• 综合性科技类中文核心期刊
    • 中国科技论文统计源期刊
    • 中国科学引文数据库来源期刊
    • 中国学术期刊文摘数据库(核心版)来源期刊
    • 中国学术期刊综合评价数据库来源期刊

基于格的BLP完整性扩展模型

沈瑛, 沈昌祥

沈瑛, 沈昌祥. 基于格的BLP完整性扩展模型[J]. 北京工业大学学报, 2013, 39(3): 402-406.
引用本文: 沈瑛, 沈昌祥. 基于格的BLP完整性扩展模型[J]. 北京工业大学学报, 2013, 39(3): 402-406.
SHEN Ying, SHEN Chang-xiang. BLP Integrity Expansion Model on Lattice[J]. Journal of Beijing University of Technology, 2013, 39(3): 402-406.
Citation: SHEN Ying, SHEN Chang-xiang. BLP Integrity Expansion Model on Lattice[J]. Journal of Beijing University of Technology, 2013, 39(3): 402-406.

基于格的BLP完整性扩展模型

基金项目: 

国家科技重大专项基金资助项目(2010ZX01037-001-001)

国家软科学研究计划资助项目(2010GXQ5D317)

浙江省重点科技创新团队基金资助项目(2009R50009)

详细信息
    作者简介:

    沈瑛(1976-),女,副教授,主要从事信息安全、虚拟现实方面的研究,E-mail:shenying@zjut.edu.cn.

  • 中图分类号: TP303

BLP Integrity Expansion Model on Lattice

  • 摘要: 为了扩展BLP模型融入完整性,并解决BLP与Biba模型典型融合中的高保密完整性资源与低保密完整性资源互访困难问题,从数学背景乘积格角度分析BLP模型,构造了BLP-I扩展模型.BLP-I模型中标签的第2维分量改为可信级别,通过突出保密性中读操作和完整性中写操作的地位,区分主体和已读信息的可信级,协调了在生命周期内BLP模型的静态特性和Biba模型的动态特性.BLP-I模型以低保密完整性下级可向高保密完整性上级直接汇报,而上级主体可下调自身安全级间接向下级发指令的方式部分解决了互访困难问题.
    Abstract: Mutual access dilemma between double-high level and double-low level resources in security and integrity was usually appeared during BLP model expansion with Biba. BLP model expansion with integrity which could resolve this dilemma was represented. An expansion model named BLP-I model was constructed in the view of product lattice analysis since lattice was BLP's mathematical background. The second dimension of label in BLP-I was substituted to indicate trust level. Read operation in security attribute and write operation in integrity were highlighted. The trust level of subject and messages had been read were distinguished. So the tranquility in BLP and dynamics in Biba during a lifecycle were coordinated in BLP-I. At last, dilemma was partially solved in BLP-I by permitting low security and integrity level direct report to double-high level while permitting double-high level lowered its own security level to issue to its underling.
  • [1]

    Department of Defense of US. Trusted computer system evaluation criteria (TCSEC)[R]. Washington, D. C.: Department of Defense of US, 1985.

    [2]

    CCMB. Common criteria for information technology security evaluation V3. 1[R]. Washington, D. C.:Common Criteria Maintenance Board, 2006.

    [3] 全国信息安全标准化技术委员会. GB/T 22239-2008信息安全技术信息系统安全等级保护基本要求[S]. 北京:中国标准出版社, 2008.
    [4]

    BELL D E, LaPADULA L J. Secure computer systems: mathematical foundations (MITRE 2547)[R]. Bedford: Mitre Corporation, 1973.

    [5]

    BIBA K J. Integrity considerations for secure computer systems (MITRE 3153)[R]. Bedford:Mitre Corporation, 1977.

    [6]

    SANDHU R. Lattice-based access control models[J]. IEEE Computer, 1993, 26(11):9-19.

    [7] 蔡谊, 郑志蓉, 沈昌祥. 基于多级安全策略的二维标识模型[J]. 计算机学报, 2004, 27(5):619-624. CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang. A planar attributes model based on multi level security policy[J]. Chinese Journal of Computers, 2004, 27(5):619-624. (in Chinese)
    [8] 段立娟, 刘燕, 沈昌祥. 一种多安全域策略支持的管理机制[J]. 北京工业大学学报, 2011, 37(4):609-613. DUAN Li-juan, LIU Yan, SHEN Chang-xiang. Management mechanism for multi-domain strategy[J]. Journal of Beijing University of Technology, 2011, 37(4): 609-613. (in Chinese)
    [9] 卿斯汉, 沈昌祥. 高等级安全操作系统的设计[J]. 中国科学E辑:信息科学, 2007, 37(2):238-253. QING Si-han, SHEN Chang-xiang. An improved dynamically modified confidentiality policies model[J]. Science in China Series E:Information Sciences, 2007, 37(2):238-253. (in Chinese)
计量
  • 文章访问数:  17
  • HTML全文浏览量:  0
  • PDF下载量:  7
  • 被引次数: 0
出版历程
  • 收稿日期:  2011-08-13
  • 网络出版日期:  2022-11-18

目录

    /

    返回文章
    返回