Confidentiality and integrity dynamic union model based on pre-authorization mechanisms

被引：0

作者：

Zhang, Jun ^{[1
]}

Xu, Luwei ^{[1
]}

Meng, Qingde ^{[1
]}

Feng, Changlin ^{[1
]}

机构：

[1] Naval Academy of Armament

来源：

Guofang Keji Daxue Xuebao/Journal of National University of Defense Technology | 2014年 / 36卷 / 01期

关键词：

Confidentiality; Integrity; Pre-authorization; Role; Task;

D O I：

10.11887/j.cn.201401029

中图分类号：

学科分类号：

摘要：

With the current access control model, a reasonable unified control over confidentiality, integrity and availability cannot be achieved; especially the dynamic random access request control is far from perfect, not only always leaving some weak points open to possible attacks, but also bringing some unavoidable security problems caused by user errors in practical applications. A kind of confidentiality and integrity access control model based on the pre-authorization mechanisms is put forward. By combining BLP model and Biba model, and introducing the pre-authorization mechanisms, the reasonable control can be achieved over the dynamic random accesses activities. By making use of the condition control, the authority of subject performing the task is monitored timely, and granted or canceled dynamically. So the system's confidentiality and integrity can both be realized, while guaranteeing its high availability, which is advantageous to the two-way flow of information. Finally, the application example of the model is given and its security is proved.

引用

页码：167 / 171

页数：4

共 16 条

[1] Bell D.E., Lapadula L.J., Secure Computer Systems: Mathematical Foundations, (1973)
[2] Biba K.J., Integrity considerations for secure computer system, (1977)
[3] Biba K.J., Integrity considerations for secure computer systems, (1997)
[4] Clark D.D., Wilson D.R., A comparison of commercial and military computer security policies, Proceedings of 1987 IEEE Symposium on Research in Security and Privacy, pp. 184-194, (1987)
[5] Polk W., Approximating Clark-Wilson access triples with basic UNIX controls, Proceedings of the 4th USENIX UNIX Security Symposium, pp. 45-154, (1993)
[6] Sandhu R.S., Jaehong P., Usage control: a vision for next generation access control, Proceedings of Second International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, pp. 17-31, (2003)
[7] Michiharu K., Satoshi H., XML document security based on provisional authorization, Proceedings of the 7th ACM Conference on Computer and Communications Security, pp. 87-96, (2000)
[8] Xia Q., Fan X., Yin X., RBAC delegation model research based on time, Journal of Northwest University, 38, 6, pp. 932-936, (2008)
[9] Shi W., Sun Y., Liang H., An adaptable labeling enforcement approach and its correctness for the classical BLP security axioms, Journal of Computer Research & Development, 38, 11, pp. 1366-1372, (2001)
[10] Thomas R.K., Sandhu R.S., Task-based authorization controls (TBAC): a family of models for active and enterprise-oriented authorization management, IFIP Conference Proceedings, pp. 166-181, (1997)

← 1 2 →