摘要
随着信息技术的发展,越来越多的企业利用资源的共享、信息的交换以及交互操作等方式开展工作。信息的安全问题越来越引起人们的关注,尤其是涉密信息的安全。因此必须对不同安全密级信息的流动进行严格控制。本文分析了现有的采用分区机制的可信系统的信息流控制方法的不足,并对传统的多级安全操作系统中信息流的安全性进行探讨,利用现在流行的虚拟化技术,采用显示安全标记和隐式安全标记相结合的方法提出了一种基于虚拟机的信息流安全控制方法,并通过无干扰理论进一步验证了该信息流控制方法的安全性和有效性。
With the development of information technology, more and more companies began to use the sharing resources, information exchange and interoperability. People focus on information security issues increasingly, especially the security of classified information. Therefore to control the flow of information on the different security classification strictly is necessary. This paper analyzes the deficiencies of information flow control methods in the existing credible system using partition mechanism, and discusses the security of the information flow in the traditional multi-level secure operating system, this paper use the popular technology of virtualization to propose a method for security control of information flow based on virtual machines integrated implicit security label and explicit label in the same system and verify the safety and effectiveness of the information flow control method through noninterference theory.
关键词
无干扰
信息流控制
安全标记
虚拟化技术
noninterference
information flow control
security label
virtualization technology
