BLP Integrity Expansion Model on Lattice
-
摘要: 为了扩展BLP模型融入完整性,并解决BLP与Biba模型典型融合中的高保密完整性资源与低保密完整性资源互访困难问题,从数学背景乘积格角度分析BLP模型,构造了BLP-I扩展模型.BLP-I模型中标签的第2维分量改为可信级别,通过突出保密性中读操作和完整性中写操作的地位,区分主体和已读信息的可信级,协调了在生命周期内BLP模型的静态特性和Biba模型的动态特性.BLP-I模型以低保密完整性下级可向高保密完整性上级直接汇报,而上级主体可下调自身安全级间接向下级发指令的方式部分解决了互访困难问题.Abstract: Mutual access dilemma between double-high level and double-low level resources in security and integrity was usually appeared during BLP model expansion with Biba. BLP model expansion with integrity which could resolve this dilemma was represented. An expansion model named BLP-I model was constructed in the view of product lattice analysis since lattice was BLP's mathematical background. The second dimension of label in BLP-I was substituted to indicate trust level. Read operation in security attribute and write operation in integrity were highlighted. The trust level of subject and messages had been read were distinguished. So the tranquility in BLP and dynamics in Biba during a lifecycle were coordinated in BLP-I. At last, dilemma was partially solved in BLP-I by permitting low security and integrity level direct report to double-high level while permitting double-high level lowered its own security level to issue to its underling.
-
Keywords:
- access control /
- information systems /
- security systems
-
-
[1] Department of Defense of US. Trusted computer system evaluation criteria (TCSEC)[R]. Washington, D. C.: Department of Defense of US, 1985.
[2] CCMB. Common criteria for information technology security evaluation V3. 1[R]. Washington, D. C.:Common Criteria Maintenance Board, 2006.
[3] 全国信息安全标准化技术委员会. GB/T 22239-2008信息安全技术信息系统安全等级保护基本要求[S]. 北京:中国标准出版社, 2008. [4] BELL D E, LaPADULA L J. Secure computer systems: mathematical foundations (MITRE 2547)[R]. Bedford: Mitre Corporation, 1973.
[5] BIBA K J. Integrity considerations for secure computer systems (MITRE 3153)[R]. Bedford:Mitre Corporation, 1977.
[6] SANDHU R. Lattice-based access control models[J]. IEEE Computer, 1993, 26(11):9-19.
[7] 蔡谊, 郑志蓉, 沈昌祥. 基于多级安全策略的二维标识模型[J]. 计算机学报, 2004, 27(5):619-624. CAI Yi, ZHENG Zhi-rong, SHEN Chang-xiang. A planar attributes model based on multi level security policy[J]. Chinese Journal of Computers, 2004, 27(5):619-624. (in Chinese) [8] 段立娟, 刘燕, 沈昌祥. 一种多安全域策略支持的管理机制[J]. 北京工业大学学报, 2011, 37(4):609-613. DUAN Li-juan, LIU Yan, SHEN Chang-xiang. Management mechanism for multi-domain strategy[J]. Journal of Beijing University of Technology, 2011, 37(4): 609-613. (in Chinese) [9] 卿斯汉, 沈昌祥. 高等级安全操作系统的设计[J]. 中国科学E辑:信息科学, 2007, 37(2):238-253. QING Si-han, SHEN Chang-xiang. An improved dynamically modified confidentiality policies model[J]. Science in China Series E:Information Sciences, 2007, 37(2):238-253. (in Chinese)
计量
- 文章访问数: 17
- HTML全文浏览量: 0
- PDF下载量: 7