计算机工程与应用 ›› 2011, Vol. 47 ›› Issue (32): 118-122.

• 网络、通信、安全 • 上一篇    下一篇

多级安全网络区域边界访问控制模型研究

曹利峰,陈性元,杜学绘,夏春涛   

  1. 解放军信息工程大学 电子技术学院,郑州 450004
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2011-11-11 发布日期:2011-11-11

Research on access control model of enclave boundary in multi-level secure network

CAO Lifeng,CHEN Xingyuan,DU Xuehui,XIA Chuntao   

  1. Institute of Electronic Technology,the PLA Information Engineering University,Zhengzhou 450004,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-11-11 Published:2011-11-11

摘要: 分析了BLP模型在等级化网络应用中存在的不足,提出了一个适合于等级化网络特点的区域边界访问控制模型NBLP,该模型通过保护域间关系约束,有效地实施了多级区域边界安全互联控制;通过引入主体可信度,解决了等级化网络中特殊情况下的主体对客体的操作问题,增强了安全标记访问控制在网络应用中的灵活性与适应性;通过深入研究客体之间关系,分析了独立客体强关联性以及同类客体聚类问题而引起的泄密问题,提出了具有客体关系约束特征的访问控制,从而进一步增强了机密性安全属性的限制。

关键词: 安全标记, BLP模型, 可信度, 客体关联, 数据聚类

Abstract: The paper analyzes the disadvantage of BLP model in the application of multi-level secure network,on the basis of which a network enclave boundary BLP model is put forward for adapting to multi-level network.It imposes protection domain relational restriction to control the connection of multi-level network enclave boundary.It uses the trust degree of network subject to solve access control between subject and object on special situation,and strengthens flexibility and adaptability of access control based on secure label.At the same time,the relation of objects is studied deeply to analyze the problem about loss of secret for the association of independent objects and aggregation of similar objects and an access control with objects relational restriction is put forward to strengthen restriction of confidentiality in multi-level network.

Key words: secure label, BLP model, trust degree, object association, data aggregation