Yong Huang,Xuezeng Pan

DOI: https://doi.org/10.1007/978-3-642-23226-8_21

2011-01-01

Abstract:Aiming at the main problem that the link between the formal definition of multilevel security and security goal is not always clear, we propose a new definition of multilevel security closer to the practical application. Due to the fact that separability property based on the construction of covert channels is not practical, we introduce the concept of trusted domain to the theoretical framework initiated by the characteristics of transitive and intransitive security policy. Following that two intuitive propositions with the corresponding proof are proposed.

Xuezeng Pan

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.08.005

2009-01-01

Abstract:To resolve the problem that the simple combination of BLP and Biba models will lead to poor availability,a confidentiality and integrity dynamic union model based on multi-level security(MLS) policy was presented.The two dimensions of secure model are composed of confidentiality and integrity,on which the security label is separated into write privilege range and read privilege range respectively,whereupon subject's access range is adjusted dynamically according to the security label of related objects and the history situation of the subject's access,improving the agility and practicability of the model.The formal definition of this model was given,and the security was also analyzed with proof.Finally,examples were illuminated to show the effectiveness and usability of this model.

Ying Lenian,Wang Wei,Shi Bole

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.07.049

2009-01-01

Abstract:In this paper,we propose a new security database relational model,including a multilevel security model and enhanced foreign key referential function.We extend the Sandhu's MLR model with new semantics which represents the real world more rationally and practically.And the enhanced foreign key referential function increases the ability of modelling.

B. Thuraisingham,W. Ford

DOI: https://doi.org/10.1109/69.382297

IF: 9.235

1995-04-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:In a multilevel secure distributed database management system, users cleared at different security levels access and share a distributed database consisting of data at different sensitivity levels. An approach to assigning sensitivity levels, also called security levels, to data is one which utilizes constraints or classification rules. Security constraints provide an effective classification policy. They can be used to assign security levels to the data based on content, context, and time. We extend our previous work on security constraint processing in a centralized multilevel secure database management system by describing techniques for processing security constraints in a distributed environment during query, update, and database design operations.<>

computer science, information systems, artificial intelligence,engineering, electrical & electronic

CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

JIANG Li,CHEN Jian,PING Ling-di,CHEN Xiao-ping

DOI: https://doi.org/10.3785/j.issn.1008-973x.2010.05.004

2010-01-01

Abstract:In multithreaded environment,sensitive information is often deliberately released by many real applications and sometimes information needs to become more confidential. In order to address this situation,a security policy was defined in the style of strong bisimulation equivalence,which can handle both information leaking and erasing. The policy controls what information is released and guarantees that attackers cannot exploit information releasing mechanisms to reveal more sensitive data than intended. Moreover,it ensures that public data after erasing cannot be abused by attackers. Then a secure transforming type system was proposed to enforce the security policy by using the cross-copying technique,which can eliminate internal timing covert channels resulting from the interplay between different threads. The transforming type system can transform an insecure program into a secure one,trying to close information leaks. The secure program has the same structure as the original program and models the same timing behavior. Finally,the soundness of the type system was proved with respect to the operational semantics. Results indicate that if a program can be transformed according to typing rules,the resulting program satisfies the security policy.

Jifeng Guo

2007-01-01

Abstract:The centralized management and lack of dynamic multi-level security policies are two important limitations of the traditional multi-level security models and the real systems designed in light of them.This paper studies the distributed management and dynamic behavior for multi-level security.A domain-based distributed management model for multi-level security is presented.Several dynamic multi-level security policies are discussed.All the proposed security policies and present the corresponding implementation mechanism are analyzed.

魏杰,俞勇

DOI: https://doi.org/10.3969/j.issn.1007-757x.2007.09.011

2007-01-01

Abstract:The design of system access right on database level is always the core of the enterprise information system.It always takes up more than half the design time to develop.This article introduces a non-traditional,hierarchy-oriented security framework,and makes an in-depth comparison with the traditional security design.This design principle is more similar to Windows OS.In Windows OS,once a user obtains the access right to a folder,he can naturally obtain the access right to its sub-folders.This article also makes a brief research on the future development of this kind of security framework.

李斓,冯登国,徐震

DOI: https://doi.org/10.3321/j.issn:0372-2112.2004.10.012

2004-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:Security policy of multilevel security DBMS is expressed by many models. One of them is access control model. Mandatory Access Control (MAC) model guarantees that information flow in multilevel databases is in accordance with security policy. Role-Based Access Control can simplify administration of privileges in multilevel databases. This paper proposes an integrated model of RBAC and MAC. Multilevel role and internal role are defined, and some modified operations in the model are presented. Administration of privileges under MAC policy is done by system automatically. The integrated model can simplify administration of privileges, and is appropriate for multilevel relation database system which has many users or complex security levels. Some implementing mechanisms of the model are provided.

Pau-Chen Cheng,Pankaj Rohatgi,Claudia Keser,Paul A. Karger,Grant M. Wagner,Angela Schuett Reninger

DOI: https://doi.org/10.1109/sp.2007.21

2007-05-01

Abstract:This paper presents a new model for, or rather a new way of thinking about adaptive, risk—based access control. Our basic premise is that there is always inherent uncertainty and risk in access control decisions that is best addressed in an explicit way. We illustrate this concept by showing how the rationale of the well—known, Bell—Lapadula model based, Multi-Level Security (MLS) access control model could be used to develop a risk-adaptive access control model. This new model is more like a Fuzzy Logic control system [9] than a traditional access control system and hence the name “Fuzzy MLS”. The long version of this paper is published as an IBM Research Report [3].

Luo Xing,Wang Wei,Shi Bole

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.02.024

2007-01-01

Abstract:In this paper,we proposed a formal security database system access model including a multilevel relation model and a element-level authorization.We extended sandhu's MLR model by giving a new explanation of how the database represents the real world.Under new semantic model,the data-borrow operation was strengthened.Further more,with the support of element-level authorization,user privilege management of database system could be more reasonable.

HE Yong-Zhong,LI Lan,FENG Deng-Guo

DOI: https://doi.org/10.1360/jos161774

2005-01-01

Journal of Software

Abstract:This paper proposes a generic audit policy model on multilevel secure DBMS. The model is powerful expressively which not only expresses audit policy based on periodical time constraints, but also implements audit policy deduction based on rules. Furthermore, fine-grained audit policies are possible in this model with the introduction of object attribute predicate. The decidability of the model is proven and a decidability algorithm is

Yong-Zhong HE,Lan Li,FENG Deng-Guo

DOI: https://doi.org/10.1360/jos161774

2005-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:This paper proposes a generic audit policy model on multilevel secure DBMS. The model is powerful expressively which not only expresses audit policy based on periodical time constraints, but also implements audit policy deduction based on rules. Furthermore, fine-grained audit policies are possible in this model with the introduction of object attribute predicate. The decidability of the model is proven and a decidability algorithm is presented.

Zhi-yong TAN,Duo LIU,Tian-ge SI,Yi-qi DAI

DOI: https://doi.org/10.3321/j.issn:0372-2112.2008.08.029

2008-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:A multilevel security (MLS) model with credibility characteristics was proposed to solve the problem of trusted subjects' hidden security flaw and poor system usability in present MLS systems. By introducing credibility labels of subjects and objects and credibility evaluation functions in original BLP model, it can evaluate credibility of access requests as well as corresponding credibility variation of subjects and objects. Since this model establishes restriction mechanism against trusted subjects and assigns limited privileges to all subjects, it is more flexible and practicable than present security-label based MLS models.

刘雄,谭智勇,刘铎,戴一奇

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2010.01.028

2010-01-01

Abstract:The BLP (Bell-LaPadula) model and its derivatives are normally used to implement secure policies in multilevel security systems. The derivatives improved the flexibility but also introduce risks which have not been analyzed in detail. This paper investigates the multilevel security model with credibility characteristics to analyze the security of actions using the quantitative risk analysis method to compute the expected damage resulting from an action. The analysis result can be used to evaluate system security and as a criterion to judge the validity of the action. The system can then control the damage and improve flexibility.

Yixin Jiang,Chuang Lin,Zhangxi Tan

DOI: https://doi.org/10.1109/ICSMC.2003.1244629

2003-01-01

Abstract:A large network is composed of many autonomous security domains. Based on the definition of security domain, a lattice model of security domains is described. Subsequently, a model of multilevel security domains combined with the multilevel security is derived. Another important concept tied up with multilevel security domains is authentication. According to the trust relationships between different security domains, an authentication architecture and two authentication protocols suitable for multilevel security domains are proposed in this paper. At last, the authentication protocol is formally analyzed with the aid of the BAN logic.

Xue Haiwei,Zhang Yunliang,Guo Zhien,Dai Yiqi

IF: 1.019

2014-01-01

Chinese Journal of Electronics

Abstract:Towards data leak caused by misoperation and malicious inside users, we proposed a multilevel security model based on Bell-lapadula（BLP） model. In our model each subject was assigned with a security level. Subjects can read objects only when their security levels are not less than objects’ security levels, and subjects can write objects only when their security levels are not more than objects’ security levels. The current security level in our model can be dynamically changed when users read sensitive data, since users can access data with different security levels in private cloud. Our model use mandatory access control method to control user’s operation and can guarantee that users can not leak sensitive data after they read them. Our model can be proved secure by mathematical method, and we implemented a prototype system of our model and the experimental results show that it is secure.

Zhiyong Tan,Duo Liu,Jie Lin,Yiqi Dai

DOI: https://doi.org/10.1109/NSWCTC.2009.194

2009-01-01

Abstract:A multilevel security (MLS) model with credibility characteristics, the credibility-based Bell-LaPadula (CBLP) security model, has been proposed to resolve the problem of trusted subjectspsila hidden security flaw and poor system usability in present MLS systems in the previous paper of the authors. A sampling statistics method is proposed in this paper to evaluate the availability of the CBLP model by obtaining the variation curve of the subjectspsila credibility and the rejection ratio of access operations. The validity of this method was achieved according to the strong law of large numbers and the central limit theorem. The sampling statistics results of the CBLP model in specific scenarios showed that it is highly consistent with that of the formal analysis method and has lower computational complexity.

Xie Jun,Xu Feng,Huang Hao

2004-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:MLS (multilevel security) is being widely applied in many security critical systems, but it can't implement many important security policies such as channel-control. In this paper, the concept of trust degree is introduced into the MLS to implement policies like channel-control conveniently. An access control state machine model which enforces the trust degree based multilevel security policy is established, and is proved to be secure for this policy. It is also proved that this model can enforce all static information flow policies. An extension of the model is also offered to support the dynamic change of storage objects' security labels. The model avoids the disadvantage of MLS' not being able to resolve the problem of secure downgrading and not taking integrity into consideration, and at the same time it retains the advantage of easy understanding and use enjoyed by the traditional classified policy models.

Da-Wei Wang,Churn-Jung Liau,Tsan-sheng Hsu,Jeremy K.-P. Chen

DOI: https://doi.org/10.1016/j.ijar.2006.04.002

IF: 4.452

2006-10-01

International Journal of Approximate Reasoning

Abstract:We assume that a database of personal information comprises records of individuals that contain confidential or sensitive fields. Queries about the distribution of a sensitive field within a selected population in the database can be submitted to the data center. However, the answers to the queries may leak confidential information about some individuals, even though no identification information is provided. Inspired by decision theory, we present two quantitative models for privacy protection in such a database query or linkage environment. One models the value of information from the viewpoint of the querier, while the other models the damage caused by and compensation for privacy leakage.In both models, we define the information state by a class of probability distributions on a set of possible confidential values. These states can be modified and refined by the user’s knowledge acquisition behavior. In the first model, the value of information is defined as the expected gain of the querier, and privacy is protected by imposing costs on the answers to the queries to balance any potential gain. In the second model, the safety of information is guaranteed by ensuring that anyone misusing private information must pay more compensation than the value of the possible gain.

computer science, artificial intelligence