检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:沈晴霓[1] 卿斯汉[1] 贺也平[1] 沈建军[1]
机构地区:[1]中国科学院软件研究所信息安全技术工程研究中心
出 处:《通信学报》2006年第2期66-72,共7页Journal on Communications
基 金:国家重点基础研究发展计划("973"计划)基金资助项目(G1999035802);国家自然科学基金资助项目(60083007);北京市自然科学基金资助项目(4052016)~~
摘 要:多数支持POSIX权能机制的安全操作系统提出了各自的权能遗传算法,但这些算法都只适用于特定的最小特权控制策略,并且存在语义冲突、安全目标不明确等问题,不能有效支持多种安全需求不同的特权策略。通过对一些现有算法的深入分析,提出了一种新的权能遗传算法,该算法引入策略关联的权能控制变量以及可信应用属性。实例分析表明本算法具有策略适应性和可用性,形式化分析和验证表明它可使系统满足特权策略的基本安全定理。In order to support POSIX capability mechanism, many secure operating systems provided individual capability inheritable algorithms. These algorithms were only applicable to specified least privilege control policies, and had such defects as semantic conflicts and no defined security-objectives. So they couldn't flexibly support for implementing diversified privilege policies for different requirements. Based on the analysis of some existing algorithms, a new capability inheritance algorithm was proposed, which introduced the policy-relevant capability control variable and the trusted application attribution. The implementation of the algorithm in ANSHENG secure operating system demonstrates that this algorithm provides such properties as policy-adaptability and usability, the formal analysis and verification of this algorithm proves that it supports a secure operating system to meet basic security theorems of the privilege policies enforced in it.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.158