检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:王辉[1] 贾宗璞[1] 申自浩[1] 卢碧波[1]
机构地区:[1]河南理工大学计算机科学与技术学院,焦作454000
出 处:《计算机科学》2010年第1期75-78,共4页Computer Science
摘 要:内部威胁是企业组织面临的非常严重的安全问题,作为企业最贵重的信息资产——文档,是内部滥用的主要目标。以往的粗粒度安全策略,如最小权限原则、职责分离等,都不足以胜任文档安全化的内部威胁问题。提出了一个崭新的多级安全策略模型,引入了文档信息流和信息流图概念,并提出了相关算法。它能依据系统上下文环境的变化,动态地产生信息流的约束条件,屏蔽可能产生的隐藏信息流通道。Insider threat is widely recognized as an utmost important issue for organization security management. As the most important information asset (documents), they are the chief target of insider misuse. The former coarse grained security policies that operate on "the principle of least privilege" or "separate of duty" are not enough to address documents security about insider threat issue. We presented a novel multi-level security policy model and related algorithms, and defined the concept of document information flow and information flow graph. According to system context's change, it will generate dynamic restriction conditions about information flow. And its aim is to prohibit these probable hiding channels of information flow.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.62