| 信息安全模型的研究及安全系统方案设计 |
| |
| 引用本文: | 黄益民,平玲娣,潘雪增.信息安全模型的研究及安全系统方案设计[J].浙江大学学报(自然科学版 ),2001,35(6):603-607. |
| |
| 作者姓名: | 黄益民 平玲娣 潘雪增 |
| |
| 作者单位: | 黄益民(浙江大学,计算机科学与工程系,浙江,杭州,310027)
平玲娣(浙江大学,计算机科学与工程系,浙江,杭州,310027)
潘雪增(浙江大学,计算机科学与工程系,浙江,杭州,310027) |
| |
| 基金项目: | 国家"八六三"应急计划资助项目(863-301-6-4);浙江省自然科学基金资助项目(600014). |
| |
| 摘 要: | 在探讨现有信息系统安全模型的基础上,分析了信息流模型、Bell-LaPadula(BLP)模型和Biba模型等访问控制模型的优缺点,并针对信息安全的现实要求,对安全模型进行了改进.提出了实现安全系统设计的安全、可靠、实用、兼容原则;并提供了一个安全系统的具体实现方案和安全系统的组成和功能,该安全系统结合强制访问控制、三权分立、安全审计、身份认证和自身安全保护等功能和技术,基本达到国家标准三级的安全要求和《TCSEC》标准的B1级安全要求,并已在典型操作系统Linux和WindowsNT上加以设计实现,取得了比较好的应用效果.
|
| 关 键 词: | 信息安全 安全模型 访问控制 |
| 文章编号: | 1008-973X(2001)06-0603-05 |
| 修稿时间: | 2000年4月25日 |
Research on information security model and security system design |
| |
| HUANG Yi-min,PING Ling-di,PAN Xue-zeng ,.Research on information security model and security system design[J].Journal of Zhejiang University(Engineering Science),2001,35(6):603-607. |
| |
| Authors: | HUANG Yi-min PING Ling-di PAN Xue-zeng |
| |
| Abstract: | After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application. |
| |
| Keywords: | information security security model access control |
| 本文献已被 CNKI 维普 等数据库收录! |
|
