一种面向结构化保护的组件层次划分方法.pdfVIP

Computer Engineering and Applications 计算机工程与应用 2011 ,47(36) 25 一种面向结构化保护的组件层次划分方法 盖新貌 1·2 ，沈昌祥气李勇气刘毅 3 l 2 3 GAI Xinmao ? , SHEN Changxiang2.3 , LI Yong2.4 , L町 Yi 1.国防科学技术大学计算机学院，长沙 410073 2北京工业大学计算机学院，北京 100022 3. 海军计算技术研究所，北京 100141- 4.信息工程大学电子技术学院，郑州 450004 1.School of Computer, National University of Defense Technology , Changsha 410073 , China 2.School of Computer, Beijing University of Technology, Beijing 100022 , China 3.Computing Technology Research Institute of Navy ? Beijing 100141, China 4.lnstitute of Electronic Technology , Information Engineering University, Zhengzhou 450004, China GAI Xinmao, SHEN Changxiang, LI Yong , et aI.Method for layering components towards structured protection.Comput? er Engineering and Applications,201l ,47(36) :25-28. Abstract: It is stated in GB 17859-1999 that the fourth level security information system must implement structured protec? tion function , to which the availability way is dividing the system into different layers.Based on the ideology of Trusted Computing , by modeling the root of 位ust as 由e minimal element of a partial order set and using related knowledge about the complete partial order in set theory, a method for layering components of a system is proposed via dependencies be? tween them, followed by the proof of the completeness of the method.Further discussion also shows that the method can be employed in many other aspects of strengthening the system s security. Key words: structured protection; layering method; trusted computing; complete partial order; dependency 摘要: GB 17859-1999 中要求四级以上安全操作系统必须实现结构化保护功能，而层次化方法是实现结构化保护的一个有效途 径.基于可信计算思想，将可信根抽象为偏序集中的最小元，利用集合论中完全偏序集的相关知识，通过纽件间的依赖关系，提 出了一种纽件层次划分方法，并证明了层次划分方法的完备性.进一步分析表明，该方法能有效应用于增强系统安全性的研究。 关键词:结构化保护;层次化方法;可信计算;完全偏序集;依赖