| 通过RBAC和TE模型融合实现Clark-Wilson模型 |
| |
| 引用本文: | 袁春阳,邓晨蕾.通过RBAC和TE模型融合实现Clark-Wilson模型[J].中国科学院研究生院学报,2010,27(4):538-546. |
| |
| 作者姓名: | 袁春阳 邓晨蕾 |
| |
| 作者单位: | 1. 国家计算机网络应急技术处理协调中心,北京,100029
2. 中国科学院研究生院,北京,100049 |
| |
| 基金项目: | Supported by National 863 Hight-tech Research Development Program of China (2006AA01Z451, 2007AA010505, and 2009AA01Z432) |
| |
| 摘 要: | 提出通过融合RBAC和TE模型来实现Clark-Wilson模型的一种方法,即:通过不同用户赋予不同角色实现责任分立;利用特殊的域表示变换过程;使用不同的类型标识约束数据项和非约束数据项. 分析了实施和认证规则的正确性. 通过在SEBSD系统中实施了FTP的完整性安全策略的实例,说明该方法能够实现细粒度的访问控制和灵活配置.
|
| 关 键 词: | 安全操作系统 Clark-Wilson模型 RBAC模型 TE模型 |
| 收稿时间: | 2009-11-18 |
| 修稿时间: | 2010-03-04 |
Enforcement of Clark-Wilson model in combination of RBAC and TE models |
| |
| YUAN Chun-Yang,DENG Chen-Lei.Enforcement of Clark-Wilson model in combination of RBAC and TE models[J].Journal of the Graduate School of the Chinese Academy of Sciences,2010,27(4):538-546. |
| |
| Authors: | YUAN Chun-Yang DENG Chen-Lei |
| |
| Institution: | 1. Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029, China;
2. Graduate University, Chinese Academy of Sciences, Beijing 100049, China |
| |
| Abstract: | An approach to enforce Clark-Wilson model in the combination of RBAC and TE models is presented, namely: separation of duties is addressed by assigning different roles to different users; special domains are used for representing transformation procedures; and the constrained data items and unconstrained data items are labeled with different types. The correctness of the enforcement and certification rules is analyzed. A detailed case study of FTP integrity policy is implemented under SEBSD, and shows that the approach achieves fine-grained access control and flexible configuration. |
| |
| Keywords: | secure operating system Clark-Wilson RBAC type enforcement |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《中国科学院研究生院学报》浏览原始摘要信息 |
| 点击此处可从《中国科学院研究生院学报》下载免费的PDF全文 |
