检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]Oracle公司Internet服务部 [2]印第安那大学计算机科学系
出 处:《计算机学报》2000年第10期1096-1101,共6页Chinese Journal of Computers
摘 要:具有强制存取控制的数据库称为 B1级数据库 .强制存取控制为所有主体和客体定义一安全级 ,安全级为一分层密级和一非分层范围组成的二元组 .现有的强制存取控制系统都采用向上写向下读的策略 ,严重地影响了系统的可用性和灵活性 .此外 ,现有的对非分层范围的安全控制规则也存在着缺陷 .针对这些问题 ,文中提出一种改进的多级安全模型 ,修改了安全级的定义和相应的安全检查规则 ,从而增强了系统的安全性和可用性 .修改后的安全级定义中将读安全级和写安全级分开 ,并且可按不同分类方法定义多个非分层范围 。Mandatory access control (MAC) plays an important role in highly secured database systems. MAC requires that all users and resources are classified and assigned a security label, which is a combination of a hierarchical security level and non hierarchical security categories. Most MAC systems use “downward read” and “upward write” as access rules, which seriously constrains data availability. Besides, there are some flaws in the rule for category control. To solve these problems and improve both flexibility and security, this paper introduces an enhanced multilevel security (MLS) model with extended security labels and corresponding access rules. An extended label specifies a user's clearance for read and write separately, which allows the user to read and write data of appropriate sensitivity respectively. More over, an extended security label may include multiple category sets, controlling data access from different aspects. This paper also gives the formal representations of the mandatory access control model with a series of definitions and theorems as well as its access control rules. The model presented in this paper is compared with some available commercial DBMS with MAC: Trusted Oracle 7 and DM2.
分 类 号:TP311.13[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7