Computer Science ›› 2018, Vol. 45 ›› Issue (11): 108-114.doi: 10.11896/j.issn.1002-137X.2018.11.016
• Information Security • Previous Articles Next Articles
YANG Ying1,2, XIA Jian-feng1,2, ZHU Da-li2
CLC Number:
| [1]Wiki.Thin client[OL].[2016-06-21].https://en.wikipedia.org/wiki/Thin_client. [2]Thin and Zero Clients Meet Military Security Environmental Re- quirements[OL].[2014-10-30].http://eecatalog.com/milita-ry/2014/10/30/thin-and-zero-clients-meet-military-security-environmental-requirements. [3]BERRYMAN A,CALYAM P,HONIGFORD M,et al.VD- Bench:A Benchmarking Toolkit for Thin-Client Based Virtual Desktop Environments[C]∥IEEE Second International Confe-rence on Cloud Computing Technology and Science.IEEE,2010:480-487. [4]GEORGIEV M,JANA S,SHMATIKOV V.Rethinking Security of Web-Based System Applications[C]∥International Conference on World Wide Web.International World Wide Web Conferences Steering Committee,2015:366-376. [5]DEFREEZ D,SHASTRY B,CHEN H,et al.A first look at Firefox OS security∥Proceedings of the Third Workshop on Mobile Security Technologies(IEEE MoST).2014. [6]BAE S G,CHO H,LIM I,et al.SAFEWAPI:web API misuse detector for web applications[C]∥The ACM Sigsoft International Symposium.ACM,2014:507-517. [7]CHEN B,MING W S,HUANG Y L.An Anomaly Detection Module for Firefox OS[C]∥IEEE Eighth International Confe-rence on Software Security and Reliability-Companion.IEEE,2014:176-184. [8]PIEKARSKA M,SHASTRY B,BORGAONKAR R.What Does the Fox Say?On the Security Architecture of Firefox OS[C]∥Ninth International Conference on Availability,Reliability and Security.IEEE Computer Society,2014:172-177. [9]HUANG L S,MOSHCHUK A,WANG H J,et al.Clickjacking: attacks and defenses[C]∥Usenix Conference on Security Symposium.USENIX Association,2012:22. [10]WEST W,PULIMOOD S M.Analysis of privacy and security in HTML5 web storage[J].Journal of Computing Sciences in Colleges,2011,27(3):80-87. [11]HEIDERICH M,SCHWENK J,FROSCH T,et al.mXSS at- tacks:attacking well-secured web-applications by using inner HTML mutations[M].ACM,2013:777-788. [12]BOJINOV H,BURSZTEIN E,DAN B.XCS:cross channel scripting and its impact on web applications[C]∥ACM Confe-rence on Computer and Communications Security(CCS 2009).Chicago,Illinois,USA,DBLP,2009:420-431. [13]DANISEVSKIS J,PIEKARSKA M,SEIFERT J P.Dark Side of the Shader:Mobile GPU-Aided Malware Delivery[M]∥Information Security and Cryptology(ICISC 2013).Springer International Publishing,2013:483-495. [14]MULLINER C,GOLDE N,SEIFERT J P.Sms of death:From analyzing to attacking mobile phones on a large scale[C]∥Proceedings of the 20th USENIX Conference on Security.2011:24. [15]MULLINER C,VIGNA G.Vulnerability analysis of mms user agents[C]∥Proceedings of the 22nd Annual Computer Security Applications Conference.2006:77-88. [16]AKHAWE D,LI F,HE W,et al.Data-Confined HTML5 Applications[M]∥Computer Security -ESORICS 2013.Springer Berlin Heidelberg,2013:736-754. [17]AKHAWE D,SAXENA P,AND SONG D.Privilege separation in HTML5 applications[C]∥Usenix Conference on Security Symposium,USENIX Association.2012:23-23. [18]ZHU D,YANG Y,JIN H,et al.Application of Modified BLP Model on Mobile Web Operating System[C]∥2016 IEEE Trustcom/BigDataSE/ISPA.2017:1818-1824. [19]BELL D E.Secure computer systems:a refinement of the mathematical model[M].NTIS,1974. [20]LIU W Q,QIN S H,LIU H F.Design of a Modified BLP Security Model and Its Application to SecLinux[J].Journal of Software,2002,13(4):567-573.(in Chinese) 刘文清,卿斯汉,刘海峰.一个修改BLP安全模型的设计及在SecLinux上的应用[J].软件学报,2002,13(4):567-573. [21]XU L,TAN H.Formal Description and Automated Verification of improved BLP Model[J].Computer Engineering,2013,39(12):130-135.(in Chinese) 徐亮,谭煌.BLP改进模型的形式化描述及自动化验证[J].计算机工程,2013,39(12):130-135. [22]BIBA K J.Integrity Considerations for Secure Computer Systems[R].MITRE Technical Report,1975. [23]LIU Y M,DONG Q K,LI X P.Study on enhancing integrity for BLP model[J].Journal on Communications,2010,31(2):100-106.(in Chinese) 刘彦明,董庆宽,李小平.BLP模型的完整性增强研究[J].通信学报,2010,31(2):100-106. [24]ZHANG J,ZHOU Z,LI J,et al.Confidentiality and integrity dynamic union model based on MLS policy[J].Computer Engineering and Applications,2008,44(12):19-21.(in Chinese) 张俊,周正,李建,等.基于MLS策略的机密性和完整性动态统一模型[J].计算机工程与应用,2008,44(12):19-21. [25]LIU B,CHEN S H,DENG J S.Survey of Bell-LaPadula model [J].Application Research of Computers,2013,30(3):656-660.(in Chinese) 刘波,陈曙晖,邓劲生.Bell-LaPadula模型研究综述[J].计算机应用研究,2013,30(3):656-660. [26]KARGER P A,AUSTEL V R,TOll D C.A new mandatory security policy combining secrecy and integrity.IBM Research Report,2000. [27]YUAN C Y,XU J F,ZHU C G.A Trusted recovery Model for Assurance of Integrity Policy Validity[J].Journal of Computer Research and Development,2014,51(2):360-372.(in Chinese) 袁春阳,许俊峰,朱春鸽.一种可确保完整性策略有效性的可信恢复模型[J].计算机研究与发展,2014,51(2):360-372. [28]DENNING D E.A lattice model of secure information flow[J].Communications of the ACM,1976,19(5):236-243. [29]SANDHU R S.Lattice-based access control models[J].Compu- ter,1993,26(11):9-19. [30]BELL D E.Secure computer systems:A network interpretation[C]∥Third Annual Computer Security Application Conference (ACSAC).1987:32-39. [31]LEE T M P.Using Mandatory Integrity to Enforce “Commercial” Security[C]∥IEEE Conference on Security and Privacy (IEEE S&P).IEEE Computer Society,1988:140-146. [32]SCHOCKLEY W R.Implementing the Clark-Wilson integrity policy using current technology[C]∥NIST National Computer Security Conference.1988:29-37. [33]LIPNER S B.Security and Source Code Access:Issues and Rea- lities∥IEEE Conference on Security and Privacy(IEEE S&P 2000).2000:124-125. GUERRA M,SANTOS N,MIRANDA J,et al.Access Control Systems:Security,Identity Management and Trust Models.Springer Publishing Company,Incorporated.2010. [35]BOURDIER T,CIRSTEA H,MOREAU P E.Analysis of lattice-based access control policies using rewiting systems and tom∥Luxembourg Day on Security & Reliability.2009:1-8. [36]OBIEDKOV S,KOURIE D G,ELOFF J H P.On Lattices in Access Control Models.Conceptual Structures:Inspiration and Application∥International Conference on Conceptual Structures (Proceedings ICCS 2006).2006. SANDHU R.Role hierarchies and constraints for lattice-based access controls∥European Symposium on Research in Computer Security:Computer Security.Springer-Verlag,1996,1146:65-79. [38]MA X Q,HUANG Y.Trusted computing model based on lattice[J].Journal on Communications,2010,31(8A):105-110.(in Chinese) 马新强,黄羿.基于格的可信计算模型[J].通信学报,2010,31(8A):105-110. [39]SHEN Y,SHEN C X.BLP Integrity Expansion Model on Lattice[J].Journal of Beijing University of Technology,2013,39(3):402-406.(in Chinese) 沈瑛,沈昌祥.基于格的BLP完整性扩展模型[J].北京工业大学学报,2013,39(3):402-406. [40]Mozilla.Firefox OS架构[OL].[2016-12-02].https://develo- per.mozilla.org/zh-CN/Firefox_OS/Platform/Architecture. [41]Mozilla.Firefox OS security overview[OL].[2016-12-02].ht- tps://developer.mozilla.org/en-US/Firefox_OS/Security/Security_model. [42]Google.Chrome OS[OL].[2016-04-16].https://en.wikipedia.org/wiki/Chrome_OS. [43]Wiki.Tizen[OL].[2017-03-10].https://zh.wikipedia.org/zh-cn/Tizen. [44]Ubuntu.Ubuntu Touch[OL].[2017-03-10].https://develo-per.ubuntu.com/en/phone/devices/porting-new-device/. [45]Wiki.TizenSecurity[OL].[2017-03-11].https://wiki.tizen.org/wiki/Security#All_3.X_security_pages. [46]Google.Permissions in Chrome apps and extensions[OL].[2017-03-11].https:// developer.chrome.com/apps/declare_permissions. [47]WANG C.Access control model based on indirect information flows restrains[J].Computer Engineering and Design,2012,33(7):2521-2525.(in Chinese) 王超.基于间接信息流约束的访问控制模型[J].计算机工程与设计,2012,33(7):2521-2525. [48]WANG Y,LI J,HE J H.A selinux strategy analysis model based on information flow[J].Computer Applications and Software,2011,28(4):284-288.(in Chinese) 王燕,李佳,何建波.基于信息流的SELinux策略分析模型[J].计算机应用与软件,2011,28(4):284-288. [49]LIU Y H,SHEN C X.An Information Security Function and Application Model[J].Journal of Computer-aided Design & Computer Graphics,2005,17(12):2734-2738.(in Chinese) 刘益和,沈昌祥.一个信息安全函数及应用模型[J].计算机辅助设计与图形学学报,2005,17(12):2734-2738. [50]TOBIAS N,WENZEL M,PAULSON L C.Isabelle/HOL:a proof assistant for higher-order logic.Springer-Verlag,2013. [51]CHEN K,HE Y P.Application of Isabelle in analyzing secure operating system state-machine models[J].Computer Enginee-ring and Design,2008,29(3):580-582.(in Chinese) 陈坤,贺也平.Isabelle在分析安全操作系统状态机模型中的应用[J].计算机工程与设计,2008,29(3):580-582. |
| [1] | GUO Peng-jun, ZHANG Jing-zhou, YANG Yuan-fan, YANG Shen-xiang. Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft [J]. Computer Science, 2022, 49(9): 268-274. |
| [2] | WANG Kun-shu, ZHANG Ze-hui, GAO Tie-gang. Reversible Hidden Algorithm for Remote Sensing Images Based on Hachimoji DNA and QR Decomposition [J]. Computer Science, 2022, 49(8): 127-135. |
| [3] | XU Si-yu, QIN Ke-yun. Topological Properties of Fuzzy Rough Sets Based on Residuated Lattices [J]. Computer Science, 2022, 49(6A): 140-143. |
| [4] | YANG Zhen, HUANG Song, ZHENG Chang-you. Study on Crowdsourced Testing Intellectual Property Protection Technology Based on Blockchain and Improved CP-ABE [J]. Computer Science, 2022, 49(5): 325-332. |
| [5] | GUO Xian, WANG Yu-yue, FENG Tao, CAO Lai-cheng, JIANG Yong-bo, ZHANG Di. Blockchain-based Role-Delegation Access Control for Industrial Control System [J]. Computer Science, 2021, 48(9): 306-316. |
| [6] | WANG Xiao-min, SU Jing, YAO Bing. Algorithms Based on Lattice Thought for Graph Structure Similarity [J]. Computer Science, 2021, 48(6A): 543-551. |
| [7] | CHENG Xue-lin, YANG Xiao-hu, ZHUO Chong-kui. Research and Implementation of Data Authority Control Model Based on Organization [J]. Computer Science, 2021, 48(6A): 558-562. |
| [8] | QIAN Xin-yuan, WU Wen-yuan. Identity-based Encryption Scheme Based on R-SIS/R-LWE [J]. Computer Science, 2021, 48(6): 315-323. |
| [9] | PAN Rui-jie, WANG Gao-cai, HUANG Heng-yi. Attribute Access Control Based on Dynamic User Trust in Cloud Computing [J]. Computer Science, 2021, 48(5): 313-319. |
| [10] | SHEN Xia-jiong, YANG Ji-yong, ZHANG Lei. Attribute Exploration Algorithm Based on Unrelated Attribute Set [J]. Computer Science, 2021, 48(4): 54-62. |
| [11] | ZHENG Jia-tong, WU Wen-yuan. Practical Bi-deniable Encryption Scheme Based on MLWE [J]. Computer Science, 2021, 48(3): 307-312. |
| [12] | WEN Xin, YAN Xin-yi, CHEN Ze-hua. Minimal Optimistic Concept Generation Algorithm Based on Equivalent Relations [J]. Computer Science, 2021, 48(3): 163-167. |
| [13] | CAO Meng, YU Yang, LIANG Ying, SHI Hong-zhou. Key Technologies and Development Trends of Big Data Trade Based on Blockchain [J]. Computer Science, 2021, 48(11A): 184-190. |
| [14] | HE Heng, JIANG Jun-jun, FENG Ke, LI Peng, XU Fang-fang. Efficient Multi-keyword Retrieval Scheme Based on Attribute Encryption in Multi-cloud Environment [J]. Computer Science, 2021, 48(11A): 576-584. |
| [15] | XU Kun, FU Yin-jin, CHEN Wei-wei, ZHANG Ya-nan. Research Progress on Blockchain-based Cloud Storage Security Mechanism [J]. Computer Science, 2021, 48(11): 102-115. |
|
||
Home