摘要
针对简单结合BLP模型和Biba模型导致系统不具可用性的问题,提出了一种基于多级安全策略的保密性和完整性统一模型.以保密性和完整性作为安全模型的2个维度将主体的安全标识扩充为分离的读写权限区间,根据客体的安全标识和主体访问的历史过程,通过一定的安全转换规则动态调节主体的访问范围,实现BLP模型和Biba模型的有机结合,不仅保证了系统的保密性和完整性,而且使系统具有相当的灵活性和实用性.形式化描述了模型,并对模型的安全性进行相应的分析和证明.通过实例说明了模型的有效性和可用性.
To resolve the problem that the simple combination of BLP and Biba models will lead to poor availability, a confidentiality and integrity dynamic union model based on multi-level security (MLS) policy was presented. The two dimensions of secure model are composed of confidentiality and integrity, on which the security label is separated into write privilege range and read privilege range respectively, whereupon subject's access range is adjusted dynamically according to the security label of related objects and the history situation of the subject's access, improving the agility and practicability of the model. The formal definition of this model was given, and the security was also analyzed with proof. Finally, examples were illuminated to show the effectiveness and usability of this model.
出处
《浙江大学学报(工学版)》
EI
CAS
CSCD
北大核心
2009年第8期1377-1382,共6页
Journal of Zhejiang University:Engineering Science
基金
国家"863"高技术研究发展计划资助项目(2006AA01Z431)
浙江省重大科技专项重点资助项目(2007C11068
2007C11088)
