多级安全性政策的历史敏感性

微信服务号

微信订阅号

2025年4月9日 21:43 星期三

首页 > 过刊浏览>2003年第14卷第1期 >91-96

多级安全性政策的历史敏感性
DOI:
                        
                    
CSTR:
                        
                    
作者:
                        石文昌石文昌
中国科学院,软件研究所,北京,100080
在期刊界中查找
在百度中查找
在本站中查找
孙玉芳孙玉芳
中国科学院,软件研究所,北京,100080
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:
通讯作者:
中图分类号:
基金项目:(Supported by the National Natural Science Foundation of China under Grant No.60073022 (国家自然科学基金); the National High Technology Development 863 Program of China under Grant No.863-306-ZD12-14-2 (国家863高科技发展计划); the Knowledge Innovation Engineering Program of the Chinese Academy of Sciences under Grant No.KGCX1-09 (中国科学院知识创新工程)

History Sensitivity of the Multilevel Security Policies

Author:

SHI Wen-Chang
SHI Wen-Chang

在期刊界中查找
在百度中查找
在本站中查找
SUN Yu-Fang
SUN Yu-Fang

在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [24]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

对安全政策灵活性的支持是现代安全操作系统追求的目标之一,DTOS(distributed trusted operating system)项目提出了安全政策格的思想,为安全政策灵活性的研究提供了一种很好的手段.然而,DTOS项目给出的安全政策的格描述把多级安全性(multi-level security,简称MLS)政策认定为静态安全政策.首先,从理论上构造MLS政策的一个实施策略,说明MLS政策具有历史敏感性,从而具有动态特征,不能简单地作为静态安全政策对待.同时,给出所构造的实施策略的实现算法,说明该实施策略与常规实施策略具有相同的复杂度,是一个实用的实施策略.由此证明,可以找到合理、灵活、实用的实施策略,使MLS政策具有历史敏感性,从而证明把MLS政策认定为静态安全政策的不合理性.

关键词:多级安全性;安全操作系统;安全政策灵活性;安全政策格;历史敏感性

Abstract:

SHI Wen-Chang+;SUN Yu-Fang (Institute of Software;The Chinese Academy of Sciences;Beijing 100080;China) Supporting for the security policy flexibility is one of the goals of modern secure operating systems. The DTOS (distributed trusted operating system) program put forth a concept of security policy lattice, which provides a good way for the research on security policy flexibility. However, it is claimed in the DTOS program抯 description of security policy lattice that MLS (multi-level security) policies are static policies. First, an enforcement scheme for a MLS policy is constructed theoretically, which shows that MLS policies are of history sensitivity and hence have dynamic characteristics, and so that MLS policies can not be simply taken as static policies. Then, an implementation algorithm for the constructed enforcement scheme is given. It is illustrated that the constructed enforcement scheme is of the same complexity as the ordinary enforcement scheme and so is an applicable scheme. As a result, it can be affirmed that reasonable, flexible and practically feasible schemes are available to make MLS policies to be of history sensitivity. Consequently, the improperness of the assertion that MLS policies are static policies is exhibited.

Key words:multilevel security;secure operating system;security policy flexibility;security policy lattice;history sensitivity

参考文献

[1]Department of Defense. Department of defense trusted computer system evaluation criteria. DoD 5200.28-STD, Washington, DC, 1985.

[2]Olawsky D, Fine T, Schneider E, Spencer R. Developing and using a policy neutral access control policy. In: Proceedings of the New Security Paradigms Workshops. New York: ACM Press, 1996. 60～67.

[3]Spencer R, Smalley S, Loscocco P, Hibler M, Anderson D, Lepreau J. The flask security architecture: system support for diverse security policies. In: Proceedings of the 8th USENIX Security Symposium. Berkeley, CA: USENIX Press, 1999. 123～139.

[4]Secure Computing Corporation. DTOS lessons learned report. Technical Report, No.CDRL-A008, Secure Computing Corporation, 1997.

[5]Secure Computing Corporation. Assurance in the Fluke microkernel: final report. Technical Report, No.CDRL-A002, Secure Computing Corporation, 1999.

[6]Loscocco P, Smalley S. Integrating flexible support for security policies into the Linux operating system. Technical Report, NSA and NAI labs, 2001.

[7]Saydjari OS, Turner SJ, Peele DE, et al. Synergy: a distributed, microkernel-based security architecture. Technical Report, No.R231, INFOSEC Research and Technology, 1993.

[8]Loepere K. OSF mach kernel principles. Technical Report, Carnegie Mellon University, 1993.

[9]Ford B, Hibler M, Lepreau J, Tullmann P, Back G, Clawson S. Microkernels meet recursive virtual machines. In: Proceedings of the Symposium on Operating Systems Design and Implementations. New York: ACM Press, 1996. 137～151.

[10]Secure Computing Corporation. DTOS generalized security policy specification. Technical Report, No.DTOS-CDRL-A019, Secure Computing Corporation, 1997.

[11]Loscocco PA, Smalley SD, Muckelbauer PA, Taylor RC, Turner JS, Farrell JF. The inevitability of failure: the flawed assumption of security in modern computing environments. In: Proceedings of the 21st National Information Systems Security Conference. Gaithersburg, MD: NIST Press, 1998. 303～314.

[12]Bell DE, LaPadula LJ. Secure computer system: unified exposition and Multics interpretation. Technical Report, No.MTR-2997- Revision 1, The MITRE Corporation, 1976.

[13]Gligor VD, Chandersekaran CS, Chapman RS, et al. Design and implementation of secure Xenix. IEEE Transactions on Software Engineering, 1987,SE-13(2):208～221.

[14]Flink II CW, Weiss JD. System V/MLS labeling and mandatory policy alternatives. AT&T Technical Journal, 1988,(5-6):53～64.

[15]Grenier GL, Holt RC, Funkenhauser M. Policy vs mechanism in the secure TUNIS operating system. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy. Los Alamitos, CA: IEEE Computer Society Press, 1989. 84～93.

[16]Waldhart NA. The army secure operating system. In: Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy. Los Alamitos, CA: IEEE Computer Society Press, 1990. 50～60.

[17]Biba KJ. Integrity considerations for secure computer systems. Technical Report, No.ESD-TR-76-372, Electronic Systems Division, Air Force Systems Command, 1977.

[18]Shi WC, Sun YF, Liang HL. An adaptable labeling enforcement approach and its correctness for the classical BLP security axioms. Journal of Computer Research and Development, 2001,38(11):1366～1372 (in Chinese with English abstract).

[19]Lewis HR, Papadimitriou CH. Elements of the theory of computation. 2nd ed., Prentice-Hall, Inc., 1998.

[20]Shi WC, Sun YF, Liang, HL, et al. Design and implementation of secure Linux kernel security functions. Journal of Computer Research and Development, 2001,38(10):1255～1261 (in Chinese with English abstract).

[21]National Quality and Technologies Supervision Bureau. Classified criteria for security protection of computer information system. GB17859-1999, Beijing: China Standards Press, 1999 (in Chinese).

[22]石文昌,孙玉芳,梁洪亮.经典BLP安全公理的一种适应性标记实施方法及其正确性.计算机研究与发展,2001,38(11):1366～1372.

[23]石文昌,孙玉芳,梁洪亮,等.安全Linux内核安全功能的设计与实现.计算机研究与发展,2001,38(10):1255～1261.

[24]国家质量技术监督局.计算机信息系统安全保护等级划分准则.GB17859-1999,北京:中国标准出版社,1999.

引用本文

石文昌,孙玉芳.多级安全性政策的历史敏感性.软件学报,2003,14(1):91-96

复制

文章指标

点击次数:4581
下载次数: 5682
HTML阅读次数: 0
引用次数: 0

历史

收稿日期:2001-07-17
最后修改日期:2001-12-27
录用日期:
在线发布日期:
出版日期:

微信服务号

微信订阅号

引用本文

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

分享

微信扫一扫：分享

文章指标

历史

文章二维码