通过RBAC和TE模型融合实现Clark-Wilson模型 |
| |
作者姓名: | 袁春阳 邓晨蕾 |
| |
作者单位: | 1. 国家计算机网络应急技术处理协调中心,北京 100029;
2. 中国科学院研究生院,北京 100049 |
| |
基金项目: | Supported by National 863 Hight-tech Research Development Program of China (2006AA01Z451, 2007AA010505, and 2009AA01Z432) |
| |
摘 要: | 提出通过融合RBAC和TE模型来实现Clark-Wilson模型的一种方法,即:通过不同用户赋予不同角色实现责任分立;利用特殊的域表示变换过程;使用不同的类型标识约束数据项和非约束数据项. 分析了实施和认证规则的正确性. 通过在SEBSD系统中实施了FTP的完整性安全策略的实例,说明该方法能够实现细粒度的访问控制和灵活配置.
|
关 键 词: | 安全操作系统 Clark-Wilson模型 RBAC模型 TE模型 |
收稿时间: | 2009-11-18 |
修稿时间: | 2010-03-04 |
Enforcement of Clark-Wilson model in combination of RBAC and TE models |
| |
Authors: | YUAN Chun-Yang DENG Chen-Lei |
| |
Institution: | 1. Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029, China;
2. Graduate University, Chinese Academy of Sciences, Beijing 100049, China |
| |
Abstract: | An approach to enforce Clark-Wilson model in the combination of RBAC and TE models is presented, namely: separation of duties is addressed by assigning different roles to different users; special domains are used for representing transformation procedures; and the constrained data items and unconstrained data items are labeled with different types. The correctness of the enforcement and certification rules is analyzed. A detailed case study of FTP integrity policy is implemented under SEBSD, and shows that the approach achieves fine-grained access control and flexible configuration. |
| |
Keywords: | secure operating system Clark-Wilson RBAC type enforcement |
本文献已被 CNKI 等数据库收录! |
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |