MAO Weifeng,PING Lingdi,JIANG Li,CHEN Xiaoping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.068

2006-01-01

Abstract:SECOS is a secure operating system with independent intellectual property right,which accords with the requirements of level 4 secure operation system technology.This paper illustrates some key issues of the system,including design method for enchancement of security,improved model from the Bell-La Padula MAC(mandatory access control) implementation,the realization of the model,formal method during the system development,conversiion channel analysis and its prevention,and secure deletion.The performance evaluation shows the design and implementation of SECOS is effective.

ChaoQin Gao,Chuangbai Xiao,Yunxiang Gao,Xiao Xu

2011-01-01

Abstract:In order to solve the problem of protection and sharing of information in information system with multilevel security, the security requirements of information systems were analyzed, the BLP model of stand-alone computer systems was extended to information systems, the new interpretations of subjects and objects in information systems was introduced, the new need-to-share category was added to subjects and objects, and a multilevel security model for information sharing was developed. Then, the formal description of the security model was presented, the full set of access rules that apply to the system were established, and the security of the information system was proved. The new security model allows information being securely shared with the right users and protected from the wrong user, while maintaining the multilevel security of information system.

高朝勤,肖创柏,高允翔,徐潇

2012-01-01

Abstract:To address the problem of protection and sharing of information, the BLP model of stand-alone computer system was extended to information systems with multi-level security, the principle of need-to- share and the notion of multi-level object was introduced, and a multi-level security model of information system for application was developed. Then, some basic security assumptions were proposed, and the formal multi-level security model of information system was presented. The security model allowed the information to be securely shared with the right people and protected from the wrong people, while maintaining the multi-level security of information system.

GUO Jian-dong,QIN Zhi-guang,ZHENG Min

DOI: https://doi.org/10.3969/j.issn.1001-0548.2008.02.035

2008-01-01

Abstract:In order to construct a secure architecture which possesses enough strictness and practicability using mechanisms of password, log auditing, and authority, a model of security for information system including interface logic, business logic, and abnormal activity detection is proposed in this paper. The working flows and functions of main components of the model are described. At the same time the abnormal activities in an information system are analyzed, and the working methods of abnormal activities detector, a practical format of log data, and the protecting method of log file are introduced as well.

CHEN Lei-ting,WEN Li-Yu,LI Zhi-gang

DOI: https://doi.org/10.3969/j.issn.1001-0548.2005.03.023

2005-01-01

Abstract:This paper introduces the definition, standard and development on evaluation of information security; emphasis on Class of B2 in TCSEC, especially the security policy of B2, such as discretionary access control, object reuse, Labels (label integrity and exportation of labeled information) and mandatory access control. this paper also studies and analyses the other requirements for class B2, such as identification and authentication in the requirement of accountability; operational assurance (system architecture, system integrity, covert channel analysis and trusted facility management) and life-cycle assurance (security testing, design specification and verification and configuration management) in the requirement of assurance; security features user’s guide, trusted facility manual, test documentation and design documentation in the requirement of documentation. in the end of this paper, we study and comparatively analyses the class of B2 with the class of EAL5 in CC.

刘尊,李伟华,王涛

DOI: https://doi.org/10.3724/sp.j.1087.2009.02319

2009-01-01

Abstract:A Usable Security Protected Model(USPM)for operating system was proposed and implemented.This model provided enough security for operating system with good compatibility and less special configuration.With this model,one can keep the secret of confidential documents and protect important files from being damaged even after a successful attack.The authors used a rule that limited the activities of processes who communicated with the remote system to ensure the security of the operating system and a number of exceptions that permitted particular activities of particular process to improve the usability of the system.A set of tests show that the model is easy to use,and it has good security,lower costs and good compatibility.

Chao-Qin Gao,Chuang-Bai Xiao

DOI: https://doi.org/10.1109/cis.2011.142

2011-01-01

Abstract:With the rapid development of informationization process, the demand to collaborate, share, and exchange information between different departments of information systems has become more and more imperative. By introducing the principle of need-to-share and the notion of multi-level object, a multi-level security model of information systems based on the BLP model is proposed. Then, the formal description and security analysis of the multi-level security model is presented. The new security model allows information being securely shared with the right users and protected from the wrong users, while maintaining the multi-level security of information systems.

余冬梅,刘密霞,冯涛

DOI: https://doi.org/10.3969/j.issn.1673-629x.2004.02.041

2004-01-01

Abstract:The greater the availability of the network, the greater its vulnerability to threats from within and outside the organization. To an organization, an enterprise, constructing an appropriate network security system is very necessary. Based on a framework for network security system design put forwarded in, detailed analysis of the phase of network security design is made in this paper, and architecture model and policy management implemented model are given, which hangs security architecture, security policy implement and the enforced mechanism of network security together, and insures the transition between high-level security requirement analysis and the low-level system implementation smoothly.

蒋苹,胡华平,王奕

DOI: https://doi.org/10.3969/j.issn.1007-130x.2003.01.012

2003-01-01

Abstract:In this paper, the current situation and trend of research on computer information security systems are introduced first. Then, the defense-in-depth and assurance framework of computer information systems is presented , and the functions and subsystems are described. Finally the design scheme of security framework is presented.

Xian Wu,Peide Qian

2008-01-01

Abstract:In recent years, people, are paying more attention to the security of information system. With the research of secure operating system, many security models are proposed. This paper firstly introduces two widely-used security models in brief. The one is Bell-LaPadula model that is mainly used in military department for confidentiality purpose, the other is Clark-Wilson model that is mainly used in business department for integrity purpose. Using the idea of role concept in RBAC, we propose a multiple policy security model (MPSM) which supports both secrecy and integrity of information. We give the design of MPSM and discuss its policies of how to ensure secrecy and integrity. Then we implement MPSM as a security module of LSM in Linux. In this paper, we introduce the structure of MPSM and functions of its sub-modules. Finally, this paper addresses the evaluation of MPSM and other security models to show the usefulness of our work.

Zhou Guoqiang,Lu Wei,Zeng Qingkai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.11.002

2007-01-01

Abstract:An information security evaluation model is proposed.Based on the analyses of contents and functions of security evolution,the architecture of the security evaluation model and platform is presented,and its implementation is given.The main functions of this model are to organize,manage and control the security test and evaluation.It also has features in generalization,integration and configuration.

Dong LI,Xiao-jun LIU,De-jun MU

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.04.035

2005-01-01

Abstract:The object of security Linux OS is to achieve B class security function based on Linux OS. This OS includes powerful access control, multilevel security monitor, and privilege division and etc. The models and rules of security mechanism are also designed in this paper.

Tian Zhihong,Ye Jianwei,Wang Bailing,Liu Feng

DOI: https://doi.org/10.1109/itaic.2011.6030188

2011-01-01

Abstract:With rapid development of the Web system, security is becoming a most important part of computer science and technology. Security model introduced for Web resource as precise design guidance, which works during the entire design, coding, review process, evaluation and accreditation processes. There are several security models which focus on different aspects of security. This paper's intent is to introduce the most classical multilevel computer security model — Bell-LaPadula model(BLP) and some improvements that have been done well

Dabin Sun,Bowei Wang

DOI: https://doi.org/10.1109/ISMII52409.2021.00055

2021-01-01

Abstract:Information security is a widely discussed topic in the era of big data. With the rapid development of computer networks, various information security issues have frequently occurred. How to improve the level of computer network information security protection through the implementation of network security level protection is the direction that network security should focus on. Based on the existing security technology and products combined with the information security level protection system, this paper analyzes the relevant technical management requirements of the scheme design, and studies the design method and design process.

Engineering,Computer Science

GUO Yu-cui,LIU Si-qi,LEI Min,CHENG Ming-zhi

DOI: https://doi.org/10.3969/j.issn.1001-0548.2013.05.016

2013-01-01

Abstract:Nowadays, researches on information security mainly focus on practical technologies, and many of them, such as quantum cryptography, intrusion detection, and disaster recovery, have been highly developed and widely used. However, from the theoretical perspective, there is still a lack of systematical theory which can dominate the operation and guide the development of the information security system from a certain level. In this paper, information security system is researched from a new perspective based on general system theory for the purpose of providing a new way to study information security system. Analytic hierarchy process is adopted to analyze the influencing factors of information security system and relationships among the factors themselves. Then, the interaction among some of the factors is studied through a model of differential equations. As the results show, the model in this paper reflects the inner changes of information security system to a certain extent, and plays a guiding role in the development of information security system.

Hongliang Liang,YuFang Sun

2001-01-01

Abstract:The design of security architecture of a secure operating system that are difficult to build is a key consideration. In this paper we provide the security architecture and model the security policies of a secure operating system that implements the Bell-LaPadula model and low-water mark Biba model. we also present the access control attributes of system entities and describe how they are used in access control decision. We design the security architecture to support multiply security policies, and model it with the Unified Modeling Language(UML) and the Higher-Order Logic(HOL) techniques.

He LI,Shu-yang WANG

DOI: https://doi.org/10.3969/j.issn.1003-3033.2007.02.026

2007-01-01

Abstract:This paper presents a working model for information system security evaluation and related vulnerability management, defines some basic concepts in information security evaluation such as assets, value of assets, threat and vulnerability, and then puts forward some principles for the quantification of these concepts. Meanwhile, this working model, integrated model for risk calculation, and some related formulas are also introduced in detail. This research, on the one hand, aims to provide theoretical references for information security evaluation and subsequent vulnerability management, to improve the quality of risk assessment and to provide supporting platform for the assessment of enterprises' information security, and on the other, this research can also achieve some beneficial proposals for the construction of enterprises' information security evaluation management system.

陈建明,龚尧莞,王海峰

DOI: https://doi.org/10.3969/j.issn.1000-7180.2003.08.040

2003-01-01

Abstract:With the rapid development and wide application of information system,information security becomes one of the re-search hotspots.In this paper,a three-dimension model of in-formation system security,which is technology dimension,time dimension and management dimension,is proposed.This paper indicates the relationship between this three-dimension model and seven levels protocol of OSI/R.This model emphasizes that network security is important,the management is first in infor-mation system security,and human is key of security manage-ment.It is an important role to research information system se-curity.

Tianbo Lu,Xiaobo Guo,Lingling Zhao,Yang Li,Peng Lin,Binxing Fang

DOI: https://doi.org/10.14257/ijsia.2015.9.5.01

2015-01-01

International Journal of Security and Its Applications

Abstract:The study of security models for sensitive information systems has been taken on for years, but still lag far away behind the progress of information security practice. During this century, the thought of seeking the system security to the source of system development lifecycle received huge improvement in the system and software assurance domain. This paper firstly expounds the understanding of information security by illustrating information security study development progress since pre-computer age and presents a description of cyberspace and cyberization security by summarizing the status quo of cyberization. Then a security model called PDRL, which includes six core security attributes of sensitive information systems, is proposed to protect the security of sensitive information systems in the whole system life-cycle. At last, this paper probes into further discussion about controllability attribute and proposes a controllability model in sensitive sensor networks, followed by a probability computing formula and the example for computing the controllability of sensitive sensor networks. By dividing each single element of sensitive information and each element-related operation into a corresponding classification, this paper makes a reasonable description of the quantitative description about controllability.

GUO Jian-jun,ZHANG Jian,LIU Chang-ming

DOI: https://doi.org/10.3969/j.issn.1671-0428.2012.08.003

2012-01-01

Abstract:Aiming at centralized management of sensitive data,a centralized and encrypted storage solution is proposed.Security models of information system are researched.A centralized storage encryption system is designed.The security model is applied into the real system to guide the security and protection design in order to upgrade the system's safety and protection capability.