Computer Engineering and Applications ›› 2007, Vol. 43 ›› Issue (15): 6-8.
• 博士论坛 • Previous Articles Next Articles
WU Hai-yan,TAN Cheng-xiang,WANG Hai-hang
Received:
Revised:
Online:
Published:
Contact:
武海燕,谭成翔,汪海航
通讯作者:
Abstract: In networks isolation system,implementing mandatory access control in both inner and outer units can improve the confidentiality and integrity of information exchange between inner and outer networks.This paper first analyzes the applying environment of BLP module.Secondly,it researches some basic principles and properties of BLP,and then proposes a feasible scheme to realize BLP using system call interposition,finally presents a method on Linux to realize BLP in the inner and outer units.
Key words: Mandatory Access Control(MAC), networks isolation, BLP, Loadable Kernel Modules(LKMs), Multi-Level Security (MLS)
摘要: 在网络隔离系统的内外网单元实施强制访问控制能进一步保证内外网信息交换的机密性和完整性。首先分析了BLP访问控制模型在网络隔离系统中的应用环境,研究了BLP访问控制的基本原理和相关特性,提出了基于系统调用置间的实现方案,最后给出了基于Linux的BLP访问控制方法在网络隔离系统内外网单元中的具体实现。
关键词: 强制访问控制, 网络隔离, BLP, LKMs, 多等级安全
WU Hai-yan,TAN Cheng-xiang,WANG Hai-hang. Application research of BLP in networks isolation system[J]. Computer Engineering and Applications, 2007, 43(15): 6-8.
武海燕,谭成翔,汪海航. BLP在网络隔离系统中的应用研究[J]. 计算机工程与应用, 2007, 43(15): 6-8.
0 / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://cea.ceaj.org/EN/
http://cea.ceaj.org/EN/Y2007/V43/I15/6
