检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
出 处:《计算机科学》2012年第12期290-294,共5页Computer Science
基 金:国防"十二五"预研计划(4010105010103;62101050101;513150802);船舶基金(09J3.4.1)资助
摘 要:仅提供了自主访问控制级安全防护能力的Windows操作系统的安全性受到用户广泛关注,而作为一项重要的信息安全技术,强制访问控制能够有效实现操作系统安全加固。访问控制策略的选择与设计是成功实施强制访问控制的关键。针对安全项目的需要,分析了结合经典访问控制模型BLP与Biba的优势,提出了依据进程可信度动态调整的可变标签访问控制策略,解决了因BLP与Biba模型的简单叠加而导致的系统可用性问题,最终实现了对进程访问行为进行控制的简单原型系统。实验表明,可变标签访问控制策略的引入在对操作系统安全加固的基础上显著提高了系统的可用性。The security of Windows operating system which only provides discretional access control(DAC) capability has riveted far and wide attention.As an important information security technology,mandatory access control(MAC) can effectively enhance security of system,and the design of access control policy plays a key role in successful implementation of MAC.In order to satisfy the needs for secure projects in Windows operating system ultimately,combining advantages of classical access control models BLP and Biba,a new access control policy which adjusts security label of subjects based on its credibility was presented to solve poor usability caused by superposition of BLP and Biba.And finally the prototypal system based on access from process to file shows that the usability and security of system are improved effectively.
关 键 词:BLP BIBA 安全标签 标签调整 进程可信度
分 类 号:TP316.7[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.120
