微信服务号

微信订阅号

2025-4-25- 14
Home > Archive>Volume 14, Issue 3, 2003 >547-552
PDF HTML XML Export Cite reminder
Design and Implementation of a Security Label Common Framework
Author:
Affiliation:

  • Article
    • | |
  • Metrics
    • |
  • Reference [13]
    • |
  • Related [20]
    • |
  • Cited by [11]
    • | |
  • Comments
    Abstract:

    Labels are the foundation for implementing multilevel systems and the prerequisite of enforcing mandatory access control in secure systems. How to define and enforce label functions which support multiple security policies is the focus here. A security label common framework (SLCF) based on static object label and dynamic subject label is put forward. SLCF introduces the notation of access history and provides a complete label funtions set. Based on SLCF, both multilevel confidential policy and multilevel integrity policy can be expressed and enforced. SLCF is implemented in a secure operating system based on Linux, the experimental results show that the system based on SLCF is flexible and practicable.

    Reference
    [1]Branstad D. Data categorization and labeling (executive summary). In: Proceedings of the 13th National Computer Security Conference. Washington: NIST Press, 1990. 32~33.
    [2]Department of Defense Computer Security Center, Department of Defense Trusted Computer System Evaluation Criteria. Fort George G. Meade, MD 20755, 1983.
    [3]Bell DE, Lapadula LJ. Secure computer systems: unified exposition and multics interpretation. MTR-2997, MITRE Corp., 1976.
    [4]Gligor VD, Burch EL, Chandersekaran CS, Chapman RS, Dotterer LJ, Hecht MS, Jiang WD, Luckenbaugh GL, Vasudevan N. On the design and the implementation of secure Xenix workstation. In: IEEE Symposium on Security and Privacy. IEEE Computer Society, 1987. 102~117.
    [5]Landwehr CE, Heitmeyer CL, Mclean J. A security model for military message systems. ACM Transactions on Computer Systems, 1984,9(3):198~222.
    [6]Mcilroy MD, Reeds JA. Multilevel security in the UNIX tradition. Software Practice and Experience, 1992,22(8):673~694.
    [7]Lin TY. Bell and Lapadula axioms: a "new" paradigm for an "old" model. In: Proceedings of the 1992~1993 ACM SIGSAC on New Security Paradigms Workshop. Little Compton: ACM Press, 1993. 82~93.
    [8]Bell DE, LaPadula LJ. Secure computer systems: a mathematical model. Technical Report, ESD-TR-73-278, Bedford, MA: MITRE Corp., 1973.
    [9]Biba KJ. Integrity considerations for secure computer systems. Technical Report, ESD-TR-76-372, Bedford, MA: USAF Electronic Systems Division, Hanscom Air Force Base, 1977.
    [10]Shi WC. Sun YF, Liang HL. An adaptable labeling enforcement approach and its correctness for the classical Blp security axioms. Computer Research and Development, 2001,38(11):1366~1372 (in Chinese with English Abstract).
    [11]Liang HL, Sun YF. Enforcing integrity protection in operating system. In: Proceedings of the 2001 International Conference on Computer Networks and Mobile Computing. CA: IEEE Computer Society, 2001. 435~440.
    [12]Joint Technical Committee 1. Evaluation criteria for IT security--part 2: security functional requirements. ISO/IEC 15408-2:1999(E). The International Organization for Standardization and the International Electrotechnical Commission, 1999.
    [13]石文昌,孙玉芳,梁洪亮.经典BLP安全公理的一种适应性标记实施方法及其正确性.计算机研究与发展,2001,38(11):1366~1372.
    Comments
    Comments
    分享到微博
    Submit
Get Citation

梁洪亮,孙玉芳,赵庆松,张相锋,孙波.一个安全标记公共框架的设计与实现.软件学报,2003,14(3):547-552

Copy
Share
Article Metrics
  • Abstract:4394
  • PDF: 5391
  • HTML: 0
  • Cited by: 0
History
  • Received:January 31,2002
  • Revised:April 11,2002
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2038695Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063