基于XML的数据客体与安全标记绑定方法

计算机科学 ›› 2013, Vol. 40 ›› Issue (8): 124-128.

基于XML的数据客体与安全标记绑定方法

曹利峰,李中,陈性元,冯瑜

解放军信息工程大学四院郑州450004;解放军信息工程大学三院郑州450004;解放军信息工程大学三院郑州450004;解放军信息工程大学四院郑州450004

出版日期:2018-11-16 发布日期:2018-11-16
基金资助:
本文受国家863高技术研究发展计划项目(2009AA01Z438),国家973计划前期研究专项(2011CB311801),河南省杰出科技创新人才计划(114200510001h)资助

Method of Binding Secure Label to Data Object Based on XML

CAO Li-feng,LI Zhong,CHEN Xing-yuan and FENG Yu

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 安全标记与数据客体的绑定,是制约多级安全真正走向网络实用化的关键问题。针对这一问题,在深入分析XML的基础上,描述了XML客体安全标记及其约束规则,提出了安全标记与数据客体的绑定方法,讨论了安全标记查询、客体内容裂解等相关操作,给出了基于XML安全标记的安全通信实施机制。该绑定方法不仅能够满足多级信息系统间安全通信的需要,而且能够实施粒度更细的访问控制,提高信息客体的利用率。

关键词: 多级安全,等级保护,XML,安全标记,数据客体

Abstract: How to bind secure label to data object is a key problem in multi-level network that restricts MLS from practicality on network．This paper analyzed deeply xml,and expounded secure label of object based on xml and its restrictions,then put forward a method of binding secure label to data object based on XML．At the same time,some operations were discussed in detail,such as query of secure label,decomposition of object．Finally,secure communication based on secure label was described in multi-level network．The method can not only meet the need of secure communication in multi-level network,but also accomplish fine-grained mandatory access control,which may improve availability of information and reduce complexity of binding．

Key words: MLS,Classified security protection,XML,Secure label,Data object

曹利峰,李中,陈性元,冯瑜. 基于XML的数据客体与安全标记绑定方法[J]. 计算机科学, 2013, 40(8): 124-128. https://doi.org/

CAO Li-feng,LI Zhong,CHEN Xing-yuan and FENG Yu. Method of Binding Secure Label to Data Object Based on XML[J]. Computer Science, 2013, 40(8): 124-128. https://doi.org/

参考文献

[1] GB/T 22239-2008.信息安全技术信息系统安全等级保护基本要求[S].中国国家标准化管理委员会,2008
[2] Bell P D E,Padula L J L．Secure computer system:unified exposition and multics interpretation[R]．ESD-TR-75-306．MTR 2997Rev.1,The MITRE Corporation,1976
[3] 季庆光,卿斯汉,等.一个改进的可动态调节的机密性策略模型[J].软件学报,2004,15(10):1547-1557
[4] 何建波,卿斯汉,等.对两个改进的BLP模型分析[J].软件学报,2007,18(6):1501-1509
[5] Peng P C,Rohatgi P,Keser C．Fuzzy multi-level security:an experiment on quantified risk-adaptive access control[C]∥IEEE Symposium on Security and Privacy．Oakland,CA,May 2007:222-230
[6] Magnani M,Montesi D.A Unified Approach to Structured,Se-mistructured and Unstructured Data[R]．UBLCS- 2004-9.University of Bologna,2004
[7] Lee T Y．Formalisms on Semi-structured and Unstructured Data Schema Computations [D]．University of Hong Kong,Hong Kong Special Administrative Region,2010
[8] 李斓,何永忠,冯登国．面向XML文档的细粒度强制访问控制模型[J]．软件学报,2004,15(10):1528-1537
[9] Oudkerk S．A Proposal for an XML Confidentiality Label and Related Binding of Metadata to Data Objects[R].RTO-MP-IST-091-22.NATO C3Agency.2010
[10] Blazic A J,Saljic S．Confidentiality Labeling Using StructuredData Types[C]∥2010Fourth International Conferences on Di-gital Society．ST,Maarten,Feb.2010:182-187
[11] Pernul G,Winiwarter W,Tjoa A M.The entity-relationshipmodel for multilevel security[C]∥Proceedings of the 12th international conference on the entity-relationship approach:entity- relationship approach．Arlington,Texas,USA,December 1994:166-177

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed