| 引用本文: | 张俊,徐鲁威,孟庆德,等.基于预授权的机密性和完整性动态统一模型.[J].国防科技大学学报,2014,36(1):167-171.[点击复制] |
| ZHANG Jun,XU Luwei,MENG Qingde,et al.Confidentiality and integrity dynamic union model based on pre-authorization mechanisms[J].Journal of National University of Defense Technology,2014,36(1):167-171[点击复制] |
|
| |
|
|
| 本文已被:浏览 8294次 下载 6688次 |
| 基于预授权的机密性和完整性动态统一模型 |
| 张俊, 徐鲁威, 孟庆德, 冯昌林 |
|
(海军装备研究院,北京 100161)
|
| 摘要: |
| 目前的访问控制模型无法对机密性、完整性和可用性做到合理的统一控制,尤其是对动态的、随机的访问请求控制不完善,使得攻击者总能找到脆弱点,也使得信息系统在实际应用中无法避免用户误操作引起的安全问题。提出了一种基于预授权的机密性和完整性访问控制模型,将BLP模型和Biba模型结合起来,通过引入预授权机制,对一些随机动态的访问活动进行合理控制。运用条件控制项,对主体执行任务的权限进行实时监控,动态地授予和取消主体执行任务的权限,实现系统机密性和完整性的统一,同时保证其具有较高的可用性,有利于信息的双向流动。给出了模型的应用实例,并对其安全性进行了证明。 |
| 关键词: 机密性 完整性 任务 角色 预授权 |
| DOI:10.11887/j.cn.201401029 |
| 投稿日期:2013-07-15 |
| 基金项目:国家科技重大专项资助项目(2012ZX03002003) |
|
| Confidentiality and integrity dynamic union model based on pre-authorization mechanisms |
| ZHANG Jun, XU Luwei, MENG Qingde, FENG Changlin |
|
(Naval Academy of Armament, Beijing 100161, China)
|
| Abstract: |
| With the current access control model, a reasonable unified control over confidentiality, integrity and availability cannot be achieved; especially the dynamic random access request control is far from perfect, not only always leaving some weak points open to possible attacks, but also bringing some unavoidable security problems caused by user errors in practical applications. A kind of confidentiality and integrity access control model based on the pre-authorization mechanisms is put forward. By combining BLP model and Biba model, and introducing the pre-authorization mechanisms, the reasonable control can be achieved over the dynamic random accesses activities. By making use of the condition control, the authority of subject performing the task is monitored timely, and granted or canceled dynamically. So the system’s confidentiality and integrity can both be realized, while guaranteeing its high availability, which is advantageous to the two-way flow of information. Finally, the application example of the model is given and its security is proved. |
| Keywords: confidentiality integrity task role pre-authorization |
|
|
|
|
|
