微信服务号

微信订阅号

2025-5-17- 19
Home > Archive>Volume 15, Issue 10, 2004 >1547-1557
PDF HTML XML Export Cite reminder
An Improved Dynamically Modified Confidentiality Policies Model
Author:
Affiliation:

  • Article
    • | |
  • Metrics
    • |
  • Reference [22]
    • |
  • Related [20]
    • |
  • Cited by [18]
    • | |
  • Comments
    Abstract:

    This paper presents a model which can support network security objects, improve the Amon ott’s rules with small amount of operations and storages for practicality, enhance the flexibility available for system implementation by making the single level becoming level range , and control IPC objects effectively. For these purposes, the Amon ott’s rules for dynamically modifying the current sensitivity level are extended to ones for sensitivity levels range, so Bell's work on making the single level becoming level range for network security can be combined with Amon ott’s. Considering the cases in the practical system GEMSOS,DG/UX and prototype microkernel system Fluke, single level entity, multiple level entity and special access mode for progress, and the invariants and constraints corresponding to them are introduced. Based on Tmack’s way, a sufficient mechanism for IPC objects is posed. In addition, some flaws in ABLP model are pointed out. A new confidentiality policy model with formal specification of invariants, constraints, variables, and constants has been presented with demonstrating reasonableness for some constraints, and it can be used for system design.

    Reference
    [1]Ott A. Regel-Basierte zugriffskontrolle nach dem Generalized framework for access controlansatz am beispiel Linux. Diplomarbeit Universitat Hamburg, 1997.
    [2]Shi WC. Research on and enforcement of methods of secure operating systems development. [Ph.D. Thesis] Beijing: Institute of Software, The Chinese Academy of Sciences, 2001 (in Chinese with English abstract).
    [3]Mayer FL. An interpretation of refined Bell-LaPadula model for the TMach kernel. In: Proc. of the 4th Aerospace Computer Security Applications Conf. IEEE Computer Society Press, 1988. 368~378.
    [4]Lunt T, Denning D, Schell R, Heckman M, Shockley W. The SeaView security model. IEEE Trans. on Software Engineering,1990,16(6):593~607.
    [5]Bell DE, La Padula LJ. Secure computer system: Unified exposition and multics interpretation. Mitre Report, MTR-2997 Rev. 1,1976.
    [6]Schell RR, Tao TF, Heckman M. Designing the GEMSOS security kernel for security and performance. In: Proc. of the 8th National Computer Security Conf. 1985. 108~119.
    [7]Lee TMP. Using mandatory integrity to enforce commercial security. In: Proc. of the IEEE Symp. on Security and Privacy. IEEE Computer Society Press, 1988. 140~146.
    [8]Clark DD, Wilson DR. A comparison of commercial and military security policies. In: Proc. of the 1987 IEEE Syrup. on Research in Security and Privacy. IEEE Computer Society Press, 1987. 184~238.
    [9]Rushbyc J. Design and verification of secure systems. ACM Operating Sysstem Review, 1981,15(5):12~21.
    [10]Bell DE. Security policy modeling for the next-generation packet switch. In: Proc. of the IEEE Symp. on Security and Privacy.IEEE Computer Society Press, 1988. 212~216.
    [11]Kargar PA, Austel V, Toll D. A new mandatory security policy combining secrecy and integrity. IBM Research Report, RC21717,2000.
    [12]Loscocco PA, Smalley SD. Integrating flexible support for security policies into the Linux operating system. Technical Report,NAI Labs, 2001.
    [13]McLean J. The algebra of security. In: Proc. of the IEEE 1988 Syrup. on Research in Security and Privacy. IEEE Computer Society Press, 1988.2~7.
    [14]Secure Computing Corporation. Assurance in the Fluke microkernel: Formal top-level specification. CDRL A004. Technical Report,Secure Computing Corporation, 1999.
    [15]Data General. Managing security on DG/UX system, manual 093-701138-o4. Westboro: Data General Corporation, MA01580,1996.
    [16]Trusted Information System, Inc,. Trusted mach mathematical model. Technical Report, TIS tmach EDOC-0017-96B, Trusted Information System, Inc, 1996.
    [17]Landwehr CE, Heitmeyer CL, McLean J. A security model for military message systems. ACM Trans. on Computer Systems, 1984,9(3):198~222.
    [18]Thomas T. A mandatory access control mechanism for the UNIX file system. In: Proc. of the 4th Aerospace Computer Security Applications Conf. IEEE Computer Society Press, 1988. 173~177.
    [19]Stevens WR. UNIX Network Programming. Volume 2: Interprocess Communications. Prentice-Hall, Inc., 1999.
    [20]Sutton S, Hinrichs S, Inskeep T. MISSI B-level windows NT feasibility study. Final Report, MISSI, MISSI Contract MDA904-95-C-4088, 1996.
    [21]Parenty TJ. The incorporation of multi-level IPC into UNIX. In: Proc. of the IEEE Syrup. on Security and Privacy. IEEE Computer Society Press, 1989. 94~99.
    [22]石文昌.安全操作系统开发方法的研究与实施[博士学位论文].北京:中国科学院软件研究所,2001.
    Comments
    Comments
    分享到微博
    Submit
Get Citation

季庆光,卿斯汉,贺也平.一个改进的可动态调节的机密性策略模型.软件学报,2004,15(10):1547-1557

Copy
Share
Article Metrics
  • Abstract:4296
  • PDF: 6102
  • HTML: 0
  • Cited by: 0
History
  • Received:May 19,2003
  • Revised:November 11,2003
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2045248Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063