摘要
在现有的安全系统中,BLP(Bell&Lapadula)模型是最广泛使用的一种,它包括强制存取控制和自主存取控制两部分.但是BLP模型的“向下读”和“向上写”的存取规则严重影响了系统的可用性和灵活性.针对上述缺陷和实际应用需要,文中采用将主体划分为属于普通用户域和特权域主体、并为特权域主体授予特权以及修改读写规则手段对BLP模型进行扩展.经过证明,扩展后的BLP模型不仅增强了数据库系统的机密性而且增强了可用性.
Among the currently existing security systems,Bell & Lapadula(BLP) is mostly used,which consists of both mandatory and discretionary access controls.However,the access rule of 'Read Down' and 'Write Up' of the BLP model seriously affects its usability and flexibility of the system.Considering the afore-mentioned defects and actual application requirements,a method to extend BLP model is introduced by dividing the subject into general domain's subject and privileged domain's subject,authorizing the subject of the privileged domain and revising the access rules.It is proved that the extended BLP model can enhance both the confidentiality and usability of the database system.
出处
《沈阳理工大学学报》
CAS
2006年第2期19-22,共4页
Journal of Shenyang Ligong University
基金
国家高技术研究发展计划(86330165B)
