期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种多层次特权控制机制的设计与实现 被引量:1

Design and Implementation of a Multi-Layered Privilege Control Mechanism
下载PDF
导出
摘要 特权控制机制是高安全等级操作系统中一个重要的组成部分,它能够提供系统恰当的安全保证级.给出了在自主开发的、符合GB17859-1999第4级“结构化保护级”的安胜安全操作系统中实现的一种多层次特权机制,它在用户管理层、主体功能层和程序文件3个层次实现特权控制和管理.该机制的实现使系统满足了RBAC的角色职责隔离、DTE域的动态功能隔离和POSIX标准的特权最小化等安全性质,证明以这种受控的方式使用特权可以有效地保证系统的安全性. As an important component of high-level secure operating systems, the privilege control mechanism can provide an appropriate level of security assurance for the system. It presents a multi-layered privilege control mechanism implemented in Ansheng OS V4.0, a copyrighted security operating system that satisfies all the specified requirements of criteria class 4, "Structured-Protection", in GB17859-1999 (equally, the B2 level in TCSEC). This mechanism enforces privilege control and management in the user- level, function-level and program-level of the system, and it can make the system implementation responsibility separation with roles defined in the role-based access control policy, dynamic functionality separation with domains defined in the domain and type enforcement policy, least privilege principle required by the POSIX standard and therefore ensure the security of the system with the use of privilege in such a controlled manner.
作者 沈晴霓 卿斯汉 李丽萍
机构地区 中国科学院信息安全技术工程研究中心 中国科学院软件研究所 中国科学院研究生院
出处 《计算机研究与发展》 EI CSCD 北大核心 2006年第3期423-428,共6页 Journal of Computer Research and Development
基金 国家"九七三"重点基础研究发展规划基金项目(G1999035810) 国家自然科学基金项目(60083007) 北京市自然科学基金项目(4052016)~~
关键词 安全操作系统 最小特权 权能状态 角色 secure operating system least privilege capability state role domain
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献9

  • 1D. Ferraiolo, J. Cugini, D. R. Kuhn. Role based access control(RBAC): Features and motivations. In: Proc.11th Annual Computer Security Applications Conf. Los Alamitos: IEEE Computer Society Press, 1995. 241-248. 被引量:1
  • 2J. Hoffman. Implementing RBAC on a type enforced system. In:Proc. 13th Annual Computer Security Applications Conf. Los Alamitos: IEEE Computer Society Press, 1997. 158- 163. 被引量:1
  • 3Ramaswamy Chandramouli. A framework for multiple authorization types in a heahhcare application system. In: Proc.17th Annual Computer Security Applications Conf. Los Alamitos:IEEE Computer Society Press, 2001. 137-148. 被引量:1
  • 4Oingfeng He. Privacy enforcement with an extended role-based accesscontrol model. Department of Computer Science, North Carolina State University, USA, Tech. Rep.: TR-2003-09,2003. 被引量:1
  • 5中国国家质量技术监督局.GBl7859-1999中华人民共和国国家标准—计算机信息系统安全保护等级划分准则.1999. 被引量:1
  • 6中国国家质量技术监督局.GB/T18336-2001中华人民共和同推荐标准—信息技术安全技术信息技术安全性评估准则.2001. 被引量:1
  • 7Portable Applications Standards Committee of IEEE Computer Society. Standards Project, Draft Standard for Information Technology-Portable Operating System Interface (POSIX),PSSG Draft 17, New York: IEEE Inc, 1997. 被引量:1
  • 8L. Badger, D. F. Sterne, D. L. Sherman, et al. A domain and type enforcement UNIX prototype. USENIX Computing Systems, 1996, 9(1): 47-83. 被引量:1
  • 9季庆光,卿斯汉,贺也平.支持POSIX权能机制的一个新的特权控制的形式模型[J].中国科学(E辑),2004,34(6):683-700. 被引量:5

二级参考文献24

  • 1[18]Ferraiolo D F, Barkley J F, Kuhn D R. A role-based access control model and reference implementation within a corporate intranet. ACM Transactions on Infoemation and System Security, Vol.2, No. 1, February 1999. 34~64 被引量:1
  • 2[19]Clark D D, Wilson D R. A comparison of commercial and military security policies. In: Proceedings of 1987 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, April 1987,184~238 被引量:1
  • 3[20]Ferraiolo D F, Cugini J A, Kuhn D R. Role-based control(RBAC): features and motivations, In: Proceedings. 11th Annual Computer Security Applications Conference, December 1995, 241~248 被引量:1
  • 4[1]Curry, D. A. Improving the security of your UNIX system, Technology report ITSTD-721-FR-90-21, SRI International, April 1990 被引量:1
  • 5[2]IBM server group, Addressing secrity issues in Linux. A Linux White Paper, 2000 被引量:1
  • 6[3]Data General, Managing security on DG/UX system, manual 093-701138-4, Data General Corporation,Westboro, MA01580, Nov. 1996 被引量:1
  • 7[4]Cowan C, Beattie S, Kroach-Hartman G, et al. SubDomain: parsimonious server security, 14th USENIX Systems Administration Conference (LISA 2000), New Orleans, LA, December 2000, 355~367 被引量:1
  • 8[5]Chandramouli R. A framework for multiple authorization types in a healthcare application system. In:Proc. 17th Annual Computer Security Applications Conference, December 2001, 137~148 被引量:1
  • 9[6]Hoffman J. Implementing RBAC on a type enforced system. In: Proc. 13th Annual Computer Security Applications Conference, December 1997, 158~163 被引量:1
  • 10[7]Sandhu R S, Coyne E J, Feinstein H L, et al. Role Based Access Control Models. IEEE Computer, vol 29, Num 2, February 1996, 38~47 被引量:1

共引文献4

同被引文献1

  • 1QING SiHan1,2 & SHEN ChangXiang3 1 Institute of Software, Chinese Academy of Sciences, Beijing 100080, China,2 School of Software and Microelectronics, Peking University, Beijing 102600, China,3 Institute of Computing Technology, Navy, Beijing 100841, China.Design of secure operating systems with high security levels[J].Science in China(Series F),2007,50(3):399-418. 被引量:5

引证文献1

二级引证文献1

计算机研究与发展
2006年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部