ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2015, Vol. 52 ›› Issue (10): 2411-2421.doi: 10.7544/issn1000-1239.2015.20150574

所属专题: 2015网络安全与隐私保护研究进展

• 信息安全 • 上一篇    下一篇

支持协作的强制访问控制模型

范艳芳1,蔡英1,2,3   

  1. 1(北京信息科技大学计算机学院 北京 100101); 2(信息安全国家重点实验室(中国科学院信息工程研究所) 北京 100093); 3(网络文化与数字传播北京市重点实验室 北京 100101) (fyfhappy@bistu.edu.cn)
  • 出版日期: 2015-10-01
  • 基金资助: 
    基金项目:北京市高等学校青年英才计划基金项目(YETP1499);网络文化与数字传播北京市重点实验室开放课题(ICDD201408,ICDD201510);中国科学院信息工程研究所信息安全国家重点实验室开放课题(2014-16)

Collaboration Supported Mandatory Access Control Model

Fan Yanfang1, Cai Ying1,2,3   

  1. 1(Computer School, Beijing Information Science & Technology University, Beijing 100101);2(State Key Laboratory of Information Security (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093);3(Beijing Key Laboratory of Internet Culture and Digital Dissemination Research, Beijing 100101)
  • Online: 2015-10-01

摘要: 按照国家信息系统等级保护要求,3级以上的信息系统必须具备强制访问控制和标记.已有的强制访问控制模型的访问规则十分严格,难以满足协作环境下的访问控制新需求. 提出一种支持协作的强制访问控制模型(collaboration supported mandatory access control model, CSMAC),将主体-客体为中心的访问控制与任务为中心的访问控制相结合,使访问控制模型更符合主动安全模型的特点,大大提高了模型的灵活性,使其更适合于协作环境下的访问控制. 模型中通过控制主客体的安全标记,解决了符合安全策略的敏感信息的双向流动问题. 通过无干扰理论,对所提出模型的安全性进行了证明.

关键词: 协作, 强制访问控制, 主动安全模型, 信息流, 任务

Abstract: According to the national classified protection of information system, information systems whose levels are above three must provide mandatory access control and label. Due to rigid access control rules, existing mandatory access control models are difficult to satisfy the new requirements of collaborative environment. In this paper, we firstly analyze the requirements of access control in collaborative environment. Then, we propose the access control policies according to a very popular scenario. And then, we propose a mandatory access control model with collaboration supported and prove the security of the model by noninterference theory. At last, we compare this models with other related models, and use an application example to show the application of this model. In general, this model integrates task-centric access control with the subject-object-centric access control. The flexibility of the model is greatly enhanced and this model can be considered as an active access control model which is more perfect to be used in collaborative environment. Through controlling the security label of subjects and objects, the bi-directional information flow which is compliant with security policies is solved.

Key words: collaboration, mandatory access control, active security model, information flow, task

中图分类号: