. Drawing upon the Transactional Model of Stress and Coping, we examine how security-related stress (SRS) triggers inward and outward emotion-focused coping, and problem-focused coping to the ISP demands, which together influence employee ISP violations. We also examine how ISP-related self-efficacy and organisational support moderate the effects of SRS on coping responses. We surveyed 200 employees in the United States to test our model. The results indicate that SRS triggers all three coping responses, and ISP-related self-efficacy and organisational support reduce the effects of SRS on inward and outward emotion-focused coping. Problem-focused coping then decreases ISP violation intention, whereas inward and outward emotion-focused coping increases it. The model was further verified with ISP compliance as the outcome construct, which yielded consistent results. Understanding various coping responses to SRS and the factors that facilitate or inhibit the responses can assist managers in effectively designing and implementing the ISP to reduce employee ISP violations. 相似文献
17.
网络位置探测是基于行为的访问控制模型应用的关键问题之一.给出了ABAC的多级安全信息系统访问控制机制,提出了网络位置探测器架构,描述了网络逻辑位置探测原理以及网络物理位置探测原理,给出了依赖DHCP获取网络逻辑位置的方法与基于SNMP、MIB提取网络物理地址的方法.在此基础上,设计并实现了应用于多级安全信息系统的网络位置探测器,并给出了应用示例. 相似文献
18.
Yu Tai Wei Hu Hui-Xiang Zhang De-Jun Mu Xing-Li Huang 《Automatic Control and Computer Sciences》2016,50(5):361-368
Vulnerabilities such as design flaws, malicious codes and covert channels residing in hardware design are known to expose hard-to-detect security holes. However, security hole detection methods based on functional testing and verification cannot guarantee test coverage or identify malicious code triggered under specific conditions and hardware-specific covert channels. As a complement approach to cipher algorithms and access control, information flow analysis techniques have been proved to be effective in detecting security vulnerabilities and preventing attacks through side channels. Recently, gate level information flow tracking (GLIFT) has been proposed to enforce bittight information flow security from the level of Boolean gates, which allows detection of hardware-specific security vulnerabilities. However, the inherent high complexity of GLIFT logic causes significant overheads in verification time for static analysis or area and performance for physical implementation, especially under multilevel security lattices. This paper proposes to reduce the complexity of GLIFT logic through state encoding and logic optimization techniques. Experimental results show that our methods can reduce the complexity of GLIFT logic significantly, which will allow the application of GLIFT for proving multilevel information flow security. 相似文献
19.
20.
Zhiyong Tan Duo Liu Xuejun Zhuo Yiqi Dai Laurence T. Yang 《The Journal of supercomputing》2013,66(3):1243-1259
This paper presents the design and implementation features of Centralized Pervasive Computing Environment/Multilevel Security (CPCE/MLS), a multilevel security (MLS) system in pervasive computing environment deployed in Local area network (LAN) with a Mandatory Access Control (MAC) mechanism. By introducing the server-storage terminals and implementing the multilevel security access control mechanism based on the Bell–LaPadula model, process creation supervision, and an auditing mechanism, the CPCE/MLS system is able to provide the security guarantee of the whole computing environment. As such, each terminal is controlled under an integrated security policy. The performance test results show that the CPCE/MLS system, without optimization, generates great overhead but achieves significantly better performance after the cache mechanism is added in the monitor agent and in the hook driver. The system with the hook driver cache mechanism is able to achieve the 95.9% throughput of the native system with 8 K and 16 K requested data blocksize. 相似文献