多级安全性政策的历史敏感性
作者:
基金项目:

(Supported by the National Natural Science Foundation of China under Grant No.60073022 (国家自然科学基金); the National High Technology Development 863 Program of China under Grant No.863-306-ZD12-14-2 (国家863高科技发展计划); the Knowledge Innovation Engineering Program of the Chinese Academy of Sciences under Grant No.KGCX1-09 (中国科学院知识创新工程)


History Sensitivity of the Multilevel Security Policies
  • 摘要
  • | |
  • 访问统计
  • |
  • 参考文献 [24]
  • |
  • 相似文献 [20]
  • |
  • 引证文献
  • | |
  • 文章评论
    摘要:

    对安全政策灵活性的支持是现代安全操作系统追求的目标之一,DTOS(distributed trusted operating system)项目提出了安全政策格的思想,为安全政策灵活性的研究提供了一种很好的手段.然而,DTOS项目给出的安全政策的格描述把多级安全性(multi-level security,简称MLS)政策认定为静态安全政策.首先,从理论上构造MLS政策的一个实施策略,说明MLS政策具有历史敏感性,从而具有动态特征,不能简单地作为静态安全政策对待.同时,给出所构造的实施策略的实现算法,说明该实施策略与常规实施策略具有相同的复杂度,是一个实用的实施策略.由此证明,可以找到合理、灵活、实用的实施策略,使MLS政策具有历史敏感性,从而证明把MLS政策认定为静态安全政策的不合理性.

    Abstract:

    SHI Wen-Chang+;SUN Yu-Fang (Institute of Software;The Chinese Academy of Sciences;Beijing 100080;China) Supporting for the security policy flexibility is one of the goals of modern secure operating systems. The DTOS (distributed trusted operating system) program put forth a concept of security policy lattice, which provides a good way for the research on security policy flexibility. However, it is claimed in the DTOS program抯 description of security policy lattice that MLS (multi-level security) policies are static policies. First, an enforcement scheme for a MLS policy is constructed theoretically, which shows that MLS policies are of history sensitivity and hence have dynamic characteristics, and so that MLS policies can not be simply taken as static policies. Then, an implementation algorithm for the constructed enforcement scheme is given. It is illustrated that the constructed enforcement scheme is of the same complexity as the ordinary enforcement scheme and so is an applicable scheme. As a result, it can be affirmed that reasonable, flexible and practically feasible schemes are available to make MLS policies to be of history sensitivity. Consequently, the improperness of the assertion that MLS policies are static policies is exhibited.

    参考文献
    [1]Department of Defense. Department of defense trusted computer system evaluation criteria. DoD 5200.28-STD, Washington, DC, 1985.
    [2]Olawsky D, Fine T, Schneider E, Spencer R. Developing and using a policy neutral access control policy. In: Proceedings of the New Security Paradigms Workshops. New York: ACM Press, 1996. 60~67.
    [3]Spencer R, Smalley S, Loscocco P, Hibler M, Anderson D, Lepreau J. The flask security architecture: system support for diverse security policies. In: Proceedings of the 8th USENIX Security Symposium. Berkeley, CA: USENIX Press, 1999. 123~139.
    [4]Secure Computing Corporation. DTOS lessons learned report. Technical Report, No.CDRL-A008, Secure Computing Corporation, 1997.
    [5]Secure Computing Corporation. Assurance in the Fluke microkernel: final report. Technical Report, No.CDRL-A002, Secure Computing Corporation, 1999.
    [6]Loscocco P, Smalley S. Integrating flexible support for security policies into the Linux operating system. Technical Report, NSA and NAI labs, 2001.
    [7]Saydjari OS, Turner SJ, Peele DE, et al. Synergy: a distributed, microkernel-based security architecture. Technical Report, No.R231, INFOSEC Research and Technology, 1993.
    [8]Loepere K. OSF mach kernel principles. Technical Report, Carnegie Mellon University, 1993.
    [9]Ford B, Hibler M, Lepreau J, Tullmann P, Back G, Clawson S. Microkernels meet recursive virtual machines. In: Proceedings of the Symposium on Operating Systems Design and Implementations. New York: ACM Press, 1996. 137~151.
    [10]Secure Computing Corporation. DTOS generalized security policy specification. Technical Report, No.DTOS-CDRL-A019, Secure Computing Corporation, 1997.
    [11]Loscocco PA, Smalley SD, Muckelbauer PA, Taylor RC, Turner JS, Farrell JF. The inevitability of failure: the flawed assumption of security in modern computing environments. In: Proceedings of the 21st National Information Systems Security Conference. Gaithersburg, MD: NIST Press, 1998. 303~314.
    [12]Bell DE, LaPadula LJ. Secure computer system: unified exposition and Multics interpretation. Technical Report, No.MTR-2997- Revision 1, The MITRE Corporation, 1976.
    [13]Gligor VD, Chandersekaran CS, Chapman RS, et al. Design and implementation of secure Xenix. IEEE Transactions on Software Engineering, 1987,SE-13(2):208~221.
    [14]Flink II CW, Weiss JD. System V/MLS labeling and mandatory policy alternatives. AT&T Technical Journal, 1988,(5-6):53~64.
    [15]Grenier GL, Holt RC, Funkenhauser M. Policy vs mechanism in the secure TUNIS operating system. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy. Los Alamitos, CA: IEEE Computer Society Press, 1989. 84~93.
    [16]Waldhart NA. The army secure operating system. In: Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy. Los Alamitos, CA: IEEE Computer Society Press, 1990. 50~60.
    [17]Biba KJ. Integrity considerations for secure computer systems. Technical Report, No.ESD-TR-76-372, Electronic Systems Division, Air Force Systems Command, 1977.
    [18]Shi WC, Sun YF, Liang HL. An adaptable labeling enforcement approach and its correctness for the classical BLP security axioms. Journal of Computer Research and Development, 2001,38(11):1366~1372 (in Chinese with English abstract).
    [19]Lewis HR, Papadimitriou CH. Elements of the theory of computation. 2nd ed., Prentice-Hall, Inc., 1998.
    [20]Shi WC, Sun YF, Liang, HL, et al. Design and implementation of secure Linux kernel security functions. Journal of Computer Research and Development, 2001,38(10):1255~1261 (in Chinese with English abstract).
    [21]National Quality and Technologies Supervision Bureau. Classified criteria for security protection of computer information system. GB17859-1999, Beijing: China Standards Press, 1999 (in Chinese).
    [22]石文昌,孙玉芳,梁洪亮.经典BLP安全公理的一种适应性标记实施方法及其正确性.计算机研究与发展,2001,38(11):1366~1372.
    [23]石文昌,孙玉芳,梁洪亮,等.安全Linux内核安全功能的设计与实现.计算机研究与发展,2001,38(10):1255~1261.
    [24]国家质量技术监督局.计算机信息系统安全保护等级划分准则.GB17859-1999,北京:中国标准出版社,1999.
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

石文昌,孙玉芳.多级安全性政策的历史敏感性.软件学报,2003,14(1):91-96

复制
分享
文章指标
  • 点击次数:4581
  • 下载次数: 5682
  • HTML阅读次数: 0
  • 引用次数: 0
历史
  • 收稿日期:2001-07-17
  • 最后修改日期:2001-12-27
文章二维码
您是第19807559位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号