Computer Science ›› 2015, Vol. 42 ›› Issue (8): 138-144.

Previous Articles     Next Articles

Improved BLP Model Based on CRFs

MA Meng, TANG Zhuo, LI Ren-fa and XIONG Liao-te   

  • Online:2018-11-14 Published:2018-11-14

Abstract: As most access control models are short of the ability to perceive the system security status and risks in a dynamic way,the paper introduced a machine learning method CRFs into the rule optimization of BLP model,and proposed a dynamic BLP model,CRFs-BLP.After preprocessing and tagging the history access log,it will extract the feature set,then CRF++ toolkit will be taken to finish the study and training of these datasets,so the model can be adjusted dynamically according to the current secure state and events in system,and the read-write scope for sensitive objects will be limited dynamically.Finally,the experiment shows the availability and accuracy of the model in a real environment.

Key words: Access control,CRFs,Machine learning,BLP model

[1] Sandhu R S,Samarati P.Access control:principle and practice[J].Communications Magazine,IEEE,1994,32(9):40-48
[2] Yang Kan,Jia X H.Expressive,Efficient,and Revocable DataAccess Control for Multi-Authority Cloud Storage [J].IEEE Transactions on Parallel and Distributed Systems,2014,25(7):1735-1744
[3] Lan Zhou,Varadharajan V,Hitchens M.Achieving Secure Role-Based Access Control on Encrypted Data in Cloud Storage[J].IEEE Transactions on Information Forensics and Security,2013,8(12):1947-1960
[4] Bell D E,LaPadula L J.Secure Computer Systems:Mathematical Foundations:ESD-TR-73-278,I(AD)770768[R].Bedford,UK:MITRE Corporation,1973
[5] Bell D E,LaPadula L J.Secure Computer System:A Mathematical Model[R].Bedford,MA:Electronic Systems Division,Air Force System Command,Hanscom AFB,1973
[6] Shen Ying,Xiong L R.Lattic based BLP extended model [C]∥Proc of the 2nd International Conference on Future Information Technology and Management Engineering.2009:309-312
[7] Liang H L,Sun Y F,Zhao Q S,et al.Design and implementation of a security label common framework [J].Journal of Software,2003,14(3):547-552
[8] 蔡谊,郑志蓉,沈昌祥.基于多级安全策略的二维标识模型[J].计算机学报,2004,7(5):619-624 Cai Yi,Zheng Zhi-rong,Shen Chang-xiang.A Planar Attributes Model Based on Multi Level Security Policy [J].Chinese Journal of Computers,2004,27(5):619-624
[9] 刘彦明,董庆宽,李小平.BLP 模型的完整性增强研究[J].通信学报,2010,31(2):100-106 Liu Yan-ming,Dong Qing-kuan,Li Xiao-ping.Study on enhancing integrity for BLP model[J].Journal on Communications,2010,31(2):100-106
[10] Lee T M P.Using mandatory integrity to enforce "commercial" security[C]∥Proc of IEEE Conference on Security and Privacy.Washington DC:IEEE Computer Society,1998:140-146
[11] Schell R,Tao T F,Heckmn M.Designing the GEMSOS security kernel for security and performance[C]∥Proc of the 8th National Computer Security Conference.1985:108-119
[12] 聂晓伟,冯登国.基于动态可信度的可调节安全模型[J].通信学报,2008,9(10):37-44 Nie Xiao-wei,Feng Deng-guo.Modified security model based on dynamic trusted degree [J].Journal on Communications,2008,9(10):37-44
[13] 谭智勇,刘铎,司天歌,等.一种具有可信度特征的多级安全模型[J].电子学报,2008,6(8):1637-1641 Tan Zhi-yong,Liu Duo,Si Tian-ge,et al.Multilevel Security Model with Credibility Characteristics [J].Acta Electronica Sinica,2008,36(8):1637-1641
[14] Yamaguchi F,Lindner F,Rieck K.Vulnerability extrapolation:Assisted discovery of vulnerabilities using machine learning[C]∥Proceedings of the 5th USENIX Conference on offensive Technologies.USENIX Association,2011:13-13
[15] 顾亚祥,丁世飞.支持向量机研究进展[J].计算机科学,2011,8(2):14-17 Gu Ya-xiang,Ding Shi-fei.Advances of Support Vector Machines [J].Computer Science,2011,38(2):14-17
[16] Bozorgi M,Saul L K,Savage S,et al.Beyond heuristics:learning to classify vulnerabilities and predict exploits[C]∥Proc.of 16th Int.Conf.on Knowledge discovery and Data Mining.ACM,2010:105-144
[17] 谭小彬,王卫平,奚宏生,等.计算机系统入侵检测的隐马尔可夫模型[J].计算机研究与发展,2003,0(2):245-250 Tan Xiao-bin,Wang Wei-ping,Xi Hong-sheng,et al.A Hidden Markov Model Used in Intrusion Detection [J].Journal of Computer Research and Development,2003,40(2):245-250
[18] Tjhai G C,Furnell S M,PaPadaki M,et al.A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm[J].Computers & Security,2010,9(6):712-723
[19] 王辉,陈泓予,刘淑芬,等.基于改进朴素贝叶斯算法的入侵检测系统[J].计算机科学,2014,1(4):111-115,9 Wang Hui,Chen Hong-yu,Liu Shu-fen,et al.Intrusion Detection System Based on Improved Nave Bayesian Algorithm[J].Computer Science,2014,1(4):111-115,9
[20] Seifert C,Welch I,Komisarczuk P.Identification of maliciousWeb pages with static heuristics[C]∥Proc.of Telecommunication Networks and Applications Conference.2008:91-96
[21] 张健,陈松乔.一种基于最大熵原理系统异常检测模型研究[J].小型微型计算机系统,2008,9(4):643-648 Zhang Jian,Chen Song-qiao.Research on an Abnormal Detect Model for System Call Sequence Using Maximum Entropy Principle [J].Journal of Chinese Computer System,2008,29(4):643-648

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!