安全模型-南京大学计算机科学与技术系.pdf

第7章 安全模型 南京大学计算机系 黄皓教授 2010年12月13日-12月6日 参考文献 I. Simone Fischer-Hübner ，IT-Security and Privacy ，Lecture Notes in Computer Science 1958. II. D. Elliott Bell and Leonard J. LaPadula ，Secure Computer Systems: Mathematical Foundations。 III. D. Elliott Bell and Leonard J. LaPadula ，Secure Computer Systems: Mathematical Model。 IV. K.J. Biba, Integrity Considerations for Secure Computer Systems, USAF Electronic Systems Division, Bedford, Mass., April 1977. V. David D. Clark, David Il. Wilson, A Comparison of Commercial and MilitarY computer Security Policies ，IEEE Symposium on Security and Privacy April 27 - 29, 1987, pp184-194. VI. D.Brewer, M.Nash, The Chinese Wall Security Policy, Proceedings of the 1989 IEEE Symposium on Security and Privacy, Oakland, May 1989. 2010-12-13 南京大学计算机系讲义 2 Contents 1. Basic Concept 2. The Generalised Framework for Access Control (GFAC) 3. Bell La Padula Model 4. Biba model 5. Clark-Wilson Model 6. Chinese Wall Model 7. RBAC 8. TBAC 9. Noninterference Model 2010-12-13 南京大学计算机系讲义 3 1. Basic Concept 1. Basic Concept IT-Security  View: protection of the system, protection from the system;  Aims: confidentiality, integrity , availability, reliability, functionality, anonymity, pseudonymity, unobservability, unlinkablity;  Security models  Security functions: IA, AC, Audit, Object reuse, reliability of service,  Security mechanism ：password, ACL, cryptography, physical control,etc. 2010-12-13 南京大学计算机系讲义 5 Security Aims  Confidentiality: prevention of unauthorised or improper disclosure of data.  Integrity: data continues to be a proper physical a