应用规律下的BLP模型密级赋值方法

doi:10.3969/j.issn.1000-436x.2013.09.017

摘要/Abstract

摘要：

根据信息系统的主客体访问属性规律，给出了一种可行的BLP模型密级赋值方法，提出了2个归并条件。继而给出了归并后的BLP模型下的主客体密级赋值的数学模型。证明了当条件解是非常值赋值解时，其扩张还原解不一定是全局解的结果，但由该解可以得到全局解的近似条件修改赋值解。利用近似条件修改赋值解，给出了某国家级信息系统BLP模型的密级具体赋值，解决了应用中的实际困难问题。

关键词: 信息安全, BLP模型, 常值赋值, 条件修改赋值, 全局解, 条件解

Abstract:

According to the access attribute properties between subjects and objects in the information system,a viable method of the BLP model secret level valuation was given,and two merging conditions were put forward.The mathematical model of subject-object secret level valuation under BLP model was established on the two merging conditions.When the condition solution was not the constant one,its expansion solution being not sure the global one was proved,but the approximate condition modification valuation solution could be obtained from it.Using the above results,one difficult problem from one national information system about the BLP model secret level valuation was solved.

Key words: information security, BLP model, constant valuation, condition modification valuation, global solution, condition solution

董婵,范修斌,李有文,王建荣. 应用规律下的BLP模型密级赋值方法[J]. 通信学报, 2013, 34(9): 142-149.

Chan DONG,Xiu-bin FAN,You-wen LI,Jian-rong WANG. Secret level valuation method of BLP model based on some application properties[J]. Journal on Communications, 2013, 34(9): 142-149.

图/表 5

表1

表2

表3

表4

表5

参考文献 18

[1]	BELL D E , LAPADULA L J . Secure Computer Systems:Unified Exposition and Multics Interpretation[R]. Bedford,MA:The MITRE Corporation, 1976.
[2]	BELL DE , LAPADULA LJ . Secure Computer Systems:Mathematical Foundations[R]. Bedford,MA:Electronic Systems Division,Air Force System Command Corporation,Hanscom AFB, 1973.
[3]	BELL DE , LAPADULA L J . Secure Computer Systems:a Mathematical Model[R]. Bedford,MA:Electronic Systems Division,Air Force System Command Corporation,Hanscom AFB, 1973.
[4]	BIBA K J . Integrity Considerations for Secure Computer Systems[R]. Bedford,MA:USAF Electronic Systems Division,Hanscom AFB, 1977.
[5]	BRANSTAD D . Data categorization and labeling (executive summary)[A]. Proceedings of the 13th National Computer Security Conference[C]. Washington:NIST Press,USA, 1990. 32-33.
[6]	Department of Defense Computer Security Center . Department of Defense Trusted Computer System Evaluation Criteria[S]. Fort George G.Meade,MD 20755, 1983.
[7]	GLIGOR V D , BURCH E L , CHANDERSEKARAN C S . On the design and the implementation of secure Xenix workstation[A]. Proceedings of the 1986 IEEE Symposium on Security and Privacy[C]. IEEE Computer Society, 1986. 102-117.
[8]	LANDWEHR CE , HEITMEYER CL , MCLEAN J . Asecurity model for military message systems[J]. ACM Transactions on Computer Systems, 1984,9(3): 198-222.
[9]	MCILROY M D , REEDS J A . Multilevel security in the UNIX tradition[J]. Software Practice and Experience, 1992,22(8): 673-694.
[10]	费稼轩, 张涛, 林为民 ,等. 基于动态可信度量的敏感信息安全控制模型[J]. 计算机技术与发展, 2012,22(5): 237-241. FEI J X , ZHANG T , LIN W M ,et al. Secure control model of sensitive information based on dynamic trust measurement[J]. Computer Technology and Development, 2012,22(5): 237-241.
[11]	石文昌, 孙玉芳, 梁洪亮 . 经典 BLP 安全公理的一种适应性标记实施方法及其正确性[J]. 计算机研究与发展, 2001,38(11): 1366-1372. SHI W C , SUN Y F , LIANG H L . An adaptable labeling enforcement approach and its correctness for the classical BLP security axioms[J]. Computer Research and Development, 2001,38(11): 1366-1372.
[12]	梁洪亮, 孙玉芳, 赵庆松 . 一个安全标记公共框架的设计与实现[J]. 软件学报, 2003,14(3): 547-552. LIANG H L , SUN YF , ZHAO Q S . Design and implementation of a security label common framework[J]. Journal of Software, 2003,14(3): 547-552.
[13]	李益发, 沈昌祥 . 一种新的操作系统安全模型[J]. 中国科学 E辑, 2006,36(4): 37-356. LIYF , SHENCX . Anewkindofoperatingsystemsecuritymodel[J] Science in China Ser E, 2006,36(4): 37-356.
[14]	马新强, 黄羿, 李丹宁 . 基于扩充敏感标记的格理论模型研究[J]. 计算机工程, 2009,35(21): 171-173. MA X Q , HUANG Y , LI D N . Research on lattice theoretical model based on extended sensitivity label[J]. Computer Engineering, 2009,35(21): 171-173.
[15]	刘彦明, 董庆宽, 李小平 . BLP 模型的完整性增强研究[J]. 通信学报, 2010,31(2): 100-106. LIU Y M , DONG Q K , LI X P . Study on enhancing integrity for BLP model[J]. Journal on Communications, 2010,31(2): 100-106.
[16]	池亚平, 樊结, 程代伟 . 基于可信等级的BLP改进模型[J]. 计算机工程, 2012,38(8): 117-119. CHI Y P , FAN J , CHENG D W . Improved BLP model based on trusted level[J]. Computer Engineering, 2012,38(8): 117-119.
[17]	杨智, 金舒原, 段洣毅 ,等. 多级安全中敏感标记的最优化挖掘[J]. 软件学报, 2011,22(5): 1020-1030. YANG Z , JIN S Y , DUAN M Y ,et al. Optimal mining on security labels in multilevel security system[J]. Journal of Software, 2011,22(5): 1020-1030.
[18]	孙琦, 郑德勋, 沈仲琦 . 快速数论变换[M]. 北京: 科学出版社, 1980. SUN Q , ZHENG D X , SHEN Z Q . Fast Number Theory Transform[M]. Beijing: Science PressPress, 1980.

o						s
o	s₀	s₁	s₂	s₃	s₄		s₅	s₆	s₇	s₈	s₉
o₀	N	N	N	RW	RW		RW	RW	N	N	N
o₁	R	R	R	RW	RW		RW	RW	N	N	N
o₂	R	R	R	RW	RW		RW	RW	N	N	N
o₃	R	R	R	RW	RW		RW	RW	N	N	N
o₄	R	R	R	RW	RW		RW	RW	N	N	N
o₅	R	R	R	RW	RW		RW	RW	N	N	N
o₆	R	R	R	RW	RW		RW	RW	N	N	N
o₇	R	R	R	RW	RW		RW	RW	N	N	N
o₈	R	R	R	RW	RW		RW	RW	N	N	N
o₉	R	R	R	RW	RW		RW	RW	N	N	N
o₁₀	R	R	R	RW	RW		RW	RW	N	N	N
o₁₁	R	R	R	RW	RW		RW	RW	N	N	N
o₁₂	RW	RW	RW	RW	RW		RW	RW	N	N	N
o₁₃	RW	RW	RW	RW	RW		RW	RW	N	N	N
o₁₄	RW	RW	RW	RW	RW		RW	RW	N	N	N
o₁₅	RW	RW	RW	RW	RW		RW	RW	N	N	N
o₁₆	RW	RW	RW	RW	RW		RW	RW	RW	RW	RW
o₁₇	RW	RW	RW	RW	RW		RW	RW	RW	RW	RW
o₁₈	RW	RW	RW	RW	RW		RW	RW	RW	RW	RW
o₁₉	RW	RW	RW	RW	RW		RW	RW	RW	RW	RW
o₂₀	RW	RW	RW	RW	RW		RW	RW	RW	RW	RW
o₂₁	RW	RW	RW	RW	RW		RW	RW	RW	RW	RW
o₂₂	RW	RW	RW	RW	RW		RW	RW	RW	RW	RW
o₂₃	R	R	R	R	R		R	R	RW	RW	RW
o₂₄	R	R	R	R	R		R	R	RW	RW	RW
o₂₅	R	R	R	R	R		R	R	RW	RW	RW
o₂₆	R	R	R	R	R		R	R	RW	RW	RW
o₂₇	N	N	N	R	R		R	R	RW	RW	RW
o₂₈	N	N	N	R	R		R	R	RW	RW	RW
o₂₉	N	N	N	R	R		R	R	RW	RW	RW
o₃₀	N	N	N	R	R		R	R	RW	RW	RW
o₃₁	N	N	N	R	R		R	R	RW	RW	RW
o₃₂	N	N	N	N	N		N	N	R	R	R
o₃₃	N	N	N	N	N		N	N	R	R	R
o₃₄	N	N	N	N	N		N	N	R	R	R
o₃₅	N	N	N	N	N		N	N	R	R	R
o₃₆	N	N	N	N	N		N	N	R	R	R
o₃₇	N	N	N	N	N		N	N	R	R	R
o₃₈	R	R	R	N	N		N	N	R	R	R
o₃₉	R	R	R	N	N		N	N	R	R	R
o₄₀	R	R	R	N	N		N	N	R	R	R
o₄₁	R	R	R	N	N		N	N	R	R	R

o		s
o	s₀	s₃	s₇
o₀	N	RW	N
o₁	R	RW	N
o₁₂	RW	RW	N
o₁₆	RW	RW	RW
o₂₃	R	R	RW
o₂₇	N	R	RW
o₃₂	N	N	R
o₃₈	R	N	R

o			s
o	s₀	s₁		s₂	s₃
o₀	RW	RW		R	RW
o₁	RW	R		W	RW
o₂	R	W		RW	R
o₂	RW	R		W	RW

o			s
o	s₀	s₁		s₂	s₃
o₀	RW	RW		RW	R
o₁	RW	RW		R	W
o₂	RW	RW		R	W
o₃	R	R		W	RW

o		s
o	s₀	s₂	s₃
o₀	RW	RW	R
o₁	RW	R	W
o₃	R	W	RW