ISSN 1000-1239 CN 11-1777/TP

• 论文 • 上一篇    下一篇


范艳芳 韩臻 曹香港 何永忠   

  1. (北京交通大学计算机与信息技术学院 北京 100044) (
  • 出版日期: 2010-03-15

A Multilevel Security Model Based on Time Limit

Fan Yanfang, Han Zhen, Cao Xianggang, and He Yongzhong   

  1. (School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044)
  • Online: 2010-03-15

摘要: BLP模型是军事安全领域中的经典模型,已有研究成果未考虑客体的保密期限.实际上,在承载秘密的客体的生命周期中,其保存的秘密具有一定时效性.超过了保密期限,客体的安全等级应进行调整.提出一种基于时间限制的多级安全模型,以BLP模型为基础,通过引入时间参数和检查函数,实现超过保密期限客体的降密或解密,解决目前普遍存在的安全等级只定不解、一定终身的问题;限制了可信主体的作用范围,减小了可信主体可能造成的危害;通过灵活的设置保密期限,在不泄漏秘密的情况下,允许高级别主体向低级别客体写入信息;改进了BLP模型的灵活性,扩展了其在密级电子文件管理方面的应用.通过不干扰原理对模型的安全性进行了证明.

关键词: 多级安全模型, 访问控制, 降密, 解密, 保密期限

Abstract: Bell-Lapadula model (BLP) is a classic model which is broadly used in military security domain. Existing research results havent taken into account the confidentiality period of the objects. In fact, the secrets preserved in objects have confidentiality period in the lifecycle of the objects. Exceeding the confidentiality period, the objects should be downgraded or declassified. In this paper, a multilevel security model based on the time limit is proposed. Through adding time parameters and checking functions to the BLP model, the objects can be downgraded or declassified when they exceed the confidentiality period. It solves the current problem of only setting the security level of the objects but keeping the security level of the objects unchanged for ever. The model restrains the usage ranges of trusted subjects, so the possible damage ranges induced by trusted subjects can be reduced. In the meantime, subjects with higher security level can write information to objects with lower security level through setting the confidentiality period of the objects flexibly without leaking high level secrets. This model improves the flexibility of the BLP model and expands the application in classified electronic file management. Through the noninterference theory, it is proved that the model meets multilevel security policy.

Key words: multilevel security model, access control, downgrade, declassify, confidentiality period