计算机工程与应用 ›› 2011, Vol. 47 ›› Issue (5): 65-68.

• 研发、设计、测试 • 上一篇    下一篇

基于BLP和Clark-Wilson策略的混合强制模型

陈 进,吕红兵,潘雪增   

  1. 浙江大学 计算机科学与技术学院,杭州 310027
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2011-02-11 发布日期:2011-02-11

Hybrid mandatory model composed of BLP and Clark-Wilson policy

CHEN Jin,LV Hongbing,PAN Xuezeng   

  1. College of Computer Science and Technology,Zhejiang University,Hangzhou 310027,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-02-11 Published:2011-02-11

摘要: BLP模型通过允许低安全级别到高安全级别的信息流动,保证了信息的机密性。但是不能解决普遍存在的下向信息流。而Clark-Wilson模型通过可监控的状态转换提供了完整性保护。提出的模型以BLP控制策略为基础,并在Clark-Wilson模型的监控下,允许下向信息流的流动。证明了该模型是安全的,可行的。

关键词: 信息安全, BLP模型, Clark-Wilson模型, 强制访问控制

Abstract: The BLP can guarantee the security of information by allowing downward information flow from the low security level to high security level.However,under some circumstances,the upward information flow is also necessary.Clark-Wilson model is used to control and audit subject’s state transition and run time adjustment of low-water-mark policy parameters.This paper proposes a model that allows the upward information flow in the control of Clark-Wilson model.The model is proved secure and applicable.

Key words: information security, Bell-LaPadula(BLP) model, Clark-Wilson model, mandatory access control