国防科技大学学报
國防科技大學學報
국방과기대학학보
JOURNAL OF NATIONAL UNIVERSITY OF DEFENSE TECHNOLOGY
2014年
1期
167-171
,共5页
张俊%徐鲁威%孟庆德%冯昌林
張俊%徐魯威%孟慶德%馮昌林
장준%서로위%맹경덕%풍창림
机密性%完整性%任务%角色%预授权
機密性%完整性%任務%角色%預授權
궤밀성%완정성%임무%각색%예수권
confidentiality%integrity%task%role%pre-authorization
目前的访问控制模型无法对机密性、完整性和可用性做到合理的统一控制,尤其是对动态的、随机的访问请求控制不完善,使得攻击者总能找到脆弱点,也使得信息系统在实际应用中无法避免用户误操作引起的安全问题。提出了一种基于预授权的机密性和完整性访问控制模型,将BLP模型和Biba模型结合起来,通过引入预授权机制,对一些随机动态的访问活动进行合理控制。运用条件控制项,对主体执行任务的权限进行实时监控,动态地授予和取消主体执行任务的权限,实现系统机密性和完整性的统一,同时保证其具有较高的可用性,有利于信息的双向流动。给出了模型的应用实例,并对其安全性进行了证明。
目前的訪問控製模型無法對機密性、完整性和可用性做到閤理的統一控製,尤其是對動態的、隨機的訪問請求控製不完善,使得攻擊者總能找到脆弱點,也使得信息繫統在實際應用中無法避免用戶誤操作引起的安全問題。提齣瞭一種基于預授權的機密性和完整性訪問控製模型,將BLP模型和Biba模型結閤起來,通過引入預授權機製,對一些隨機動態的訪問活動進行閤理控製。運用條件控製項,對主體執行任務的權限進行實時鑑控,動態地授予和取消主體執行任務的權限,實現繫統機密性和完整性的統一,同時保證其具有較高的可用性,有利于信息的雙嚮流動。給齣瞭模型的應用實例,併對其安全性進行瞭證明。
목전적방문공제모형무법대궤밀성、완정성화가용성주도합리적통일공제,우기시대동태적、수궤적방문청구공제불완선,사득공격자총능조도취약점,야사득신식계통재실제응용중무법피면용호오조작인기적안전문제。제출료일충기우예수권적궤밀성화완정성방문공제모형,장BLP모형화Biba모형결합기래,통과인입예수권궤제,대일사수궤동태적방문활동진행합리공제。운용조건공제항,대주체집행임무적권한진행실시감공,동태지수여화취소주체집행임무적권한,실현계통궤밀성화완정성적통일,동시보증기구유교고적가용성,유리우신식적쌍향류동。급출료모형적응용실례,병대기안전성진행료증명。
With the current access control model,a reasonable unified control over confidentiality,integrity and availability cannot be achieved;especially the dynamic random access request control is far from perfect,not only always leaving some weak points open to possible attacks,but also bringing some unavoidable security problems caused by user errors in practical applications.A kind of confidentiality and integrity access control model based on the pre-authorization mechanisms is put forward.By combining BLP model and Biba model,and introducing the pre-authorization mechanisms,the reasonable control can be achieved over the dynamic random accesses activities.By making use of the condition control,the authority of subject performing the task is monitored timely,and granted or canceled dynamically.So the system’s confidentiality and integrity can both be realized,while guaranteeing its high availability,which is advantageous to the two-way flow of information.Finally,the application example of the model is given and its security is proved.
