计算机工程与应用
計算機工程與應用
계산궤공정여응용
COMPUTER ENGINEERING AND APPLICATIONS
2015年
12期
55-62
,共8页
数据安全%数据流%操作系统%数据流控制机制(DFCM)
數據安全%數據流%操作繫統%數據流控製機製(DFCM)
수거안전%수거류%조작계통%수거류공제궤제(DFCM)
data security%data flow%operating system%Data Flow Control Mechanism(DFCM)
数据安全是信息系统安全的根本目的。在两类主流安全模型中,访问控制模型侧重系统主、客体间的操作控制,难以直接对数据实施全程保护,而信息流控制模型虽然直接面向信息的传递控制,但其需要映射数据与安全级关系,难以很好地在主流操作系统中应用。提出一种兼有两类模型优点的数据流控制机制DFCM。DFCM以数据为中心,通过控制面向数据状态转换的系统操作,实现对机密数据块的全程、细粒度控制保护。实验结果表明, DFCM能够在主流商用操作系统上,在低开销的前提下实现对信息的保护。
數據安全是信息繫統安全的根本目的。在兩類主流安全模型中,訪問控製模型側重繫統主、客體間的操作控製,難以直接對數據實施全程保護,而信息流控製模型雖然直接麵嚮信息的傳遞控製,但其需要映射數據與安全級關繫,難以很好地在主流操作繫統中應用。提齣一種兼有兩類模型優點的數據流控製機製DFCM。DFCM以數據為中心,通過控製麵嚮數據狀態轉換的繫統操作,實現對機密數據塊的全程、細粒度控製保護。實驗結果錶明, DFCM能夠在主流商用操作繫統上,在低開銷的前提下實現對信息的保護。
수거안전시신식계통안전적근본목적。재량류주류안전모형중,방문공제모형측중계통주、객체간적조작공제,난이직접대수거실시전정보호,이신식류공제모형수연직접면향신식적전체공제,단기수요영사수거여안전급관계,난이흔호지재주류조작계통중응용。제출일충겸유량류모형우점적수거류공제궤제DFCM。DFCM이수거위중심,통과공제면향수거상태전환적계통조작,실현대궤밀수거괴적전정、세립도공제보호。실험결과표명, DFCM능구재주류상용조작계통상,재저개소적전제하실현대신식적보호。
The security of data is the fundamental goal of information system security. In two kinds of main security models, the access control model puts extra emphasis on operation controlling between subjects and objects, which is difficult to protect data at the whole process. While the information flow model aims to transfer the controlling information by mapping data and security levels, and it cannot be used in major operating systems. This paper proposes a method named with DFCM, which combines the access control model and the information flow model to give full play to advantages of both models. DFCM is a data flow oriented security mechanism, and it can control system actions according to state transfer of data and hence can achieve the goal of protecting confidential data at the whole process in a fine-grained way. The experiment results show that DFCM can preserve information with low overhead on the major commercial operating system.
