Computer Engineering and Applications ›› 2011, Vol. 47 ›› Issue (4): 77-80.DOI: 10.3778/j.issn.1002-8331.2011.04.021

• 网络、通信、安全 • Previous Articles     Next Articles

Design and implementation of improved multiple-level security model

HU Ming,PAN Xuezeng,LI Wen   

  1. Department of Computer Science and Technology,Zhejiang University,Hangzhou 310027,China
  • Received:2010-05-31 Revised:2010-08-11 Online:2011-02-01 Published:2011-02-01
  • Contact: HU Ming


胡 明,潘雪增,李 文   

  1. 浙江大学 计算机科学与技术学院,杭州 310027
  • 通讯作者: 胡 明

Abstract: On the basis of the BLP model and RBAC model,a new improved multiple-level model is presented.The improved model has four important features:(1)carry out the control of integrity;(2)constrain the trusted subject and limit the right of other subjects;(3)realize RBAC model to assign the role and the permission;(4)fulfill the audit mechanism rules to monitor the security policy.Experimental results show that the improved model increases security and the usability.

Key words: control of integrity, trusted subject, Role-Based Access Control(RBAC) model, audit mechanism

摘要: 在分析BLP模型和RBAC模型及其相关衍生模型的基础上,提出一种改进的模型。改进模型主要有4个重要特点:(1)实施完整性控制,保证信息流上写安全性;(2)限定可信主体,赋予其余主体有限特权;(3)实施RBAC模型,分配角色和权限;(4)引入审计机制,提供策略监控。实验结果表明,改进后的模型在完善安全性的同时提高了实用性。

关键词: 完整性控制, 可信主体, 基于角色的访问控制(RBAC)模型, 审计机制

CLC Number: