A Multi-Level Security Model with Least Privilege Support for Trusted Subject
DOI:
Author:
Affiliation:

Clc Number:

Fund Project:

  • Article
  • |
  • Figures
  • |
  • Metrics
  • |
  • Reference
  • |
  • Related
  • |
  • Cited by
  • |
  • Materials
  • |
  • Comments
    Abstract:

    The trusted subject supports of the existing multi-level security models are reviewed and a new model called DLS (discrete label sequence) is proposed. It decomposes the lifecycle of a trusted subject into a sequence of untrusted states (US). Each untrusted state is associated with a certain current security label, and only the predefined trusted request events (TRE) can trigger the transition from one US to the other. Thus, the current security level of a trusted subject is dynamically changed according to its application’s logic. Definitions of secure states and rules to preserve security are also presented. Compared with the trusted subject implemented by security level range, this model gives a better support of least privilege and achieves the support within the MLS policy framework.

    Reference
    Related
    Cited by
Get Citation

武延军,梁洪亮,赵琛.一个支持可信主体特权最小化的多级安全模型.软件学报,2007,18(3):730-738

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:November 28,2005
  • Revised:March 17,2006
  • Adopted:
  • Online:
  • Published:
You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063