计算机工程与应用 ›› 2012, Vol. 48 ›› Issue (20): 117-122.

• 网络、通信、安全 • 上一篇    下一篇

一个多级安全通道建立协议及安全性分析

曹利峰1,陈性元1,杜学绘1,王怀鹏2   

  1. 1.解放军信息工程大学 电子技术学院,郑州 450004
    2.解放军防空兵指挥学院,郑州 450001
  • 出版日期:2012-07-11 发布日期:2012-07-10

Multi-level secure tunnel establishment protocol and its security analysis

CAO Lifeng1, CHEN Xingyuan1, DU Xuehui1, WANG Huaipeng2   

  1. 1.Institute of Electronic Technology, the PLA Information Engineering University, Zhengzhou 450004, China
    2.The PLA Air Defense Forces Command Academy, Zhengzhou 450001, China
  • Online:2012-07-11 Published:2012-07-10

摘要: 在研究等级化信息系统特点的基础之上,给出了一个等级化网络环境下安全通道建立协议LTEP,该协议通过联合机制确立了不同等级、不同敏感级的信息系统间通信关系,依据虚拟主体转换以及安全标记映射规则,实现了不同等级信息系统内通信主体的授权,克服了安全标记的异构性问题,而且协议所构建的多级安全通道能够有效地实现不同敏感级别信息传输的相互隔离。拓展了基于串空间的安全协议分析方法,从认证性、机密性、完整性等几个方面对LTEP 协议进行了安全性分析。

关键词: 等级保护, 多级安全, 安全通道, 虚拟主体, 串空间

Abstract: This paper analyzes the characteristics of classified information system, and puts forward a secure tunnel establishment protocol in classified network. The protocol establishes the relation of communication among different classified or level information systems by coalition, and according to virtual subject and mapping rules of secure label, it accomplishes authorization of subject and overcomes the heterogeneous of secure label in different information systems, moreover, multi-level secure tunnel established by the protocol may insulate different level information. It extends the method of secure protocol analysis based on strand space, and analyzes security of the protocol on authentication, confidentiality, integrality and so on.

Key words: classified security protection, Multi-Level Secure(MLS), secure tunnel, virtual subject, strand space