|
|||||
|
|
| 基于有限状态机的用户权限隔离模型 | |
| 引用本文: | 李健俊,蒋一翔,钱杰,李威,李瑜.基于有限状态机的用户权限隔离模型[J].计算机应用,2013,33(1):149-152. |
| 作者姓名: | 李健俊 蒋一翔 钱杰 李威 李瑜 |
| 作者单位: | 1. 浙江中烟工业有限责任公司 信息中心, 杭州 310009 2. 浙江中烟工业有限责任公司 宁波卷烟厂, 浙江 宁波 315040 3. 浙江中烟工业有限责任公司 杭州卷烟厂, 杭州 310008 4. 国家保密科技测评中心, 北京 100044 |
| 基金项目: | 国家核高基项目(2010ZX01037-001-001) |
| 摘 要: | 针对操作系统中的权限问题,提出了基于有限状态机(FSM)的用户权限隔离模型,将用户的授权访问行为刻画为一个有限状态机,任意用户的有限状态机都只能识别该用户的合法操作序列;同时,模型证明在用户权限交集的部分,即用户访问发生共享的点,容易出现权限窃取或者非法提升等安全问题。最终,利用有限状态机实现了对用户权限隔离的有效识别与判定。 |
| 关 键 词: | 最小特权 隔离 有限状态机 |
| 收稿时间: | 2012-07-05 |
| 修稿时间: | 2012-08-05 |
User permission isolation model based on finite state machine |
|
| LI Jianjun,JIANG Yixiang,QIAN Jie,LI Wei,LI Yu.User permission isolation model based on finite state machine[J].journal of Computer Applications,2013,33(1):149-152. | |
| Authors: | LI Jianjun JIANG Yixiang QIAN Jie LI Wei LI Yu |
| Affiliation: | 1. Information Centre, China Tobacco Zhejiang Industrial Company Limited, Hangzhou Zhejiang 310009, China 2. Ningbo Cigarette Factory, China Tobacco Zhejiang Industrial Company Limited, Ningbo Zhejiang 315040, China 3. Hangzhou Cigarette Factory, China Tobacco Zhejiang Industrial Company Limited, Hangzhou Zhejiang 310008, China 4. National Secrecy Science and Technology Evaluation Center, Beijing 100044, China |
| Abstract: | For privilege escalation problem in operating system, a user permission isolation model based on Finite State Machine (FSM) was proposed in this paper, which depicted the users' permissions as a FSM. A user's permission was mapped to a FSM, which was able to distinguish the legality of user's operation sequence. Besides, the model proved that it easily leaded to permission escalation at the shared permission points. Ultimately, through FSM, the model achieves effective identification and judgment of user permissions isolation. |
| Keywords: | least privilege isolation Finite State Machine (FSM) |
| 本文献已被 CNKI 等数据库收录! | |
| 点击此处可从《计算机应用》浏览原始摘要信息 | |
| 点击此处可从《计算机应用》下载全文 | |