计算机科学 ›› 2018, Vol. 45 ›› Issue (11): 108-114.doi: 10.11896/j.issn.1002-137X.2018.11.016
杨莹1,2, 夏剑锋1,2, 朱大立2
YANG Ying1,2, XIA Jian-feng1,2, ZHU Da-li2
摘要: 高安全级移动办公对信息系统不断提出更高的安全需求,在此背景下出现了瘦终端(Thin-Client)解决方案。其采用云存储、分布式终端系统和集中管理,为用户提供了更好的安全性。当前的主要技术包括虚拟桌面和Web终端,其中前者是主流。近年来,Web操作系统(Web OS)的发展促使Web终端受到业界重视,但Web OS还存在机密性和完整性保护不足的问题。基于Web OS系统的特点抽象建模,提出了混合机密性模型BLP和完整性模型Biba的多安全策略模型。首先利用格将机密性标签、完整性标签和范畴集合相结合,解决了BLP与Biba信息流相反的问题;然后提出可信主体的最小特权原则来进一步约束可信主体的权限,并给予特定可信主体临时权限,以提高灵活性和可用性;最后分析模型的安全性和适用性。
中图分类号:
[1]Wiki.Thin client[OL].[2016-06-21].https://en.wikipedia.org/wiki/Thin_client. [2]Thin and Zero Clients Meet Military Security Environmental Re- quirements[OL].[2014-10-30].http://eecatalog.com/milita-ry/2014/10/30/thin-and-zero-clients-meet-military-security-environmental-requirements. [3]BERRYMAN A,CALYAM P,HONIGFORD M,et al.VD- Bench:A Benchmarking Toolkit for Thin-Client Based Virtual Desktop Environments[C]∥IEEE Second International Confe-rence on Cloud Computing Technology and Science.IEEE,2010:480-487. [4]GEORGIEV M,JANA S,SHMATIKOV V.Rethinking Security of Web-Based System Applications[C]∥International Conference on World Wide Web.International World Wide Web Conferences Steering Committee,2015:366-376. [5]DEFREEZ D,SHASTRY B,CHEN H,et al.A first look at Firefox OS security∥Proceedings of the Third Workshop on Mobile Security Technologies(IEEE MoST).2014. [6]BAE S G,CHO H,LIM I,et al.SAFEWAPI:web API misuse detector for web applications[C]∥The ACM Sigsoft International Symposium.ACM,2014:507-517. [7]CHEN B,MING W S,HUANG Y L.An Anomaly Detection Module for Firefox OS[C]∥IEEE Eighth International Confe-rence on Software Security and Reliability-Companion.IEEE,2014:176-184. [8]PIEKARSKA M,SHASTRY B,BORGAONKAR R.What Does the Fox Say?On the Security Architecture of Firefox OS[C]∥Ninth International Conference on Availability,Reliability and Security.IEEE Computer Society,2014:172-177. [9]HUANG L S,MOSHCHUK A,WANG H J,et al.Clickjacking: attacks and defenses[C]∥Usenix Conference on Security Symposium.USENIX Association,2012:22. [10]WEST W,PULIMOOD S M.Analysis of privacy and security in HTML5 web storage[J].Journal of Computing Sciences in Colleges,2011,27(3):80-87. [11]HEIDERICH M,SCHWENK J,FROSCH T,et al.mXSS at- tacks:attacking well-secured web-applications by using inner HTML mutations[M].ACM,2013:777-788. [12]BOJINOV H,BURSZTEIN E,DAN B.XCS:cross channel scripting and its impact on web applications[C]∥ACM Confe-rence on Computer and Communications Security(CCS 2009).Chicago,Illinois,USA,DBLP,2009:420-431. [13]DANISEVSKIS J,PIEKARSKA M,SEIFERT J P.Dark Side of the Shader:Mobile GPU-Aided Malware Delivery[M]∥Information Security and Cryptology(ICISC 2013).Springer International Publishing,2013:483-495. [14]MULLINER C,GOLDE N,SEIFERT J P.Sms of death:From analyzing to attacking mobile phones on a large scale[C]∥Proceedings of the 20th USENIX Conference on Security.2011:24. [15]MULLINER C,VIGNA G.Vulnerability analysis of mms user agents[C]∥Proceedings of the 22nd Annual Computer Security Applications Conference.2006:77-88. [16]AKHAWE D,LI F,HE W,et al.Data-Confined HTML5 Applications[M]∥Computer Security -ESORICS 2013.Springer Berlin Heidelberg,2013:736-754. [17]AKHAWE D,SAXENA P,AND SONG D.Privilege separation in HTML5 applications[C]∥Usenix Conference on Security Symposium,USENIX Association.2012:23-23. [18]ZHU D,YANG Y,JIN H,et al.Application of Modified BLP Model on Mobile Web Operating System[C]∥2016 IEEE Trustcom/BigDataSE/ISPA.2017:1818-1824. [19]BELL D E.Secure computer systems:a refinement of the mathematical model[M].NTIS,1974. [20]LIU W Q,QIN S H,LIU H F.Design of a Modified BLP Security Model and Its Application to SecLinux[J].Journal of Software,2002,13(4):567-573.(in Chinese) 刘文清,卿斯汉,刘海峰.一个修改BLP安全模型的设计及在SecLinux上的应用[J].软件学报,2002,13(4):567-573. [21]XU L,TAN H.Formal Description and Automated Verification of improved BLP Model[J].Computer Engineering,2013,39(12):130-135.(in Chinese) 徐亮,谭煌.BLP改进模型的形式化描述及自动化验证[J].计算机工程,2013,39(12):130-135. [22]BIBA K J.Integrity Considerations for Secure Computer Systems[R].MITRE Technical Report,1975. [23]LIU Y M,DONG Q K,LI X P.Study on enhancing integrity for BLP model[J].Journal on Communications,2010,31(2):100-106.(in Chinese) 刘彦明,董庆宽,李小平.BLP模型的完整性增强研究[J].通信学报,2010,31(2):100-106. [24]ZHANG J,ZHOU Z,LI J,et al.Confidentiality and integrity dynamic union model based on MLS policy[J].Computer Engineering and Applications,2008,44(12):19-21.(in Chinese) 张俊,周正,李建,等.基于MLS策略的机密性和完整性动态统一模型[J].计算机工程与应用,2008,44(12):19-21. [25]LIU B,CHEN S H,DENG J S.Survey of Bell-LaPadula model [J].Application Research of Computers,2013,30(3):656-660.(in Chinese) 刘波,陈曙晖,邓劲生.Bell-LaPadula模型研究综述[J].计算机应用研究,2013,30(3):656-660. [26]KARGER P A,AUSTEL V R,TOll D C.A new mandatory security policy combining secrecy and integrity.IBM Research Report,2000. [27]YUAN C Y,XU J F,ZHU C G.A Trusted recovery Model for Assurance of Integrity Policy Validity[J].Journal of Computer Research and Development,2014,51(2):360-372.(in Chinese) 袁春阳,许俊峰,朱春鸽.一种可确保完整性策略有效性的可信恢复模型[J].计算机研究与发展,2014,51(2):360-372. [28]DENNING D E.A lattice model of secure information flow[J].Communications of the ACM,1976,19(5):236-243. [29]SANDHU R S.Lattice-based access control models[J].Compu- ter,1993,26(11):9-19. [30]BELL D E.Secure computer systems:A network interpretation[C]∥Third Annual Computer Security Application Conference (ACSAC).1987:32-39. [31]LEE T M P.Using Mandatory Integrity to Enforce “Commercial” Security[C]∥IEEE Conference on Security and Privacy (IEEE S&P).IEEE Computer Society,1988:140-146. [32]SCHOCKLEY W R.Implementing the Clark-Wilson integrity policy using current technology[C]∥NIST National Computer Security Conference.1988:29-37. [33]LIPNER S B.Security and Source Code Access:Issues and Rea- lities∥IEEE Conference on Security and Privacy(IEEE S&P 2000).2000:124-125. GUERRA M,SANTOS N,MIRANDA J,et al.Access Control Systems:Security,Identity Management and Trust Models.Springer Publishing Company,Incorporated.2010. [35]BOURDIER T,CIRSTEA H,MOREAU P E.Analysis of lattice-based access control policies using rewiting systems and tom∥Luxembourg Day on Security & Reliability.2009:1-8. [36]OBIEDKOV S,KOURIE D G,ELOFF J H P.On Lattices in Access Control Models.Conceptual Structures:Inspiration and Application∥International Conference on Conceptual Structures (Proceedings ICCS 2006).2006. SANDHU R.Role hierarchies and constraints for lattice-based access controls∥European Symposium on Research in Computer Security:Computer Security.Springer-Verlag,1996,1146:65-79. [38]MA X Q,HUANG Y.Trusted computing model based on lattice[J].Journal on Communications,2010,31(8A):105-110.(in Chinese) 马新强,黄羿.基于格的可信计算模型[J].通信学报,2010,31(8A):105-110. [39]SHEN Y,SHEN C X.BLP Integrity Expansion Model on Lattice[J].Journal of Beijing University of Technology,2013,39(3):402-406.(in Chinese) 沈瑛,沈昌祥.基于格的BLP完整性扩展模型[J].北京工业大学学报,2013,39(3):402-406. [40]Mozilla.Firefox OS架构[OL].[2016-12-02].https://develo- per.mozilla.org/zh-CN/Firefox_OS/Platform/Architecture. [41]Mozilla.Firefox OS security overview[OL].[2016-12-02].ht- tps://developer.mozilla.org/en-US/Firefox_OS/Security/Security_model. [42]Google.Chrome OS[OL].[2016-04-16].https://en.wikipedia.org/wiki/Chrome_OS. [43]Wiki.Tizen[OL].[2017-03-10].https://zh.wikipedia.org/zh-cn/Tizen. [44]Ubuntu.Ubuntu Touch[OL].[2017-03-10].https://develo-per.ubuntu.com/en/phone/devices/porting-new-device/. [45]Wiki.TizenSecurity[OL].[2017-03-11].https://wiki.tizen.org/wiki/Security#All_3.X_security_pages. [46]Google.Permissions in Chrome apps and extensions[OL].[2017-03-11].https:// developer.chrome.com/apps/declare_permissions. [47]WANG C.Access control model based on indirect information flows restrains[J].Computer Engineering and Design,2012,33(7):2521-2525.(in Chinese) 王超.基于间接信息流约束的访问控制模型[J].计算机工程与设计,2012,33(7):2521-2525. [48]WANG Y,LI J,HE J H.A selinux strategy analysis model based on information flow[J].Computer Applications and Software,2011,28(4):284-288.(in Chinese) 王燕,李佳,何建波.基于信息流的SELinux策略分析模型[J].计算机应用与软件,2011,28(4):284-288. [49]LIU Y H,SHEN C X.An Information Security Function and Application Model[J].Journal of Computer-aided Design & Computer Graphics,2005,17(12):2734-2738.(in Chinese) 刘益和,沈昌祥.一个信息安全函数及应用模型[J].计算机辅助设计与图形学学报,2005,17(12):2734-2738. [50]TOBIAS N,WENZEL M,PAULSON L C.Isabelle/HOL:a proof assistant for higher-order logic.Springer-Verlag,2013. [51]CHEN K,HE Y P.Application of Isabelle in analyzing secure operating system state-machine models[J].Computer Enginee-ring and Design,2008,29(3):580-582.(in Chinese) 陈坤,贺也平.Isabelle在分析安全操作系统状态机模型中的应用[J].计算机工程与设计,2008,29(3):580-582. |
[1] | 郭鹏军, 张泾周, 杨远帆, 阳申湘. 飞机机内无线通信网络架构与接入控制算法研究 Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft 计算机科学, 2022, 49(9): 268-274. https://doi.org/10.11896/jsjkx.210700220 |
[2] | 王坤姝, 张泽辉, 高铁杠. 基于Hachimoji DNA和QR分解的遥感图像可逆隐藏算法 Reversible Hidden Algorithm for Remote Sensing Images Based on Hachimoji DNA and QR Decomposition 计算机科学, 2022, 49(8): 127-135. https://doi.org/10.11896/jsjkx.210700216 |
[3] | 张颖涛, 张杰, 张睿, 张文强. 全局信息引导的真实图像风格迁移 Photorealistic Style Transfer Guided by Global Information 计算机科学, 2022, 49(7): 100-105. https://doi.org/10.11896/jsjkx.210600036 |
[4] | 许思雨, 秦克云. 基于剩余格的模糊粗糙集的拓扑性质 Topological Properties of Fuzzy Rough Sets Based on Residuated Lattices 计算机科学, 2022, 49(6A): 140-143. https://doi.org/10.11896/jsjkx.210200123 |
[5] | 刘畅, 魏为民, 孟繁星, 才智. 语音风格迁移研究进展 Research Progress on Speech Style Transfer 计算机科学, 2022, 49(6A): 301-308. https://doi.org/10.11896/jsjkx.210300134 |
[6] | 杨玥, 冯涛, 梁虹, 杨扬. 融合交叉注意力机制的图像任意风格迁移 Image Arbitrary Style Transfer via Criss-cross Attention 计算机科学, 2022, 49(6A): 345-352. https://doi.org/10.11896/jsjkx.210700236 |
[7] | 陈章辉, 熊贇. 基于解耦-检索-生成的图像风格化描述生成模型 Stylized Image Captioning Model Based on Disentangle-Retrieve-Generate 计算机科学, 2022, 49(6): 180-186. https://doi.org/10.11896/jsjkx.211100129 |
[8] | 许杰, 祝玉坤, 邢春晓. 机器学习在金融资产定价中的应用研究综述 Application of Machine Learning in Financial Asset Pricing:A Review 计算机科学, 2022, 49(6): 276-286. https://doi.org/10.11896/jsjkx.210900127 |
[9] | 叶跃进, 李芳, 陈德训, 郭恒, 陈鑫. 基于国产众核架构的非结构网格分区块重构预处理算法研究 Study on Preprocessing Algorithm for Partition Reconnection of Unstructured-grid Based on Domestic Many-core Architecture 计算机科学, 2022, 49(6): 73-80. https://doi.org/10.11896/jsjkx.210900045 |
[10] | 陈鑫, 李芳, 丁海昕, 孙唯哲, 刘鑫, 陈德训, 叶跃进, 何香. 面向国产异构众核架构的CFD非结构网格计算并行优化方法 Parallel Optimization Method of Unstructured-grid Computing in CFD for DomesticHeterogeneous Many-core Architecture 计算机科学, 2022, 49(6): 99-107. https://doi.org/10.11896/jsjkx.210400157 |
[11] | 封雷, 朱登明, 李兆歆, 王兆其. 一种基于遮罩的稀疏点云滤波算法 Sparse Point Cloud Filtering Algorithm Based on Mask 计算机科学, 2022, 49(5): 25-32. https://doi.org/10.11896/jsjkx.210600129 |
[12] | 阳真, 黄松, 郑长友. 基于区块链与改进CP-ABE的众测知识产权保护技术研究 Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE 计算机科学, 2022, 49(5): 325-332. https://doi.org/10.11896/jsjkx.210900075 |
[13] | 刘江, 刘文博, 张矩. OpenFoam中多面体网格生成的MPI+OpenMP混合并行方法 Hybrid MPI+OpenMP Parallel Method on Polyhedral Grid Generation in OpenFoam 计算机科学, 2022, 49(3): 3-10. https://doi.org/10.11896/jsjkx.210700060 |
[14] | 宁秋怡, 史小静, 段湘煜, 张民. 基于风格感知的无监督领域适应算法 Unsupervised Domain Adaptation Based on Style Aware 计算机科学, 2022, 49(1): 271-278. https://doi.org/10.11896/jsjkx.201200094 |
[15] | 郭显, 王雨悦, 冯涛, 曹来成, 蒋泳波, 张迪. 基于区块链的工业控制系统角色委派访问控制机制 Blockchain-based Role-Delegation Access Control for Industrial Control System 计算机科学, 2021, 48(9): 306-316. https://doi.org/10.11896/jsjkx.210300235 |
|