一个安全标记公共框架的设计与实现.pdfVIP

1000-9825/2003/14(3)0547 ©2003 Journal of Software 软 件 学 报 Vol.14, No.3 一个安全标记公共框架的设计与实现 + 梁洪亮 , 孙玉芳, 赵庆松, 张相锋, 孙 波 ( 中国科学院 软件研究所,北京 100080) Design and Implementation of a Security Label Common Framework + LIANG Hong-Liang , SUN Yu-F ang, ZHAO Qing-Song, ZHANG Xiang-F eng, SUN Bo (Institute of Software, The Chinese Academy of Sciences, Beijing 100080, China) + Corresponding author: Phn: 86-10ext 17, Fax: 86-10 E-mail: hollace@ Received 2002-01-31; Accepted 2002-04-11 Liang HL, Sun YF, Zhao QS, Zhang XF, Sun B. Design and implementation of a security label common framework. Journal of Software, 2003,14(3):547~552. Abstract : Labels are the foundation for implementing multilevel systems and the prerequisite of enforcing mandatory access control in secure systems. How to define and enforce label functions which support multiple security policies is the focus here. A security label common framework (SLCF) based on static object label and dynamic subject label is put forward. SLCF introduces the notation of access history and provides a complete label funtions set. Based on SLCF, both multilevel confidential policy and multilevel integrity policy can be expressed and enforced. SLCF is implemented in a secure operating system based on Linux, the experimental results show that the system based on SLCF is flexible and practicable. Key words : label framework; multilevel secure system; information flow control; confidentiality; integrity; secure operating system 摘 要: 标记是实现多级安全系统的基础, 实施强制访问控制的前提.如何确定和实现标记功能并使其支持多 种安全政策是研究的目的.提出了一个安全标记公共框架,该框架基于静态客体标记和动态主体标记, 引入了访 问历史的概念,并给出了一个完备的标记函数集合.基于此框架,既可以实施多等级保密性安全政策,又可以实施 多等级完整性安全政策.该框架在一个基于 Linux