高级检索

    一种可确保完整性策略有效性的可信恢复模型

    A Trusted Recovery Model for Assurance of Integrity Policy Validity

    • 摘要: 多策略融合是访问控制技术研究的重要内容.可信恢复是高等级安全操作系统的必需功能.为解决过于严格的安全策略难以推广应用的局限性,提出了一种可确保完整性策略恢复后有效性的可信恢复模型.首先给出了模型的框架结构,利用多模型融合方法,通过对类型实施模型(type enforcement, TE)和基于角色的访问控制(role-based access control, RBAC)模型的重新构造和配置,实现了形式化的Clark-Wilson完整性策略模型及其扩展模型PCW(Poveys Clark-Wilson).然后,结合文件系统的具体特点,提出静态和运行时两类恢复算法,通过分析系统日志,撤销恶意操作,使文件系统恢复到原先的一致状态.该恢复方法增强了系统的可用性,对设计和实现我国自主高等级安全操作系统的可信恢复机制进行了重要探索.

       

      Abstract: Access control is one of the most important protection mechanisms of current mainstream operating systems. It is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. The access control decision is enforced by a mechanism implementing regulations established by a security policy. There are some typical security policies of access control. The mainstream operating systems is inadequate to support multi-policy at the same time for enforcing different access control decision. Integrity of multi-policy is an important part of access control research in secure systems. Trusted recovery is the necessary function of high-level security operating system. The objective of trusted recovery is to ensure the maintenance of the security and accountability properties of a system in the face of failures. This paper presents a trusted recovery monitoring model, which can solve some limits of strict security policy for access control. Firstly, the framework of model is given. The formal Clark-Wilson model and its improved model PCW (Poveys Clark-Wilson) are implemented by configuring TE (type enforcement) and RBAC (role-based access control) model. Secondly, combining the characteristics of a file system in operating system, this paper presents how to recover the file system to its last consistency secure state, in conservative and optimistic recovery policy respectively, by analyzing audit logs and undoing some malicious operations. This method can recover the system to a secure state in the face of failures and improves the availability of the system. It provides an important exploration for the design and implementation of the trusted recovery mechanisms of our own high-level secure operating system.

       

    /

    返回文章
    返回