计算机科学
計算機科學
계산궤과학
COMPUTER SCIENCE
2010年
1期
75-78
,共4页
王辉%贾宗璞%申自浩%卢碧波
王輝%賈宗璞%申自浩%盧碧波
왕휘%가종박%신자호%로벽파
内部威胁%安全策略%信息流%安全级别%信息流图
內部威脅%安全策略%信息流%安全級彆%信息流圖
내부위협%안전책략%신식류%안전급별%신식류도
Insider threat%Security policy%Information flow.Security level%Information flow graph
内部威胁是企业组织面临的非常严重的安全问题,作为企业最贵重的信息资产--文档,是内部滥用的主要目标.以往的粗粒度安全策略,如最小权限原则、职责分离等,都不足以胜任文档安全化的内部威胁问题.提出了一个崭新的多级安全策略模型,引入了文档信息流和信息流图概念,并提出了相关算法.它能依据系统上下文环境的变化,动态地产生信息流的约束条件,屏蔽可能产生的隐藏信息流通道.
內部威脅是企業組織麵臨的非常嚴重的安全問題,作為企業最貴重的信息資產--文檔,是內部濫用的主要目標.以往的粗粒度安全策略,如最小權限原則、職責分離等,都不足以勝任文檔安全化的內部威脅問題.提齣瞭一箇嶄新的多級安全策略模型,引入瞭文檔信息流和信息流圖概唸,併提齣瞭相關算法.它能依據繫統上下文環境的變化,動態地產生信息流的約束條件,屏蔽可能產生的隱藏信息流通道.
내부위협시기업조직면림적비상엄중적안전문제,작위기업최귀중적신식자산--문당,시내부람용적주요목표.이왕적조립도안전책략,여최소권한원칙、직책분리등,도불족이성임문당안전화적내부위협문제.제출료일개참신적다급안전책략모형,인입료문당신식류화신식류도개념,병제출료상관산법.타능의거계통상하문배경적변화,동태지산생신식류적약속조건,병폐가능산생적은장신식류통도.
Insider threat is widely recognized as an utmost important issue for organization security management.As the most important information asset (documents),they are the chicf target of insider misuse.The former coarse grained security policies that operate on "the principle of least privilege" or "separate of duty" are not enough to address documents security about insider threat issue.We presented a novel multi-level security policy model and related algorithms,and defined the concept of document information flow and information flow graph.According to system context's change,it will generate dynamic restriction conditions about information flow.And its aim is to prohibit these probable hiding channels of information flow.