首页 | 本学科首页   官方微博 | 高级检索  
     

基于本体的操作系统安全策略生成模型
引用本文:彭 飞,张 涛,徐伟光,赵 敏,秦恒加.基于本体的操作系统安全策略生成模型[J].计算机工程与应用,2018,54(2):114-118.
作者姓名:彭 飞  张 涛  徐伟光  赵 敏  秦恒加
作者单位:1.解放军理工大学 指挥信息系统学院,南京 210007 2.解放军理工大学 通信工程学院,南京 210007
摘    要:随着操作系统安全问题增多,用户对于操作系统的安全需求不断涌现,但是目前能够将用户的安全需求转换成现有操作系统上可配置的安全策略的方法很少。通过建立安全属性和系统调用的匹配关系,将安全属性作为授权系统调用的约束,提出一种基于本体的面向目标的操作系统安全策略生成模型。该模型可支持以白名单形式描述的安全需求的细化,将安全分析者的经验加入到模型中,在推理机的支持下,帮助执行从用户安全需求到具体安全策略的推理,和安全策略一致性检测。具体应用案例说明了该方法的可行性。

关 键 词:安全需求  操作系统  安全策略  本体  访问控制  

Security policy generation model of operating system based on ontology
PENG Fei,ZHANG Tao,XU Weiguang,ZHAO Min,QIN Hengjia.Security policy generation model of operating system based on ontology[J].Computer Engineering and Applications,2018,54(2):114-118.
Authors:PENG Fei  ZHANG Tao  XU Weiguang  ZHAO Min  QIN Hengjia
Affiliation:1.College of Command Information System, PLA University of Science and Technology, Nanjing 210007, China 2.College of Communication and Information Technology, PLA University of Science and Technology, Nanjing 210007, China
Abstract:With the increase of operating system security problems, the user’s security requirements toward operating system are increasing constantly, but at present there are few methods to translate user’s security requirements into security policies of current security model. By establishing matching relationship between security attributes and system calls, the security attributes are used as the constraint of authorization in system. An ontology based goal oriented model for the security policy generation of operating system is proposed. The model can support the refinement of security requirements which are described in terms of the white-list, the experience of security analysts will be added to the model. And the translation between users’ security requirements and specific security policies, and the consistency of security policy can be drawn via an OWL reasoner. The feasibility of the method is illustrated by a concrete study case.
Keywords:security requirement  operating system  security policy  ontology  access control  
点击此处可从《计算机工程与应用》浏览原始摘要信息
点击此处可从《计算机工程与应用》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号