首页 | 本学科首页   官方微博 | 高级检索  
     

面向无传递性安全策略的语法信息流分析方法
引用本文:周从华,刘志锋,吴海玲,陈松. 面向无传递性安全策略的语法信息流分析方法[J]. 计算机科学与探索, 2011, 5(2): 179-192. DOI: 10.3778/j.issn.1673-9418.2011.02.008
作者姓名:周从华  刘志锋  吴海玲  陈松
作者单位:江苏大学,计算机科学与通信工程学院,江苏,镇江,212013
基金项目:国家自然科学基金,江苏省高校自然科学基金,江苏大学高级人才科研启动基金
摘    要:传统的语法信息流分析方法均基于实施机密性安全策略的信息流格模型,而格关系的传递特性使得该方法不能用来分析实施无传递性安全策略的系统的安全性。提出一种新的标识隐蔽信息流的语法信息流分析方法,该方法对实施具有传递性和无传递性安全策略的系统均适用。将信息流语义附加在每条语句之后,定义一种称为信息流时序图的图结构来刻画信息流发生的时序关系,给出了基于源程序的信息流时序图的构造方法,提出了一种基于时序图的隐蔽信息流的标识算法。另外,针对并发程序的并发特性,提出了一种简化信息流时序图的方法,在该方法下只要考虑并发进程之间特定的交互次序即可,而不需要考虑所有可能的交互方式。

关 键 词:隐通道  语法信息流分析  访问控制  保密性安全策略
修稿时间: 

Syntactic Information Flow Analysis Based on Nontransitive Security Policy
ZHOU Conghua,LIU Zhifeng,WU Hailing,CHEN Song. Syntactic Information Flow Analysis Based on Nontransitive Security Policy[J]. Journal of Frontier of Computer Science and Technology, 2011, 5(2): 179-192. DOI: 10.3778/j.issn.1673-9418.2011.02.008
Authors:ZHOU Conghua  LIU Zhifeng  WU Hailing  CHEN Song
Affiliation:School of Computer Science and Telecommunication Engineering, Jiangsu University, Zhenjiang, Jiangsu 212013, China
Abstract:The traditional syntactic information flow analysis is based on the lattice model such that the method can not be used to analyze the security of systems implementing the security policy not satisfying transitivity. This paper proposes a new information flow analysis approach. First, information flow semantics is attached to each statement of a program language. Then a graph structure called information flow temporal relation is defined to describe the temporal relation of information flow occurring, and a method of constructing the graph structure is presented. Fi-nally, based on the graph structure a covert information flow identification method is developed. In addition, ac-cording to the concurrency feature of concurrent programs, a method for reducing the information flow temporal relation is proposed. With the help of the method, it is sufficient to consider the special interleave order between concurrent processes instead of all interleave orders.
Keywords:covert channel  syntactic information flow analysis  access control  confidentiality security policy
本文献已被 CNKI 万方数据 等数据库收录!
点击此处可从《计算机科学与探索》浏览原始摘要信息
点击此处可从《计算机科学与探索》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号