信息流格模型的非法流分析

随着互联网的发展以及网络空间地位的上升,信息的重要性与日俱增。为确保信息安全,对非法信息流的控制显得尤为重要。文中分析了信息流格模型中信息流动的安全性,为更好地对模型内部的信息流进行分类,首先,对信息流格模型进行线性化分析,使得模型被线性化表述,并将其称为线性信息流格模型。接着,引入马尔科夫链,并利用马尔科夫链的常返态属性和瞬时态属性的概率变化,来量化表示模型中主体和客体之间的转换状态,从而检测出模型内部的各个信息流。进一步地,根据模型内部的主体和客体分别对应的常返态与瞬时态的概率对比,分析每个信息流的安全状态,即:当模型检测中同时出现两个常返态时,违反了安全模型,从而导致非法信息流的出现。由于概率变化存在同一性,该方法会产生误差并影响其检测结果。为弥补这一不足,介绍了SPA语言,然后对线性信息流格模型进行了SPA语言的描述,并采用形式化中的无干扰方法对马尔科夫链模型内概率同一性的不足进行补充说明。最后,检测出其中隐藏的非法信息流,判断出含误差下各个信息流的安全状态,并得出结论:符合安全模型但违反安全策略的信息流不满足无干扰属性。这对信息流安全检测软件的设计及硬件应用具有重要意义。

Illegal Flow Analysis for Lattice Model of Information Flow

With the development of the Internet,the status of cyberspace has risen,and the importance of information is increasing.To ensure the security of information,it is particularly important for the control of illegal information flow.This paper analyzed the security of information flow in a lattice model of information flow,and classified the information flow inside the model better.Firstly,the linear analysis is done for the lattice model of the information flow,which is called a linear lattice model of information flow.Then,the Markov chain is introduced,the state attribute of the Markov chain is used,and the probability variation of the two states in the Markov chain is used to quantify the representation between the subject and the object in the model. Further,the security state of each information flow is analyzed by comparing the probability of the normal return state and the transient state corresponding to the internal body and the object respectively.That is to say,when two constant return states occur simultaneously in the model detection,the security model is violated,and an illegal information flow occurs.Due to the identity of the change in probability,the method produces errors and affects its detection results.In order to overcome this shortcoming,this paper introduced the SPA language,then described the SPA language of the linear information flow model,and used the non-interference method in formalization to make the lack of probability identity in the Markov chain model.Finally,the illegal information flow hidden in it is detected,the security state of each information flow with error is judged,and it is concluded that the information flow that conforms to the security model but violates the security policy does not satisfy the non-interference attribute.This is a major significance on software design and hardware application.