一种实现数据主动泄漏防护的扩展中国墙模型  被引量:4

Extended Chinese Wall Model for Aggressive Data Leakage Prevention

在线阅读下载全文

作  者:马俊[1] 王志英[1] 任江春[1] 伍江江[1] 程勇[1] 梅松竹[1] 

机构地区:[1]国防科学技术大学计算机学院,湖南长沙410073

出  处:《软件学报》2012年第3期677-687,共11页Journal of Software

基  金:国家自然科学基金(60903204)

摘  要:中国墙模型具有能够同时提供自主控制和强制控制的特性,因而被广泛应用于商业领域中,以防止有竞争关系的企业之间的信息流动而导致利益冲突.但是由于对读写约束过于严格,因而应用范围有限,特别是在数据泄漏防护的应用中未能发挥其优越性.针对数据泄漏防护对信息流动的控制需求,从数据客体的角度出发,考虑中国墙模型中的利益冲突问题,提出了主动冲突关系的概念,将原来对信息双向流动的约束转换为对单向流动的约束.在此基础上,提出了一种可以实现数据主动泄漏防护的扩展中国墙模型ACWM(aggressive Chinese wall model),并给出了模型的形式化描述和相关定理的证明.分析表明,ACWM模型可以实现传统中国墙模型的安全目标,而约束条件更加灵活,可以实现数据泄漏防护的需求.The Chinese wall model combines discretionary and mandatory aspects of access control. Hence it is widely used in commercial environments to prevent information flows from competing companies with conflicting of interests to the same consultant. However, the model gives strong constraints on both reads and writes, so it is too restrictive to be employed in a practical system. Especially for data leakage prevention (DLP), the applications not play to its advantages. This paper reconsiders the conflict of interest from the perspective of the data object and put forward the concept of aggressive conflict of interest relation. The new relation extends the constraints on two-way information flow to that of one-way flows. Based on this, the paper presents an aggressive Chinese wall model (ACWM) for initiative data leakage prevention and gives the formal description of the model as well as the related proof of the theorem. The final analysis shows that, ACWM achieves the same security goal as traditional Chinese wall models, and also provides more flexible constraints which are efficient for DLP.

关 键 词:中国墙模型 数据泄漏防护 信息流 利益冲突关系 联盟关系 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象