An Improved Dynamically Modified Confidentiality Policies Model
作者: JI Qing
DOI:
关键词:
摘要: This paper presents a model which can support network security objects, improve the Amon ott抯 rules with small amount of operations and storages for practicality, enhance flexibility available system implementation by making single level becoming range , control IPC objects effectively. For these purposes, dynamically modifying current sensitivity are extended to ones levels range, so Bell's work on be combined ott抯. Considering cases in practical GEMSOS,DG/UX prototype microkernel Fluke, entity, multiple entity special access mode progress, invariants constraints corresponding them introduced. Based Tmack抯 way, sufficient mechanism is posed. In addition, some flaws ABLP pointed out. A new confidentiality policy formal specification invariants, constraints, variables, constants has been presented demonstrating reasonableness it used design.
cnki.com.cn参考文章(11)
J. McLean, The algebra of security ieee symposium on security and privacy. pp. 2- 7 ,(1988) , 10.1109/SECPRI.1988.8092
D. Elliott Bell, Leonard J. La Padula, Secure Computer System: Unified Exposition and Multics Interpretation Defense Technical Information Center. ,(1976) , 10.21236/ADA023588
Peter Loscocco, Stephen Smalley, Integrating Flexible Support for Security Policies into the Linux Operating System usenix annual technical conference. pp. 29- 42 ,(2001)
Carl E. Landwehr, Constance L. Heitmeyer, John McLean, A security model for military message systems ACM Transactions on Computer Systems. ,vol. 2, pp. 198- 222 ,(1984) , 10.1145/989.991
D.E. Bell, Security policy modeling for the next-generation packet switch ieee symposium on security and privacy. pp. 212- 216 ,(1988) , 10.1109/SECPRI.1988.8113
T.M.P. Lee, Using mandatory integrity to enforce 'commercial' security ieee symposium on security and privacy. pp. 140- 146 ,(1988) , 10.1109/SECPRI.1988.8106
J. M. Rushby, Design and verification of secure systems ACM SIGOPS Operating Systems Review. ,vol. 15, pp. 12- 21 ,(1981) , 10.1145/1067627.806586
T. Thomas, A mandatory access control mechanism for the Unix file system annual computer security applications conference. pp. 173- 177 ,(1988) , 10.1109/ACSAC.1988.113437
T.J. Parenty, The incorporation of multi-level IPC into Unix ieee symposium on security and privacy. pp. 94- 99 ,(1989) , 10.1109/SECPRI.1989.36281
T.F. Lunt, D.E. Denning, R.R. Schell, M. Heckman, W.R. Shockley, The SeaView security model IEEE Transactions on Software Engineering. ,vol. 16, pp. 593- 607 ,(1990) , 10.1109/32.55088