计算机科学 ›› 2017, Vol. 44 ›› Issue (8): 107-114.doi: 10.11896/j.issn.1002-137X.2017.08.020
范艳芳
FAN Yan-fang
摘要: 安全的信息共享对信息系统而言至关重要。协作环境下的关键应用对信息共享和信息安全提出了更高的要求。已有的基于BLP模型的强制访问控制模型均无法满足协作环境下关键应用的访问控制需求。因此提出一种协作环境下的具有时空约束的强制访问控制模型,将任务、时间、空间等要素进行综合考虑,从而将逻辑安全和物理位置相结合,既增强了访问控制模型的安全性,又满足了协作环境下访问控制的灵活性。采用无干扰理论对所提模型的安全性进行了证明。
[1] BELL D E,LAPADULA L J.Secure Computer Systems:Mathematical Foundations [R].Electronic Systems Division,Air Force Systems Command,Hanscom Air Force Base,Bedford,MA,USA,1973. [2] BELL D E,LAPADULA L J.Secure Computer Systems:A Mathe-matical Model [R].Electronic Systems Division,Air Force Systems Command,Hanscom Air Force Base,Bedford,MA,USA,1973. [3] BELL D E,LAPADULA L J.Secure Computer Systems:A Refinement of the Mathematical Model [R].Electronic Systems Division,Air Force Systems Command,Hanscom Air Force Base,Bedford,MA,USA,1974. [4] BELL D E,LAPADULA L J.Secure Computer System:Unified Exposition and MULTICS Interpretation:MTR-2997 Rev.1[R].The MITRE Corporation,Bedford,MA,USA,1976. [5] FAN Y F,CAI Y.Collaboration Supported Mandatory AccessControl Model[J].Journal of Computer Research and Development,2015,2(10):2411-2421.(in Chinese) 范艳芳,蔡英.支持协作的强制访问控制模型[J].计算机研究与发展,2015,52(10):2411-2421. [6] FAN Y F,CAI Y,GENG X H.A Mandatory Access ControlModel with Temporal and Spatial Constraints [J].Journal of Beijing University of Posts and Telecommunications,2012,35(5):111-114.(in Chinese) 范艳芳,蔡英,耿秀华.具有时空约束的强制访问控制模型[J].北京邮电大学学报,2012,35(5):111-114. [7] WU Y J,LIANG H L,ZHAO C.A Multi-Level Security Modelwith Least Privilege Support for Trusted Subject[J].Journal of Software,2007,18(3):730-738 (in Chinese) 武延军,梁洪亮,赵琛.一个支持可信主体特权最小化的多级安全模型[J].软件学报,2007,18(3):730-738. [8] ZHANG X F,XU F,SHEN C X.Research on Multilevel Security Model Based on Trustworthy State and Its Application[J].Acta Electronica Sinica,2007,35(8):1511-1515.(in Chinese) 张晓菲,许访,沈昌祥.基于可信状态的多级安全模型及其应用研究[J].电子学报,2007,35(8):1511-1515. [9] THOMAS R K.Team-based Access Control (TMAC):A Primitive for Applying Role-based Access Controls in Collaborative Environments [C]∥Proc of the 2nd Workshop on Role-Based Access Control.ACM,Fairfax,VA,USA,1997:13-19. [10] GEORGIADIS C K,MAVRIDIS I,P ANGALOS G,et al.Flexible Team-based Access Control Using Contexts [C]∥The ACM Symposium on Access Control Models and Technologies 2001.Chantilly,Vriginia,USA,2001:21-27. [11] 翟治年.企业级协作环境中访问控制模型研究[D].北京:华南理工大学,2012. [12] BIJON K Z,SANDHU R S,KRISHNAN R.A Group-centric Model for Collaboration with Expedient Insiders in Multilevel Systems [C]∥The 2012 International Conference on Collaboration Technologies and Systems.2012:419-426. [13] YAN X X,GENG T.Fused access control scheme for sensitive data sharing[J].Journal on Communications,2014,35(8):71-77.(in Chinese) 闰玺玺,耿涛.面向敏感数据共享环境下的融合访问控制机制[J].通信学报,2014,5(8):71-77. [14] BIJON K Z,SANDHU R,KRISHNAN R.A group-centric mo-del for collaboration with expedient insiders in multilevel systems[C]∥International Conference on Collaboration Technologies and Systems.IEEE,2012:419-426. [15] BIJON K Z,SANDHU R,KRISHNAN R,et al.A lattice interpretation of group-centric collaboration with expedient insiders[C]∥International Conference on Collaborative Computing:Networking,Applications and Worksharing.IEEE,2012:200-209. [16] RUSHBY J.Noninterference,Transitivity and Channel-controlSecurity Policies:Technical Report,CSL-92-02[R].Menlo Park:Stanford Research Institute,1992. |
No related articles found! |
|