共查询到19条相似文献,搜索用时 546 毫秒
1.
该文研究非对称χ^≠-演算的基同余.文中引入一组L-互模拟关系,并确定基互模拟就是由L-互模拟定义导出的12个互异的互模拟关系中的最小关系,给出了某些L-互模拟的开模拟性质,利用开模拟性质引入开基互模拟概念,并证明开基互模拟与基互模拟是一致的,构造了基于基同余的可靠和完备的等式系统,最后给出了基同余的完备性定理. 相似文献
2.
协作系统的动态特性要求特定访问主体能够在安全监控下自主地进行访问主体角色关系配置.在研究开发的扩展的基于角色访问控制模型的基础上,应用对象建模方法对模型应用的关键问题提出了解决方案,包括一致性问题、动态监控、约束处理、安全控制等.该研究为扩展的角色的访问控制模型的实际应用提供指导,它可以应用到大型复杂系统,特别适用于动态协作系统,结合认证技术,可以实现大型复杂系统的安全保护. 相似文献
3.
文中提出了一种防火墙系统的安全模型,该模型构筑在防火墙系统的安全服务基础之上,将安全模型抽象为若干安全服务的集合并用形式化的方法进行了描述,着重描述了安全服务的动态特性,安全模型的动态特性以及安全模型和防火墙系统之间的相互关系,提出了安全服务的双向性及关键服务集的概念,该模型在已实现的分布式动态防火墙原型系统中得到了验证。 相似文献
4.
基于角色的工作流系统访问控制模型 总被引:8,自引:0,他引:8
工作流技术在办公自动化、电子商务、电子政务等领域得到广泛关注,工作流系统的安全问题变得日益突出.访问控制是工作流系统安全机制的重要环节.本文在NIST推荐的标准RBAC模型的基础上,结合实际情况,提出一种基于角色的工作流系统访问控制模型WRBAC.该模型描述了用户、角色、许可、活动等要素之间的关系,给出了静态和动态授权约束规则,能有效防止重要信息的泄漏和商业欺诈,满足工作流系统对访问控制的需求. 相似文献
5.
6.
7.
8.
安全协议的扩展Horn逻辑模型及其验证方法 总被引:5,自引:1,他引:5
分析了Bruno Blanchet和Martin Abadi提出的基于Horn逻辑的安全协议模型及其验证方法,针对它们构造不满足安全性质的安全协议反例的不足,提出了安全协议的扩展Horn逻辑模型和修改版本的安全协议验证方法,使得能够从安全协议的扩展Horn逻辑模型和修改版本的安全协议验证过程中自动构造不满足安全性质的安全协议反例.在基于函数式编程语言Objective Carol开发的安全协议验证工具SPVT中,实现了上述算法,验证了算法的正确性. 相似文献
9.
10.
一种多层次特权控制机制的设计与实现 总被引:1,自引:0,他引:1
特权控制机制是高安全等级操作系统中一个重要的组成部分,它能够提供系统恰当的安全保证级.给出了在自主开发的、符合GB17859—1999第4级“结构化保护级”的安胜安全操作系统中实现的一种多层次特权机制,它在用户管理层、主体功能层和程序文件3个层次实现特权控制和管理.该机制的实现使系统满足了RBAC的角色职责隔离、DTE域的动态功能隔离和POSIX标准的特权最小化等安全性质,证明以这种受控的方式使用特权可以有效地保证系统的安全性. 相似文献
11.
一个通用PDM安全管理模型及实现 总被引:10,自引:1,他引:9
首先分析了国内外PDM系统安全管理策略的不足之处,详细介绍了PDM系统的安全策略、聚类静态安全模型、基于Petri网的动态安全模型、层次型分布安全模型和缺省安全模型,并给出相应的算法;最后,结合ZD-PDM系统给出了所述的安全模型的实现技术,并讨论了模型尚需进一步研究的问题。论文所述模型不仅适用于PDM系统,而且对于现有的其它管理信息系统也有重要的意义。 相似文献
12.
Harold Lorin 《Computer Communications》1985,8(6):293-298
Interest in the security of information systems has increased partly because of evolving systems maturity, and partly in response to dramatic intrusions into major systems. These have included intrusions by amateur ‘hackers’ which, although embarrassing have caused no substantial damage. Intrusions from employees are far more damaging but have not been widely publicized. The paper describes the US government's security policy and its implications for private organizations. A security policy is basic to the concept of security and defines the manner in which an information system can access and manipulate data. Protection mechanisms which enforce security policies are discussed. Mandatory and discretionary policies which form a particular security policy are outlined. The characteristics of a formal security model are also defined, and the design of a secure operating system is discussed. The present status of information systems security is outlined. 相似文献
13.
提出一种基于类型推理的移动Ad-Hoc网络安全路由协议的形式化验证方法.定义了一种邻域限制通信演算NCCC(neighborhood-constrained communication calculus),包括演算的语法和基于规约的操作语义,在类型系统中描述了移动Ad-Hoc网络路由协议的安全属性,定义了近似攻击消息集用以精简Dolev-Yao攻击模型.还给出了该方法的一个协议验证实例.基于类型推理,该方法不仅能够验证协议的安全性,也可以得出针对协议的攻击手段.因为攻击集的精简,有效地缩减了推理空间. 相似文献
14.
15.
Security (in the sense of confidentiality) properties are properties of shared systems. A suitable model of shared systems, in which one can formally define the term security property and then proceed to catalog several security properties, is presented. The purpose is to present various information-flow properties in a manner that exposes their differences and similarities. Abstraction is the main tool, and everything that is not central to the purpose is discarded. The presentation is generic in the model of computation. The abstraction lays bare a regular structure into which many interesting information-flow properties fall. A shared system is represented by a relation. How this model lets one reason about information flow is discussed and the term information flow property is formally defined. Various information-flow properties are described. Composability and probabilistic security properties are addressed 相似文献
16.
C. O. NWANKPA S. M. SHAHIDEHPOUR Z. SCHUSS 《International journal of systems science》2013,44(11):2097-2115
A stochastic approach to the security evaluation of a dynamic system is presented. The mean first passage time (MFPT) of a multi-dimensional system from its domain of attraction is defined as a security measure, and a closed form expression for the asymptotic estimate of the MFPT is derived. The proposed method encompasses various multi-dimensional dynamic systems, and the analysis of a power system model is used as a case study. The power system is represented by a multi-bus constant voltage, constant impedence model, and the assumption of low damping is waived to widen the application of the results. In this study, small perturbations in dynamic systems have been modelled as weak wideband gaussian coloured noises. Corresponding sensitivity results for a 19-bus power system are presented. 相似文献
17.
18.
The uniform stability of discrete-time switched linear systems, possibly with a strongly connected switching path constraint, and the existence of finite-path-dependent dynamic output feedback controllers uniformly stabilizing such a system are both shown to be characterized by the existence of a finite-dimensional feasible system of linear matrix inequalities. This characterization is based on the observation that a linear time-varying system is uniformly stable only if there exists a finite-path-dependent quadratic Lyapunov function. The synthesis of a uniformly stabilizing controller is done without conservatism by solving any feasible system of linear matrix inequalities among an increasing family of systems of linear matrix inequalities. The result carries over to the almost sure uniform stabilization of Markovian jump linear systems. 相似文献
19.
针对云环境缺乏安全性评估的问题,提出一种评估系统安全性的建模方法,并建立了云环境下的安全性-性能(S-P)关联模型。首先,针对云系统中最重要的组成部分,即虚拟机,建立了评估其安全性的模型,该模型充分反映了安全机制和恶意攻击两个安全因素对虚拟机的影响;随后基于虚拟机与云系统之间的关系,提出评估云系统安全性的指标;其次,提出一种分层建模方法来建立S-P关联模型。利用队列理论对云计算系统的性能进行建模,然后基于贝叶斯理论和相关分析建立了安全性和性能之间的关联关系,并提出评估复杂S-P相关性的新指标。实验结果验证了理论模型的正确性,并揭示了安全因素引起的性能动态变化规律。 相似文献