【打印本页】      【下载PDF全文】   View/Add Comment  Download reader   Close
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 4884次   下载 6101 本文二维码信息
码上扫一扫!
面向移动Web操作系统的BLP改进模型及应用
朱大立,杨莹,金昊,邵京,冯维淼
分享到: 微信 更多
(中国科学院大学, 北京 中国 100049;中国科学院信息工程研究第四研究室, 北京 中国 100093)
摘要:
作为重要的机密性策略经典模型,BLP模型通过对主体和客体进行分级和标记,并引入高安全等级的引用监视器,实现信息系统的强制访问。随着移动智能终端的普及,Web操作系统因其具有移动性、移植性、高扩展性和跨平台性等优点,成为移动政务系统的主要解决方案之一,并越来越受到研究人员的重视。但现有的Web操作系统对机密性要求不高,无法满足移动政务系统对安全保密的需求。本文从安全模型构建入手,对智能终端的Web操作系统进行抽象建模,并重定义BLP模型的元素,增强主客体的访问控制以提高其机密性。鉴于BLP模型缺乏可信主体的最小权限原则和完整性约束,本文在改进的BLP模型当中重新划分主体、客体的安全级,增加可信级别标记和角色映射函数,并针对现有的Web操作系统进行模型映射,实现了最小权限原则、主体完整性约束和域间隔离机制,可有效提高Web操作系统机密性等级。
关键词:  Web操作系统  BLP模型  移动终端  操作系统安全  最小权限原则  完整性  隔离
DOI:10.19363/j.cnki.cn10-1380/tn.2017.10.002
Received:May 06, 2016Revised:September 08, 2016
基金项目:中国科学院战略性先导专项项目:重点行业应用系统信息安防关键技术研究(No.XDA06010703)资助。
Research and Application of Improved BLP Model for Mobile Web Operating System
ZHU Dali,YANG Ying,JIN Hao,SHAO Jing,FENG Weimiao
University of Chinese Academy of Sciences, Beijing 100049, China;Institute of Information Engineering, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
Abstract:
BLP modeling of Web operating system, and redefines the model elements, mapping functions, as well as access control policy on both the subject and object to improve its confidentiality. As BLP model is lack of the least privilege principle on trusted subject and integrity constraints, we redraw the security level of the subject and object, add the tag of confidence level and role mapping function which is according to the existing security model of Web operating system. Finally, we implement the principle of least privilege, the integrity constraints on subjects and isolation mechanism between domains, which can effectively improve the security.
Key words:  Web operating system  BLP model  mobile terminal  operation system security  principle of least privilege  integrity  isolation