检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]海军工程大学,武汉430033 [2]烟台市公安局计算机监察处,烟台264001 [3]海军计算技术研究所,北京100841
出 处:《计算机工程与应用》2005年第21期27-31,共5页Computer Engineering and Applications
基 金:国家973重点基础研究发展规划(编号:G1999035801);国家863高技术研究发展研究计划(编号:2002AA144020)项目资助
摘 要:应用区域边界安全系统是一个关防系统,它在使用过程中能否达到保护应用环境安全的目标是由其安全授权规则集的完备性和一致性及对其授权的简便性决定的。应用环境中的主体是通过各种不同的应用协议对客体进行访问的,它们在通过应用区域边界安全系统时,应用区域边界安全系统将根据安全授权规则集对其访问请求进行检验,若满足安全授权规则集要求,则允许通过,反之拒绝。因此,我们根据访问请求所涉及的主体、客体、协议、安全策略等部件,给出了应用区域边界授权的体系结构,同时在给出刻画它们特性的谓词基础上,提出了易于表达安全策略的应用区域边界形式化授权模型。对此形式化模型进行编译不仅可以根据安全策略对授权的合法性进行检验,而且也可以及时发现安全策略中存在的漏洞,从而可以得到一个正确的安全授权规则集。Application enclave boundary security system is gateway system.It's aim to safeguard the application environment used in practical is determined by completeness and consistency of the set of security authorization rule and simpleness of its authorization process.The object in the application enclave environment is accessed by the subject in the application environment through different kinds of application protocol,when the access request pass through the application enclave boundary security system,it will be checked by the system based on its security authorization rules,if it satisfy the requirement of the system's security authorization rules,it is granted to pass,or else,denied to pass.Therefore,we present a formal authorization model that can easily express the security policy,which is based on the predicate describing the property of the subject,object,application protocol and security etc.Compiling the formal model we not only can check the validity of authorization based on security policy,but also can find shortcoming existed in security policy,so we can get a correct set of security authorization rules.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28
