###
DOI:
Journal of Software:2010.21(1):98-106

基于Biba和Clark-Wilson策略的混合强制完整性模型
周洲仪,贺也平,梁洪亮
(中国科学院 软件研究所 基础软件国家工程研究中心,北京 100190;中国科学院 研究生院,北京 100049)
Hybrid Mandatory Integrity Model Composed of Biba and Clark-Wilson Policy
ZHOU Zhou-Yi,HE Ye-Ping,LIANG Hong-Liang
()
Abstract
Chart / table
Reference
Similar Articles
Article :Browse 5954   Download 6008
Received:December 16, 2007    Revised:October 27, 2008
> 中文摘要: 商业应用需要实施完整性策略保护.Biba模型提供了一种简洁的多级完整性控制方案,但是需要引入可信主体来保证实施的可用性.而Clark-Wilson模型通过可监控的状态转换提供了一种完备的完整性保护,但其复杂性影响了该模型的完整实现.提出的模型以Biba严格完整性策略为基础,同时根据可信主体在其生命周期所属的状态实施Biba低水标策略.对可信主体在其生命周期发生的状态转换及相应的低水标参数调整,采用Clark-Wilson模型来进行监控.在有效解决了Biba策略的可用性问题和Clark-Wilson模型监控量过大给系统带来的配置和运行负担问题的同时,继承它们的优点.证明了该策略融合方案是可行的、安全的.
Abstract:Commercial application requires protection of integrity policy. Biba model provides a simple multi-level integrity access control scheme but it needs the introduction of trusted subject to ensure the usability. Clark-Wilson model provides a complete integrity protection by means of controlled state transaction, but its entire implementation is hindered by its complication. This paper proposes a model that enforces Biba strict integrity policy as basic access control mechanism, at the same time enforces Biba low-water-mark policy on trusted subjects according to the state in their lifecycle. Clark-Wilson model is used to control and audit subject’s state transition and run time adjustment of low-water-mark policy parameters. This paper solves the usability problem introduced by Biba policies and high configuration burden and runtime overload introduced by massive supervising task of Clark-Wilson, while at the same time borrows their merits. This policy composition scheme is proved to be applicable and secure.
文章编号:     中图分类号:    文献标志码:
基金项目:Supported by the National High-Tech Research and Development Plan of China under Grant No.2007AA010601 (国家高技术研究发展计划(863)); the Defense Pre-Research Project of the “Eleventh Five-Year-Plan” of China (国家“十一五”国防预研项目) Supported by the National High-Tech Research and Development Plan of China under Grant No.2007AA010601 (国家高技术研究发展计划(863)); the Defense Pre-Research Project of the “Eleventh Five-Year-Plan” of China (国家“十一五”国防预研项目)
Foundation items:
Reference text:

周洲仪,贺也平,梁洪亮.基于Biba和Clark-Wilson策略的混合强制完整性模型.软件学报,2010,21(1):98-106

ZHOU Zhou-Yi,HE Ye-Ping,LIANG Hong-Liang.Hybrid Mandatory Integrity Model Composed of Biba and Clark-Wilson Policy.Journal of Software,2010,21(1):98-106