Please wait a minute...
浙江大学学报(工学版)
J4  2009, Vol. 43 Issue (8): 1377-1382    DOI: 10.3785/j.issn.1008-973X.
计算机科学技术     
支持动态调节的保密性和完整性统一模型
黄勇,陈小平,陈文智,姜励,潘雪增
(浙江大学 计算机科学与技术学院, 浙江 杭州 310027)
Dynamically modified union model combining confidentiality and integrity
 HUANG Yong, CHEN Xiao-Ping, CHEN Wen-Zhi,JIANG Li, PAN Xue-zeng
College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China
 全文: PDF(679 KB)   HTML
摘要:

针对简单结合BLP模型和Biba模型导致系统不具可用性的问题,提出了一种基于多级安全策略的保密性和完整性统一模型.以保密性和完整性作为安全模型的2个维度将主体的安全标识扩充为分离的读写权限区间,根据客体的安全标识和主体访问的历史过程,通过一定的安全转换规则动态调节主体的访问范围,实现BLP模型和Biba模型的有机结合,不仅保证了系统的保密性和完整性,而且使系统具有相当的灵活性和实用性.形式化描述了模型,并对模型的安全性进行相应的分析和证明.通过实例说明了模型的有效性和可用性.
Abstract:

To resolve the problem that the simple combination of BLP and Biba models will lead to poor availability, a confidentiality and integrity dynamic union model based on multi-level security (MLS) policy was presented. The two dimensions of secure model are composed of confidentiality and integrity, on which the security label is separated into write privilege range and read privilege range respectively, whereupon subject’s access range is adjusted dynamically according to the security label of related objects and the history situation of the subject’s access, improving the agility and practicability of the model. The formal definition  of this model was given, and the security was also analyzed with proof. Finally, examples were illuminated to show the effectiveness and usability of this model.
出版日期: 2009-09-28
:  TP 309  
基金资助:

国家“863”高技术研究发展计划资助项目(2006AA01Z431);浙江省重大科技专项重点资助项目(2007C11068,2007C11088)
通讯作者: 陈文智,男,副教授.     E-mail: chenwz@zju.edu.cn
作者简介: 黄勇(1979-),男,广西忻城人,博士生,从事信息安全相关领域研究.
服务  
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章  

引用本文:

黄勇, 陈小平, 陈文智, 等. 支持动态调节的保密性和完整性统一模型[J]. J4, 2009, 43(8): 1377-1382.

HUANG Yong, CHEN Xiao-Ping, CHEN Wen-Zhi. Dynamically modified union model combining confidentiality and integrity. J4, 2009, 43(8): 1377-1382.

链接本文:

http://www.zjujournals.com/eng/CN/ 10.3785/j.issn.1008-973X.        http://www.zjujournals.com/eng/CN/Y2009/V43/I8/1377

[1] BELL D E, LAPADULA L J. Secure computer systems: a mathematical model [R]. Bedford: ESD-TR-73-278, 1973.

[2] BELL D E, LAPADULA L J. Secure computer system: unified exposition and multics interpretation [R]. Bedford:  MTR-2997 Rev. 1, 1976.

[3] BIBA K J. Integrity considerations for secure computer systems [R]. Bedford: ESD-TR-76-732, 1977.

[4] 石文昌,梁洪亮,孙玉芳. 主体当前敏感标记动态确定方案研究[J]. 电子学报, 2001, 29(8): 1046-1049.

SHI Wen-chang, LIANG Hong-liang, SUN Yu-fang. On scheme for dynamic determination of subject’s current sensitivity label [J]. Acta Electronica Sinica, 2001, 29(8): 1046-1049.

[5] LIU Yi-he, CHEN Xing-shu. A new information security model based on BLP model and BIBA model [C]∥ The 7th International Conference on Signal Processing. Beijing: IEEE, 2004: 2643-2646.

[6] 蔡谊,郑志蓉,沈昌祥. 基于多级安全策略的二维标识模型[J]. 计算机学报, 2004, 27(5): 619-624.

CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang. A planar attributes model based on multi level security policy [J]. Chinese Journal of Computers, 2004, 27(5): 619-624.

[7] 黄强,沈昌祥,陈幼雷,等. 基于可信计算的保密和完整性统一安全策略[J]. 计算机工程与应用, 2006, 42(10): 15-18.

HUANG Qiang, SHEN Chang-xiang, CHEN You-lei, et al. Secrecy/integrity union MLS policy based on trusting computing [J]. Computer Engineering and Applications, 2006, 42(10): 15-18.

[8] 李益发,沈昌祥. 一种新的操作系统安全模型[J]. 中国科学(E辑:信息科学), 2006, 36(4): 347-356.

LI Yi-fa, SHEN Chang-xiang. A new security model for operating system [J]. Science in China (E: Information Sciences), 2006, 36(4): 347356.

[9] 周正,刘毅,沈昌祥. 一种新的保密性与完整性统一安全策略[J]. 计算机工程与应用, 2007, 43(34): 1-2.

ZHOU Zheng, LIU Yi, SHEN Chang-xiang. New kind of secrecy/integrity union policy [J]. Computer Engineering and Applications, 2007, 43(34): 1-2.

[10] 张俊,周正,李建,等. 基于MLS策略的机密性和完整性动态统一模型[J]. 计算机工程与应用, 2008, 44(12): 19-21.

ZHANG Jun, ZHOU Zheng, LI Jian, et al. Confidentiality and integrity dynamic union model on MLS policy [J]. Computer Engineering and Applications, 2008, 44(12): 19-21.

[11] GERHARD S, WOLFGANG R, AXEL S. Verification of a formal security model for multiapplicative smart cards [C]∥ Proceedings of the 6th European Symposium on Computer Security. Toulouse: Springer-Verlag, 2000: 17-36.

[12] SCHWAN M. An extended model of security policy for multi-applicative smart cards [C]∥ Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security. New York: ACM, 2007: 226-233.

[13] 毛韡锋,平玲娣,姜励,等. 安全操作系统的设计[J]. 计算机工程, 2006, 32(12): 179-181.

MAO Wei-feng, PING Ling-di, JIANG Li, et al. Design of secure operating system [J]. Computer Engineering, 2006, 32(12): 179-181.
[1] 王友卫, 刘元宁, 朱晓冬. 用于图像内容认证的半脆弱水印新算法[J]. J4, 2013, 47(6): 969-976.
[2] 李卓,陈健,蒋晓宁,曾宪庭,潘雪增. 基于多域特征的JPEG图像盲检测算法[J]. J4, 2011, 45(9): 1528-1538.
[3] 姜励, 陈健, 平玲娣, 陈小平. 多线程程序的信息抹除和降密安全策略[J]. J4, 2010, 44(5): 854-862.
[4] 彭志宇, 李善平, 杨朝晖, 林欣. 信任管理中的匿名授权方法[J]. J4, 2010, 44(5): 897-902.