Please wait a minute...
浙江大学学报(工学版)
J4  2009, Vol. 43 Issue (8): 1377-1382    DOI: 10.3785/j.issn.1008-973X.
    
Dynamically modified union model combining confidentiality and integrity
 HUANG Yong, CHEN Xiao-Ping, CHEN Wen-Zhi,JIANG Li, PAN Xue-zeng
College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China
Download:   PDF(679KB) HTML
Export: BibTeX | EndNote (RIS)      

Abstract  

To resolve the problem that the simple combination of BLP and Biba models will lead to poor availability, a confidentiality and integrity dynamic union model based on multi-level security (MLS) policy was presented. The two dimensions of secure model are composed of confidentiality and integrity, on which the security label is separated into write privilege range and read privilege range respectively, whereupon subject’s access range is adjusted dynamically according to the security label of related objects and the history situation of the subject’s access, improving the agility and practicability of the model. The formal definition  of this model was given, and the security was also analyzed with proof. Finally, examples were illuminated to show the effectiveness and usability of this model.

Published: 28 September 2009
CLC:  TP 309  
Service
E-mail this article
Add to my bookshelf
Add to citation manager
E-mail Alert
RSS
Articles by authors
Cite this article:

HUANG Yong, CHEN Xiao-Ping, CHEN Wen-Zhi. Dynamically modified union model combining confidentiality and integrity. J4, 2009, 43(8): 1377-1382.

URL:

http://www.zjujournals.com/eng/ 10.3785/j.issn.1008-973X.     OR     http://www.zjujournals.com/eng/Y2009/V43/I8/1377


支持动态调节的保密性和完整性统一模型

针对简单结合BLP模型和Biba模型导致系统不具可用性的问题,提出了一种基于多级安全策略的保密性和完整性统一模型.以保密性和完整性作为安全模型的2个维度将主体的安全标识扩充为分离的读写权限区间,根据客体的安全标识和主体访问的历史过程,通过一定的安全转换规则动态调节主体的访问范围,实现BLP模型和Biba模型的有机结合,不仅保证了系统的保密性和完整性,而且使系统具有相当的灵活性和实用性.形式化描述了模型,并对模型的安全性进行相应的分析和证明.通过实例说明了模型的有效性和可用性.

[1] BELL D E, LAPADULA L J. Secure computer systems: a mathematical model [R]. Bedford: ESD-TR-73-278, 1973.

[2] BELL D E, LAPADULA L J. Secure computer system: unified exposition and multics interpretation [R]. Bedford:  MTR-2997 Rev. 1, 1976.

[3] BIBA K J. Integrity considerations for secure computer systems [R]. Bedford: ESD-TR-76-732, 1977.

[4] 石文昌,梁洪亮,孙玉芳. 主体当前敏感标记动态确定方案研究[J]. 电子学报, 2001, 29(8): 1046-1049.

SHI Wen-chang, LIANG Hong-liang, SUN Yu-fang. On scheme for dynamic determination of subject’s current sensitivity label [J]. Acta Electronica Sinica, 2001, 29(8): 1046-1049.

[5] LIU Yi-he, CHEN Xing-shu. A new information security model based on BLP model and BIBA model [C]∥ The 7th International Conference on Signal Processing. Beijing: IEEE, 2004: 2643-2646.

[6] 蔡谊,郑志蓉,沈昌祥. 基于多级安全策略的二维标识模型[J]. 计算机学报, 2004, 27(5): 619-624.

CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang. A planar attributes model based on multi level security policy [J]. Chinese Journal of Computers, 2004, 27(5): 619-624.

[7] 黄强,沈昌祥,陈幼雷,等. 基于可信计算的保密和完整性统一安全策略[J]. 计算机工程与应用, 2006, 42(10): 15-18.

HUANG Qiang, SHEN Chang-xiang, CHEN You-lei, et al. Secrecy/integrity union MLS policy based on trusting computing [J]. Computer Engineering and Applications, 2006, 42(10): 15-18.

[8] 李益发,沈昌祥. 一种新的操作系统安全模型[J]. 中国科学(E辑:信息科学), 2006, 36(4): 347-356.

LI Yi-fa, SHEN Chang-xiang. A new security model for operating system [J]. Science in China (E: Information Sciences), 2006, 36(4): 347356.

[9] 周正,刘毅,沈昌祥. 一种新的保密性与完整性统一安全策略[J]. 计算机工程与应用, 2007, 43(34): 1-2.

ZHOU Zheng, LIU Yi, SHEN Chang-xiang. New kind of secrecy/integrity union policy [J]. Computer Engineering and Applications, 2007, 43(34): 1-2.

[10] 张俊,周正,李建,等. 基于MLS策略的机密性和完整性动态统一模型[J]. 计算机工程与应用, 2008, 44(12): 19-21.

ZHANG Jun, ZHOU Zheng, LI Jian, et al. Confidentiality and integrity dynamic union model on MLS policy [J]. Computer Engineering and Applications, 2008, 44(12): 19-21.

[11] GERHARD S, WOLFGANG R, AXEL S. Verification of a formal security model for multiapplicative smart cards [C]∥ Proceedings of the 6th European Symposium on Computer Security. Toulouse: Springer-Verlag, 2000: 17-36.

[12] SCHWAN M. An extended model of security policy for multi-applicative smart cards [C]∥ Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security. New York: ACM, 2007: 226-233.

[13] 毛韡锋,平玲娣,姜励,等. 安全操作系统的设计[J]. 计算机工程, 2006, 32(12): 179-181.

MAO Wei-feng, PING Ling-di, JIANG Li, et al. Design of secure operating system [J]. Computer Engineering, 2006, 32(12): 179-181.
[1] WANG You-wei, LIU Yuan-ning, ZHU Xiao-dong. Novel semi-fragile watermarking algorithm for image content authentication[J]. J4, 2013, 47(6): 969-976.
[2] LI Zhuo, CHEN Jian, JIANG Xiao-ning, ZENG Xian-ting, PAN Xue-zeng. Blind JPEG steganalysis based on multi-domain features[J]. J4, 2011, 45(9): 1528-1538.
[3] JIANG Li, CHEN Jian, BENG Ling-Di, CHEN Xiao-Beng. Security policy for information erasing and leaking in multithreaded codes[J]. J4, 2010, 44(5): 854-862.
[4] BANG Zhi-Yu, LI Shan-Beng, YANG Chao-Hui, LIN Xin. Anonymous authorization in trust management[J]. J4, 2010, 44(5): 897-902.