高级检索
    郑志蓉 蔡 谊 沈昌祥. 操作系统安全结构框架中应用类通信安全模型的研究[J]. 计算机研究与发展, 2005, 42(2): 322-328.
    引用本文: 郑志蓉 蔡 谊 沈昌祥. 操作系统安全结构框架中应用类通信安全模型的研究[J]. 计算机研究与发展, 2005, 42(2): 322-328.
    Zheng Zhirong, Cai Yi, and Shen Changxiang. Research on an Application Class Communication Security Model on Operating System Security Framework[J]. Journal of Computer Research and Development, 2005, 42(2): 322-328.
    Citation: Zheng Zhirong, Cai Yi, and Shen Changxiang. Research on an Application Class Communication Security Model on Operating System Security Framework[J]. Journal of Computer Research and Development, 2005, 42(2): 322-328.

    操作系统安全结构框架中应用类通信安全模型的研究

    Research on an Application Class Communication Security Model on Operating System Security Framework

    • 摘要: 经典的BLP模型是解决保密性问题的理论基础,Biba模型是一种简明易实现的完整性模型.在应用系统中数据的共享和安全是一对矛盾.在将应用系统抽象为应用类的基础上,引入完整性规则集代表信息的可信度,结合BLP模型和Biba模型构造了一种应用类通信的安全模型,并给出了模型的形式化描述和正确性证明.应用类通信安全模型不仅解决了保密性问题,而且解决了完整性问题.以支持B/S文电传输应用系统的安全为例,给出了在操作系统中实现应用类通信安全模型的方法,分析了模型实现的有效性.

       

      Abstract: The classical BLP model is recognized as the theoretical foundation of solving confidentiality problem. Biba model of solving integrity is easily realized in secure computer systems. In order to solve the contradiction between information sharing and security in the application system, a new application class communication security model is constructed theoretically based on the abstraction of application class. The new model introduces integrity rules to measure the trust level of sharing information between different application classes, thus combining BLP model and Biba model with no conflict. A formal description and verification on the model is detailed, which provides both the confidentiality and integrity for the system. With the development of a secure file transfer application system, which is based on the browser/server application pattern, the way to implement the new model in the Linux operating system is described and the performance of the system is discussed.

       

    /

    返回文章
    返回