检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]中国矿业大学计算机科学与技术学院,江苏徐州221116 [2]南京大学计算机系,江苏南京210093
出 处:《信息网络安全》2015年第12期21-27,共7页Netinfo Security
基 金:国家自然科学基金[61303263]
摘 要:针对云计算中信息的完整性问题,文章提出了一个基于云平台的多级安全模型。该模型将系统划分为三层:以虚拟机中的进程为基础层;将运行在同一台虚拟机监视器上的各虚拟机作为中间层;以该虚拟机监视器作为顶层,按自底向上的顺序进行安全性比较。结合这种安全模型,提出相配套的基于分布式计算环境的信息流控制(Decentralized Information Flow Control,DIFC)的访问控制方法(Decentralized Information Control Flow Based on Biba and BLP,DIFC-B)。该方法将虚拟机及其中的进程进行安全等级划分,再根据Biba模型和BLP模型的性质对进程间的访问进行验证,以确保系统运行时信息的完整性与机密性。最后,结合无干扰理论对基于云平台的多级安全模型进行了安全性分析,进而说明了模型的实用性。For the problem of the integrity of information in cloud computing, this paper proposed a multi-level security model for a cloud-based platform. The system is divided into three layers by this model and takes the process of virtual machine as a basic layer. The virtual machines run on the same virtual machine monitor are middle layer. Finally, the virtual machine monitor is the top layer. Through comparing the safety in the bottom-up order, the access control method DIFC-B (Decentralized Information Control Flow Based on Biba and BLP)based on the information flow control method of a distributed computing environment DIFC (Decentralized Information Flow Control) is proposed, which is raised for the security model. The method divides virtual machines and the processes in virtual machines into different security levels. Then according to the properties of Biba model and BLP model to verify the process between the access and to ensure the integrity and confidentiality of information when the system is running. Finally, the multi-level security model based on cloud platform is analyzed with noninterference theory, which can show the usefulness of the model.
关 键 词:云计算 多级安全 DIFC-B访问控制方法 无干扰
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.117