计算机工程与应用 ›› 2018, Vol. 54 ›› Issue (2): 114-118.DOI: 10.3778/j.issn.1002-8331.1608-0104

• 网络、通信与安全 • 上一篇    下一篇

基于本体的操作系统安全策略生成模型

彭  飞1,张  涛1,徐伟光1,赵  敏1,秦恒加2   

  1. 1.解放军理工大学 指挥信息系统学院,南京 210007
    2.解放军理工大学 通信工程学院,南京 210007
  • 出版日期:2018-01-15 发布日期:2018-01-31

Security policy generation model of operating system based on ontology

PENG Fei1, ZHANG Tao1, XU Weiguang1, ZHAO Min1, QIN Hengjia2   

  1. 1.College of Command Information System, PLA University of Science and Technology, Nanjing 210007, China
    2.College of Communication and Information Technology, PLA University of Science and Technology, Nanjing 210007, China
  • Online:2018-01-15 Published:2018-01-31

摘要: 随着操作系统安全问题增多,用户对于操作系统的安全需求不断涌现,但是目前能够将用户的安全需求转换成现有操作系统上可配置的安全策略的方法很少。通过建立安全属性和系统调用的匹配关系,将安全属性作为授权系统调用的约束,提出一种基于本体的面向目标的操作系统安全策略生成模型。该模型可支持以白名单形式描述的安全需求的细化,将安全分析者的经验加入到模型中,在推理机的支持下,帮助执行从用户安全需求到具体安全策略的推理,和安全策略一致性检测。具体应用案例说明了该方法的可行性。

关键词: 安全需求, 操作系统, 安全策略, 本体, 访问控制

Abstract: With the increase of operating system security problems, the user’s security requirements toward operating system are increasing constantly, but at present there are few methods to translate user’s security requirements into security policies of current security model. By establishing matching relationship between security attributes and system calls, the security attributes are used as the constraint of authorization in system. An ontology based goal oriented model for the security policy generation of operating system is proposed. The model can support the refinement of security requirements which are described in terms of the white-list, the experience of security analysts will be added to the model. And the translation between users’ security requirements and specific security policies, and the consistency of security policy can be drawn via an OWL reasoner. The feasibility of the method is illustrated by a concrete study case.

Key words: security requirement, operating system, security policy, ontology, access control