Computer Engineering and Applications ›› 2008, Vol. 44 ›› Issue (22): 124-128.DOI: 10.3778/j.issn.1002-8331.2008.22.037

• 网络、通信、安全 • Previous Articles     Next Articles

Multi-level security model with dynamic adaptation in multiple domains systems

GE Fang-bin1,YANG Lin2,WANG Jian-xin2   

  1. 1.College of Command Automation,PLA University of Science and Technology,Nanjing 210007,China
    2.Institute of China Electronic System Engineering,Beijing 100039,China
  • Received:2007-07-23 Revised:2008-04-14 Online:2008-07-11 Published:2008-07-11
  • Contact: GE Fang-bin


葛方斌1,杨 林2,王建新2   

  1. 1.解放军理工大学 指挥自动化学院,南京 210007
    2.中国电子系统工程研究所,北京 100039
  • 通讯作者: 葛方斌

Abstract: Because BLP model is deficient in respect of flexibleness of implementation and cannot satisfies access control demand of layer systems with multiple domains,DMDBLP model which is the development of BLP model is proposed.Concept of domain is introduced in the model.Access control is divided into two types—that in a domain and that between domains,which is adaptive for the multiple domains environments.In addition,the mechanism of adjusting sensitivity labels dynamically is appended.The flexibleness of access control is enhanced.The analysis to the model indicates that the access controls of the model are flexible and secure.

Key words: BLP model, domain, sensitivity label, DMDBLP model

摘要: 针对BLP模型在实施灵活性方面的不足以及不能满足多域分层系统访问控制需求的实际,提出了BLP的扩展模型——DMDBLP模型。模型中引入了域概念,将访问控制区分为域内和域间两种情况,适应了多域环境的需求。同时,在模型中增加了敏感标记的动态调整机制,提高了访问控制的灵活性。对模型的分析表明,模型的访问控制不仅是灵活的,也是安全的。

关键词: BLP模型, 域, 敏感标记, DMDBLP模型