中国电子商情:通信市场
中國電子商情:通信市場
중국전자상정:통신시장
2012年
1期
111-119
,共9页
完整性策略%强制完整性控制%Biba模型%TE策略
完整性策略%彊製完整性控製%Biba模型%TE策略
완정성책략%강제완정성공제%Biba모형%TE책략
integrity policy%mandatory integrity control%Biba model%TE policy
针对Biba模型对主体和客体的完整级限制过于严格,兼容性和可用性低,以及为解决可用性而引入的可信主体访问权限和访问范围过大的问题,提出一种混合Biba和TE策略的强制完整性控制模型。该模型的完整性控制由Biba严格完整性策略实施,主体的权限通过TE策略所实现的访问隔离思想、最小权限原则和域转换能力进行控制,在提高Biba模型兼容性和可用性的同时,实现主体权限和访问范围的细粒度控制。
針對Biba模型對主體和客體的完整級限製過于嚴格,兼容性和可用性低,以及為解決可用性而引入的可信主體訪問權限和訪問範圍過大的問題,提齣一種混閤Biba和TE策略的彊製完整性控製模型。該模型的完整性控製由Biba嚴格完整性策略實施,主體的權限通過TE策略所實現的訪問隔離思想、最小權限原則和域轉換能力進行控製,在提高Biba模型兼容性和可用性的同時,實現主體權限和訪問範圍的細粒度控製。
침대Biba모형대주체화객체적완정급한제과우엄격,겸용성화가용성저,이급위해결가용성이인입적가신주체방문권한화방문범위과대적문제,제출일충혼합Biba화TE책략적강제완정성공제모형。해모형적완정성공제유Biba엄격완정성책략실시,주체적권한통과TE책략소실현적방문격리사상、최소권한원칙화역전환능력진행공제,재제고Biba모형겸용성화가용성적동시,실현주체권한화방문범위적세립도공제。
The Biba model was over-strict in the limit of subject and object integrity level and had low compatibility and usability. The trusted subject introduced into the model had increased its usability but it was usually over authorized and much more vulnerable. In the paper, a mandatory integrity control model was proposed, which mixed Biba with TE(Type Enforcement) policy. In this model, integrity access control is carried out by Biba Strict Integrity Policy, and the subject's privilege is controlled by access isolation, least privilege and domain control which is achieved through TE. While improving the compatibility and usability of Biba, it also achieves a fine-grained access control in access permissions and access ranges.
