计算机科学 ›› 2015, Vol. 42 ›› Issue (7): 194-199.doi: 10.11896/j.issn.1002-137X.2015.07.043
金 丽,朱 浩
JIN Li and ZHU Hao
摘要: 降密策略静态实施机制具有限制性过强的缺陷:它将降密策略语义条件判定为安全的程序排斥在外。为了建立更加宽容的实施机制,基于自动机理论,建立了二维降密策略的动态监控机制。程序执行中的命令事件被抽象为自动机的输入,自动机根据这些输入信息跟踪程序执行过程中的信息流,禁止违反降密策略的程序命令的执行。最后,证明了自动机监控机制的可靠性。
| [1] Sabelfeld A,Myers A C.Language-based information flow security[J].Selected Areas in Communications,2003,1(1):5-19 [2] Goguen J A,Meseguer J.Security policies and security models[C]∥IEEE Symposium on Security and Privacy.1982:11-20 [3] Sabelfeld A,Sands D.Declassification:dimensions and principles[J].Journal of Computer Security,2009,7(5):517-548 [4] Magazinius J,Askarov A,Sabelfeld A.A lattice-based approach to mashup security[C]∥ 5th ACM Symposium on Information,Computer and Communications Security.2010:15-23 [5] Banerjee A,Naumann D A,Rosenberg S.Expressive declassification policies and modular static enforcement [C]∥IEEE Symposium on ecurity and Privacy.Oakland,CA:IEEE Computer Society Press,2008:339-353 [6] Askarov A,Sabelfeld A.Localized delimited release:combining the what and where dimensions of information release [C]∥2007 Workshop on Programming Languages and Analysis for Security.San Diego,California:ACM Computer Society Press,2007:53-60 [7] 朱浩,庄毅,薛羽,等.基于内容和地点维度的机密信息降级策略[J].计算机科学,2012,9(8):153-157,185 Zhu H,Zhuang Y,Xue Y,et al.Declassification Policy Based on Content and Location Dimensions[J].Computer Science,2012,9(8):153-157,185 [8] Russo A,Sabelfeld A.Dynamic vs.static flow-sensitive security analysis[C]∥23rd IEEE Computer Security Foundations Symposium.2010:186-199 [9] David B,Vincent J,Felix k,et al.Enforceable Security Policies Revisited[J].ACM Transactions on Information and System Security,2013,16(1):3-26 [10] Zhu Y,Jung J,Song D,et al.Privacy Scope:A precise information flow tracking system for finding application leaks:EECS-2009-145[R]∥ Berkeley: Electrical Engineering and Computer Sciences,University of California .2009 [11] Nair S K,Simpson P N D,Crispo B,et al.A virtual machinebased information flow control system for policy enforcement [J].Electronic Notes in Theoretical Computer Science,2008,197(1):3-16 [12] Dhawan M,Ganapathy V.Analyzing information flow in Java Script-based browser extensions [C]∥Computer Security Applications Conference.Honolulu,HI:IEEE Computer Society Press,2009:382-391 [13] Magazinius J,Russo A,Sabelfeld A.On-the-fly inlining of dy-namic security monitors[J].Computers & Security,2012,31(7):827-843 [14] Le G G,Banerjee A,Schmidt D A.Automata-based confidentia-lity monitoring[M]∥ Okada M,Satoh I,eds.Advances in Computer Science-ASIAN 2006.Secure Software and Related Issues:11th Asian Computing Science Conference.Springer Berlin Heidelberg,2007:75-89 [15] Askarov A,Myers A.A semantic framework for declassification and endorsement[C]∥Gordon A D,ed.Proceedings of the 19th European Symposium on Programming Languages and Systems.Springer Berlin Heidelberg,2010:64-84 |
| No related articles found! |
|
||
首页