期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Flume系统的隐蔽信道搜索问题研究 被引量:1

Study on Detection of Covert Channel in Flume System
下载PDF
导出
摘要 Flume系统不仅可以为处于不同安全级别的进程传输信息提供安全保障,还可以通过显式标签机制解决在隐式标签系统中进程间通信连接超时导致的隐蔽信道问题.但是其系统中的部分不合理标签分配机制可能会导致信息在传递过程中同样存在泄露问题.针对这个问题提出一种隐蔽信道搜索模型(covert channel detection model,CCDM),将隐蔽信道的搜索问题抽象为有向图联通问题.最后结合回溯算法的思想提出IniaPathSearch算法和QuickPathSearch算法来对隐蔽信道进行自动搜索.实验结果表明,IniaPathSearch算法和QuickPathSearch算法可以正确有效地对Flume系统中隐蔽信道进行检测,并能为信息传递提供合法最短路径,其结果可以用于指导提高系统的安全性. Flume system can not only provide security protection for processes ifl different security level transmit information, but also use explicit label mechanism for solving the problem of covert channel caused by the timeout when processes transmit information. And this problem cannot be figured out by other security systems based on DIFC that use implicit label mechanism. But the mechanism of label allocation system may also cause information leakage by a special covert channel when processes transmit information in Flume system. In this paper, a covert channel detection model (CCDM) is introduced by analyzing the reason of information leakage in Flume system. The problem of covert channel searching is abstracted as the problem of directed graph linking by CCDM. And two algorithms that can auto-search covert channel in Flume system are presented based on CCDM and the idea of backtracking algorithm. The results of experiment show that CCDM and the proposed algorithms not only can effectively detect covert channel in Flume system, but also provide the shortest path for processes to transmit information. Thus, the results of experiment can provide some guidance for improving system security.
作者 曹珲 熊胜超 张焕国 严飞
机构地区 武汉大学计算机学院 空天信息安全与可信计算教育部重点实验室(武汉大学)
出处 《计算机研究与发展》 EI CSCD 北大核心 2013年第11期2367-2374,共8页 Journal of Computer Research and Development
基金 国家自然科学基金项目(91018008 61003268 61103220 91118003) 湖北省自然科学基金项目(2010CDB08601) 中央高校基本科研业务费专项资金项目(3101038)
关键词 Flume系统 隐蔽信道 隐蔽信道搜索模型 有向图 安全性 Flume system covert channel~ covert channel detection model (CCDM) ~ directed graph security
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献26

  • 1Myers A C, Liskov B. Protecting privacy using the decentralized label model [J]. ACM Trans on the Software Engineering and Methodology, 2000, 9(4): 410-442. 被引量:1
  • 2Bell D E. Security policy modeling for the next-generation packet switch [C] //Proc of the 2005 IEEE Syrup on Security and Privacy. Los Alamitos: IEEE Computer Society, 1988: 212-216. 被引量:1
  • 3Biba K J. Integrity consideration for secure computer systems, MTR-3153 [R]. Bedford: MITREE Corporation, 1977. 被引量:1
  • 4Efstathopoulos P, Krohn M, Vaddebogart S, et al. Labels and event processes in the Asbestos operating system [C] // Proc of the 20th ACM Symp on Operating Systems Principles (SOSP'2005). New York: ACM, 2005: 17-30. 被引量:1
  • 5Zeldovich N, Boyd-Wickizer S, Kohler E, et al. Making information flow explicit in HiStar [C] //Proc of the U senix Associatio 7th Usenix Symp on Operating Systems Design and Implementation (OSDI'2006). Berkeley: USENIX Association, 2006: 263-278. 被引量:1
  • 6Krohn M, Yip A, Brodsky M, et al. Information flow control for standard OS abstractions [C] //Proc of the 21st ACM Symp on Operating Systems Principles (SOSP'2007). New York: ACM, 2007: 321-334. 被引量:1
  • 7Krohn M, Tromer E. Noninterference for a practical DIFCbased operating system [C] //Proc of the 2009 IEEE Symp on Security and Privacy. Los Alamitos, CA: IEEE Computer Society, 2009: 61-76. 被引量:1
  • 8Lampson B W. A note on the confinement problem [J]. Communications of the ACM, 1973,16(10): 613-615. 被引量:1
  • 9National Computer Security Center (NCSC). Trusted computer system evaluation criteria [S]. Washington: United States Department of Defense, USA, 1985. 被引量:1
  • 10国家质量监督检验检疫总局.GB17859-1999计算机信息系统安全保护等级划分准则[S].北京:中国质检出版社,2009. 被引量:1

二级参考文献6

共引文献47

同被引文献9

引证文献1

二级引证文献2

计算机研究与发展
2013年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部