计算机工程与应用 ›› 2017, Vol. 53 ›› Issue (9): 103-110.DOI: 10.3778/j.issn.1002-8331.1511-0127

• 网络、通信与安全 • 上一篇    下一篇

基于信息客体统一化描述的安全标记绑定研究

曹利峰1,李海华2,杜学绘1,陈性元1   

  1. 1.解放军信息工程大学,郑州 450004
    2.河南工业贸易职业学院,郑州 450001
  • 出版日期:2017-05-01 发布日期:2017-05-15

Research on binding of secure label based on unified description of information object

CAO Lifeng1, LI Haihua2, DU Xuehui1, CHEN Xingyuan1   

  1. 1.The PLA Information Engineering University, Zhengzhou 450004, China
    2.The Henan Industry and Trade Vocational College, Zhengzhou 450001, China
  • Online:2017-05-01 Published:2017-05-15

摘要: 安全标记与信息客体绑定,一直是制约多级安全走向网络实用化的关键问题。针对这一问题,提出了一种基于信息客体统一化描述的安全标记绑定方法。通过分析客体类型,给出了基于数据树的多类型客体的统一表示模型,据此基于数据树遍历给出了客体与安全标记绑定算法,并讨论了客体的相关操作及其访问控制机制的实施。该方法不仅可提高安全标记绑定的灵活性,实现多类型信息客体与安全标记绑定的统一,而且可实施更为细粒度的访问控制,解决系统间异构数据交换控制难的问题。

关键词: 等级保护, 多级安全, 数据树, 安全标记, 标记绑定

Abstract: How to bind secure label to information object is always a key problem that restricts MLS from practicality on network. This paper puts forward a method for binding secure label to information object based on unified description of information object. Firstly, this method analyzes types of information objects, and establishes unified description model of multi-types information objects based data tree. Then, an algorithm about binding secure label to information object is given based on traversal of tree. Finally, operations on information object in multilevel security network are discussed. The method can not only unify the method of binding between multi-types information object and secure label, which may improve flexibility of binding, but also accomplish fine-grained mandatory access control, which may solve the problem that access control of heterogeneous data among multilevel secure system is more difficult.

Key words: classified security protection, Multilevel Security(MLS), data tree, secure label, binding of secure label