关键词: BLP,Biba，安全标签，标签调整，进程可信度

Abstract: The security of Windows operating system which only provides discretional access control (DAC) capability has riveted far and wide attention. As an important information security technology,mandatory access control (MAC) can effectively enhance security of system, and the design of access control policy plays a key role in successful implementation of MAC. In order to satisfy the needs for secure projects in Windows operating system ultimately, combining advantages of classical access control models BLP and Biba,a new access control policy which adjusts security label of subjects based on its credibility was presented to solve poor usability caused by superposition of BI_P and Biba. And finally the prototypal system based on access from process to file shows that the usability and security of system are improved effectively.

Key words: BLP, Biba, Security label, I_abcl adj usting, Process credit