东南大学学报(英文版)
東南大學學報(英文版)
동남대학학보(영문판)
JOURNAL OF SOUTHEAST UNIVERSITY
2008年
3期
393-396
,共4页
於光灿%李瑞轩%卢正鼎%Mudar Sarem%宋伟%苏永红
於光燦%李瑞軒%盧正鼎%Mudar Sarem%宋偉%囌永紅
어광찬%리서헌%로정정%Mudar Sarem%송위%소영홍
分级访问控制%层次化组织机构%多安全标签
分級訪問控製%層次化組織機構%多安全標籤
분급방문공제%층차화조직궤구%다안전표첨
multi-level access control%hierarchical organization%multiple security tags
在BLP模型基础上提出一个新的分级访问控制模型,模型中建立部门之间的层次关系,提出岗位这一新的概念,简化了安全标记指派这一烦琐工作.通过为岗位指派多个安全标记,实现上下级及平级部门之间的互相沟通,在树形层次中靠得越近的部门,其职员之间可交流的客体密级越高.定义3个层次的访问矩阵.实现多种粒度的灵活的自主访问控制.模型在增加灵活性和实用性的同时保证信息的流动始终处于系统的控制之下.继承了BLP模型最突出的优点,并通过形式化证明的方式对模型进行了验证.
在BLP模型基礎上提齣一箇新的分級訪問控製模型,模型中建立部門之間的層次關繫,提齣崗位這一新的概唸,簡化瞭安全標記指派這一煩瑣工作.通過為崗位指派多箇安全標記,實現上下級及平級部門之間的互相溝通,在樹形層次中靠得越近的部門,其職員之間可交流的客體密級越高.定義3箇層次的訪問矩陣.實現多種粒度的靈活的自主訪問控製.模型在增加靈活性和實用性的同時保證信息的流動始終處于繫統的控製之下.繼承瞭BLP模型最突齣的優點,併通過形式化證明的方式對模型進行瞭驗證.
재BLP모형기출상제출일개신적분급방문공제모형,모형중건립부문지간적층차관계,제출강위저일신적개념,간화료안전표기지파저일번쇄공작.통과위강위지파다개안전표기,실현상하급급평급부문지간적호상구통,재수형층차중고득월근적부문,기직원지간가교류적객체밀급월고.정의3개층차적방문구진.실현다충립도적령활적자주방문공제.모형재증가령활성화실용성적동시보증신식적류동시종처우계통적공제지하.계승료BLP모형최돌출적우점,병통과형식화증명적방식대모형진행료험증.
An access control model is proposed based on the famous Bell-LaPadula (BLP) model. In the proposed model, hierarchical relationships among departments are built, a new concept named post is proposed, and assigning security tags to subjects and objects is greatly simplified. The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are dosed on the organization tree, the more secret objects can be exchanged by the staff of the departments. The access control matrices of the department, post and staff are defined. By using the three access control matrices, a multi granularity and flexible discretionary access control policy is implemented. The outstanding merit of the BLP model is inherited, and the new model can guarantee that all the information flow is under control. Finally, our study shows that compared to the BLP model, the proposed model is more flexible.
