CHEN Jin,LV Hongbing,PAN Xuezeng

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.05.021

2011-01-01

Computer Engineering and Applications Journal

Abstract:The BLP can guarantee the security of information by allowing downward information flow from the low security level to high security level.However,under some circumstances,the upward information flow is also necessary.Clark-Wilson model is used to control and audit subject’s state transition and run time adjustment of low-water-mark policy parameters.This paper proposes a model that allows the upward information flow in the control of Clark-Wilson model.The model is proved secure and applicable.

曾璎珞,潘雪增,陈健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.052

2010-01-01

Abstract:This paper proposes a dynamic security access control model based on system reliability,so as to improve the flexibility of combination among multiple security access control strategies,and to ensure system security and practicality.The model can choose the proper kind of combination among the security access control strategies dynamically in order to deal with different system states and improve the whole system performance.Experimental results prove that this model makes the multiple strategies control more flexible,ensures the system security,and improves practicality of the system.

Xie Jun,Xu Feng,Huang Hao

2004-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:MLS (multilevel security) is being widely applied in many security critical systems, but it can't implement many important security policies such as channel-control. In this paper, the concept of trust degree is introduced into the MLS to implement policies like channel-control conveniently. An access control state machine model which enforces the trust degree based multilevel security policy is established, and is proved to be secure for this policy. It is also proved that this model can enforce all static information flow policies. An extension of the model is also offered to support the dynamic change of storage objects' security labels. The model avoids the disadvantage of MLS' not being able to resolve the problem of secure downgrading and not taking integrity into consideration, and at the same time it retains the advantage of easy understanding and use enjoyed by the traditional classified policy models.

袁平鹏,陈刚,董金祥

DOI: https://doi.org/10.3321/j.issn:1003-9775.2004.04.006

2004-01-01

Abstract:An access control paradigm composed of basic model and role model is proposed for collaborative applications. Basic model specifies the relationship among privileges and the way of ranking privileges. It relates privilege with operations on the objects, so the model appears more straightforward. Moreover, if Brokers' implementation permits, the model can support any grained access control. Role model re-defines the role concept of RBAC96, divides the permissions of role into public permissions, protect permissions and private permissions. It allows user to define roles more flexibly, prevents private permissions of roles from being inherited and reduces the definition of ancillary roles.

Lei Xia,Wei Huang,Hao Huang

DOI: https://doi.org/10.1007/978-3-540-77535-5_21

2007-01-01

Abstract:Multilevel security policies aim at only confidentiality assurance, with less consideration on integrity assurance and weakness in expressing channel control policies. Besides, the trusted subjects it introduces to handle the information flow "downgrade" have many security flaws. Moreover, increasing diversity of the computing environments results in various security requirements. However, current mainstream security models are aiming at only one or few requirements of them each. The Multi-Policy Views Security Model is presented, which is based on the MLS model, combining the domain and role attributes to the model, to enforce the expression power in channel control policies, make permission management more fine-grained and enhance the ability of confining the permission of the trusted subjects. Moreover, MPVSM has integrated the properties and functions of MLS, Domain-Type and Role Based models into one unified model. It is able to enforce multi-policy views in operating system in a flexible way.

Zhi-yong TAN,Duo LIU,Tian-ge SI,Yi-qi DAI

DOI: https://doi.org/10.3321/j.issn:0372-2112.2008.08.029

2008-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:A multilevel security (MLS) model with credibility characteristics was proposed to solve the problem of trusted subjects' hidden security flaw and poor system usability in present MLS systems. By introducing credibility labels of subjects and objects and credibility evaluation functions in original BLP model, it can evaluate credibility of access requests as well as corresponding credibility variation of subjects and objects. Since this model establishes restriction mechanism against trusted subjects and assigns limited privileges to all subjects, it is more flexible and practicable than present security-label based MLS models.

CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

Li Jiang,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1007/978-3-540-76788-6_6

2007-01-01

Abstract:Information flow and in particular noninterference ensure that sensitive information does not affect public information. But noninterference is too restrictive: real computing systems sometimes need to dynamically release certain amount of sensitive information. In this paper, we propose a new security property that requires the decision to perform information release have high integrity, and permits low integrity data which comes from untrusted sources to dynamically affect information release by upgrading (or endorsing) its integrity. To control such integrity upgrading, we introduce an endorsement mechanism that takes the form of a local integrity endorsing policy declaration. So the programmer can express more precise ways of endorsing, by specifying the integrity levels from which information may be endorsed. In addition, we show a new type system to enforce the security property.

YANG Hualin,GUO Tao,TONG Shuiguang

DOI: https://doi.org/10.3969/j.issn.1001-3881.2006.02.081

2006-01-01

Abstract:For the greater request of PDMS's security,static and dynamic data security model was presented,which realizes full-scale and partial security management pattern and the strict control of the database.For the new object,gene heredity based property inheritance model was given to speedup the course of security management.For the security of the net,cipher and digital signature were used to insure the integrality and secrecy during the data transmission.The PDMS's security was controlled roundly.

刘端阳,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.01.006

2004-01-01

Abstract:With the development of collaboration among enterprises, it is very desirable to securely exchange information between PDMs through Internet. The original user/password mechanism is very weak, unsecure and inflexible. And also,authorization based on PKC(public key certificate) cannot satisfy the temporary relations between enterprises. In order to satisfy the demand of secure information exchanges between enterprises, according with the genernal security management model of PDM system, This paper designed an AC(attribute certificate) model based on PKC. The model was based on TTP architecture to achieve trust between enterprises and automation of enterprises' collaboration, and reduced the startup cost. And it provides not only reliable authentication and data protection, but also flexible access control and secure audit, and effectively implements information exchanges between enterprises. The new model can be well used in the fields of automobile manufacture,electronics,mechanics and so on.

JIANG Li,CHEN Jian,PING Ling-di,CHEN Xiao-ping

DOI: https://doi.org/10.3785/j.issn.1008-973x.2010.05.004

2010-01-01

Abstract:In multithreaded environment,sensitive information is often deliberately released by many real applications and sometimes information needs to become more confidential. In order to address this situation,a security policy was defined in the style of strong bisimulation equivalence,which can handle both information leaking and erasing. The policy controls what information is released and guarantees that attackers cannot exploit information releasing mechanisms to reveal more sensitive data than intended. Moreover,it ensures that public data after erasing cannot be abused by attackers. Then a secure transforming type system was proposed to enforce the security policy by using the cross-copying technique,which can eliminate internal timing covert channels resulting from the interplay between different threads. The transforming type system can transform an insecure program into a secure one,trying to close information leaks. The secure program has the same structure as the original program and models the same timing behavior. Finally,the soundness of the type system was proved with respect to the operational semantics. Results indicate that if a program can be transformed according to typing rules,the resulting program satisfies the security policy.

Qian Wang,Zhiwei Xu,Shengzhi Qu

DOI: https://doi.org/10.4304/jsw.6.10.1945-1952

2011-01-01

Journal of Software

Abstract:k-anonymity is an important model in the field of privacy protection and it is an effective method to prevent privacy disclosure in micro-data release. However, it is ineffective for the attribute disclosure by the homogeneity attack. The existing models based on k-anonymity have solved this problem to a certain extent, but they did not distinguish the different values of the sensitive attribute, processed a series of unnecessary generalization and expanded the information loss when they protect the sensitive attribute. Based on k-anonymity, this paper proposed a model based on average leakage probability and probability difference of sensitive attribute value. It is not only an effective method to deal with the problem of attributes disclosure that k-anonymity cannot deal, but also to realize different levels of protection to the various sensitive attribute values. It has reduced the generalization to the data in the most possibility during the procedure and ensures the most effectiveness of quasi-identifier attributes. Greedy generalization algorithm based on the generalization information loss is also proposed in this paper. To choose the generalization attributes, the information loss is considered and the importance of generalization attribute to sensitive attribute is accounted as well. Comparison experiment and performance experiment are made to the proposed model. The experiment results show that the model is feasible.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

Xue Haiwei,Zhang Yunliang,Guo Zhien,Dai Yiqi

IF: 1.019

2014-01-01

Chinese Journal of Electronics

Abstract:Towards data leak caused by misoperation and malicious inside users, we proposed a multilevel security model based on Bell-lapadula（BLP） model. In our model each subject was assigned with a security level. Subjects can read objects only when their security levels are not less than objects’ security levels, and subjects can write objects only when their security levels are not more than objects’ security levels. The current security level in our model can be dynamically changed when users read sensitive data, since users can access data with different security levels in private cloud. Our model use mandatory access control method to control user’s operation and can guarantee that users can not leak sensitive data after they read them. Our model can be proved secure by mathematical method, and we implemented a prototype system of our model and the experimental results show that it is secure.

Zhiyong Tan,Duo Liu,Jie Lin,Yiqi Dai

DOI: https://doi.org/10.1109/NSWCTC.2009.194

2009-01-01

Abstract:A multilevel security (MLS) model with credibility characteristics, the credibility-based Bell-LaPadula (CBLP) security model, has been proposed to resolve the problem of trusted subjectspsila hidden security flaw and poor system usability in present MLS systems in the previous paper of the authors. A sampling statistics method is proposed in this paper to evaluate the availability of the CBLP model by obtaining the variation curve of the subjectspsila credibility and the rejection ratio of access operations. The validity of this method was achieved according to the strong law of large numbers and the central limit theorem. The sampling statistics results of the CBLP model in specific scenarios showed that it is highly consistent with that of the formal analysis method and has lower computational complexity.

Peisheng Han,Li Guo,Luyao Liu

DOI: https://doi.org/10.1109/eiecs53707.2021.9588053

2021-01-01

Abstract:Aiming at the problem of illegal access in cross domain access control in multi-level system, this paper proposes a D-BLP dynamic cross domain access control model by improving the BLP access control model. The set of secure labels is used to track the information flow in the system to ensure that the information can't be flowed to non-authorized subjects. Finally, the security of the model is proved by using the non-interference theory.

Luo Xing,Wang Wei,Shi Bole

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.02.024

2007-01-01

Abstract:In this paper,we proposed a formal security database system access model including a multilevel relation model and a element-level authorization.We extended sandhu's MLR model by giving a new explanation of how the database represents the real world.Under new semantic model,the data-borrow operation was strengthened.Further more,with the support of element-level authorization,user privilege management of database system could be more reasonable.

XIA Lei,HUANG Hao,YU Shu-ying,WANG Zhi-qiang

2007-01-01

Abstract:Increasing diversity and complexity of the computing environments result in various security requirements.MLS security policy only aims at confidentiality assurance,in less consideration of integrity assurance and weakness in channel control.To handle that the trusted subjects have many security shortcomings of MLS model,a multi-policy views security model(MPVSM)was presented.Based on the MLS model,MPVSM combined the domain and type attributes to the model,to enforce the channel control policy,make permission management more fine-grained and enhance the ability to confine the permission of the trusted subjects.MPVSM was also able to enforce multi-policy views in operating system in a flexible way.The implementation of the MPVSM model in our prototype trusted operating system Nutos was also introduced.

Pau-Chen Cheng,Pankaj Rohatgi,Claudia Keser,Paul A. Karger,Grant M. Wagner,Angela Schuett Reninger

DOI: https://doi.org/10.1109/sp.2007.21

2007-05-01

Abstract:This paper presents a new model for, or rather a new way of thinking about adaptive, risk—based access control. Our basic premise is that there is always inherent uncertainty and risk in access control decisions that is best addressed in an explicit way. We illustrate this concept by showing how the rationale of the well—known, Bell—Lapadula model based, Multi-Level Security (MLS) access control model could be used to develop a risk-adaptive access control model. This new model is more like a Fuzzy Logic control system [9] than a traditional access control system and hence the name “Fuzzy MLS”. The long version of this paper is published as an IBM Research Report [3].

Haiwei Xue,Xiong Liu,Dai, Yiqi

DOI: https://doi.org/10.1109/anthology.2013.6784892

2013-01-01

Abstract:Information privacy protection is an essential problem in internal networks. The Bell-LaPadula Model (abbreviated BLP) is a state machine model used for enforcing access control, while it can't be used for networks. L-BLP model is designed for Local Area Networks(LAN) while it can't be proved security. We reveal the security problems in L-BLP and propose a security model based on BLP. We define five new state transition rules, which are designed for LAN with high usability. Our model can be proved to be secure in mathematics, and we implement a prototype system based from it. The experimental results show that our model can effectively prevent leakages of secrets.