基于应用区域边界体系结构的多主体访问控制安全模型
A Security Model of Multi-users Access Control Based on the Architectureof Application Area Boundary
作者:郭瑞明(四川大学 信息安全研究所,四川 成都 610064);刘益和(内江师范学院 计算机与信息科学系,四川 内江 641112);戴宗坤(四川大学 信息安全研究所,四川 成都 610064)
Author:(Inst. of Info. Security,Sichuan Univ.,Chengdu 610064,China);(Dept. of Computer and Info. Sci.,Neijiang Teachers College,Neijiang 641112,China);(Inst. of Info. Security,Sichuan Univ.,Chengdu 610064,China)
收稿日期:2007-03-27 年卷(期)页码:2008,40(4):115-119
期刊名称:工程科学与技术
Journal Name:Advanced Engineering Sciences
关键字:信息安全体系结构,BLP模型,Biba模型,RBAC模型,粒度控制,并发行为
Key words:information security architecture;BLP model;Biba model;RBAC model;granular control;concurrent behavior
基金项目:国家973计划资助项目(1999035801)
中文摘要
为解决应用区域边界安全体系结构中的多主体访问控制安全问题,分析了应用区域边界的安全体系结构,利用BLP模型、Biba模型和RBAC模型的基本性质,针对该类安全体系结构的数据读/写操作和数据传送问题,详细定义并描述了创建客体规则、创建主体规则和数据传送中发送/接收规则。形式化证明了给出的描述规则是合理的、安全的,由这些规则组成的基于应用区域边界的安全体系结构模型是安全的。
英文摘要
In order to promote the security of multi-users access, the properties of the BLP model, Biba model and RBAC model were given, and the problems of data write/read operation and data transmission in the security architecture of application area boundary were described. To solve the problems, the rules of creating objects, creating subjects and sending/receiving data in transmission were presented, and the rationality and security of the rules were proved formally. It was showed that the security architecture model of application area boundary, which was made of the rules is security.
【关闭】
