Zhiyong Tan,Duo Liu,Jie Lin,Yiqi Dai

DOI: https://doi.org/10.1109/NSWCTC.2009.194

2009-01-01

Abstract:A multilevel security (MLS) model with credibility characteristics, the credibility-based Bell-LaPadula (CBLP) security model, has been proposed to resolve the problem of trusted subjectspsila hidden security flaw and poor system usability in present MLS systems in the previous paper of the authors. A sampling statistics method is proposed in this paper to evaluate the availability of the CBLP model by obtaining the variation curve of the subjectspsila credibility and the rejection ratio of access operations. The validity of this method was achieved according to the strong law of large numbers and the central limit theorem. The sampling statistics results of the CBLP model in specific scenarios showed that it is highly consistent with that of the formal analysis method and has lower computational complexity.

Xuezeng Pan

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.08.005

2009-01-01

Abstract:To resolve the problem that the simple combination of BLP and Biba models will lead to poor availability,a confidentiality and integrity dynamic union model based on multi-level security(MLS) policy was presented.The two dimensions of secure model are composed of confidentiality and integrity,on which the security label is separated into write privilege range and read privilege range respectively,whereupon subject's access range is adjusted dynamically according to the security label of related objects and the history situation of the subject's access,improving the agility and practicability of the model.The formal definition of this model was given,and the security was also analyzed with proof.Finally,examples were illuminated to show the effectiveness and usability of this model.

Tan Zhiyong,Liu Duo,Dai Yiqi

DOI: https://doi.org/10.23919/cje.2010.10159181

IF: 1.019

2010-01-01

Chinese Journal of Electronics

Abstract:To evaluate and choose proper credibility evaluation functions and credibility threshold parameters in the Multilevel security (MLS) system based on the CBLP model which was proposed in the authors' previous paper, we devised a sampling statistics method to evaluate the availability of the MLS system, by obtaining the change curve of the subjects' credibility and the rejection ratio of access operations. The validity of this method was evaluated according to the strong law of large numbers and the central limit theorem. The analysis of specific scenarios showed that the result of the sampling statistics method is highly consistent with that of the formal analysis methods. Then an implementation framework based on the availability evaluation method is proposed. Since it is hard to evaluate the availability of the system completely by formalization analysis, the sampling statistics analysis method can provide an important reference for the effective implementation of the CBLP system.

Xie Jun,Xu Feng,Huang Hao

2004-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:MLS (multilevel security) is being widely applied in many security critical systems, but it can't implement many important security policies such as channel-control. In this paper, the concept of trust degree is introduced into the MLS to implement policies like channel-control conveniently. An access control state machine model which enforces the trust degree based multilevel security policy is established, and is proved to be secure for this policy. It is also proved that this model can enforce all static information flow policies. An extension of the model is also offered to support the dynamic change of storage objects' security labels. The model avoids the disadvantage of MLS' not being able to resolve the problem of secure downgrading and not taking integrity into consideration, and at the same time it retains the advantage of easy understanding and use enjoyed by the traditional classified policy models.

Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/fitme.2009.68

2009-01-01

Abstract:During the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of attestation method of certifier. This paper designs an attestation method model of property remote attestation, and applies the authentication and access control logic technology to make formal description for the participants of attestation method of property remote attestation, and finally prove the credibility of attestation method. Paper's research conclusion proves, after increasing the authority of certificate and trusted property certificate, the credibility of property remote attestation method can be guaranteed among the computing environment applying the public key infrastructure participates.

Jinyu Liu,Ziyang Wang,Qing Yang,Sissi Xiaoxiao Wu

DOI: https://doi.org/10.1109/wocc55104.2022.9880591

2022-01-01

Abstract:We focus on the security issues of decentralized federated learning systems for the core requirements of secure environments and trusted computing for applications such as medical big data, distributed cognitive learning, and autonomous driving. We propose a three-layer security assurance model that aims to ensure secure trusted computing in decentralized networks. Therein, the first-layer security model realizes the authentication of trusted users through blockchain technology to ensure the safe access of legitimate users to the greatest extent; the second-layer security model utilizes the trusted execution environment (TEE) technology to realize the privacy protection and trusted computing of each local user; the last layer of security model adopts a set of detection and location algorithms for defending the internal attackers, in case the first two layers of models fail. Our experimental results show that the proposed three-layer security model can effectively defend against external and internal attacks in the network, thereby promoting secure and trusted computing in distributed federated learning networks.

Cui Yan-Li,Xing Zhang

DOI: https://doi.org/10.1109/PACIIA.2009.5406422

2009-01-01

Abstract:For trusted computing technology, as the basis of remote attestation, system integrity measurement whose theory model and application research is all along a discussed focus. Integrity measurement of binary system of trusted computing technology used the transmission model of trust chain, but the development of this model is late to the development of remote attestation. This paper mainly concerns systems integrity measurement of property remote attestation, adds certificate authority and trusted property authority based on the original binary integrity measurement, realizes the conversion from binary fingerprints convert to property remote attestation. Combining the new features of property remote attestation, this paper uses the predicate logic to prove the credibility of systems integrity measurement of property remote attestation. ©2009 IEEE.

Yong Huang,Xuezeng Pan

DOI: https://doi.org/10.1007/978-3-642-23226-8_21

2011-01-01

Abstract:Aiming at the main problem that the link between the formal definition of multilevel security and security goal is not always clear, we propose a new definition of multilevel security closer to the practical application. Due to the fact that separability property based on the construction of covert channels is not practical, we introduce the concept of trusted domain to the theoretical framework initiated by the characteristics of transitive and intransitive security policy. Following that two intuitive propositions with the corresponding proof are proposed.

CHEN Jin,LV Hongbing,PAN Xuezeng

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.05.021

2011-01-01

Computer Engineering and Applications Journal

Abstract:The BLP can guarantee the security of information by allowing downward information flow from the low security level to high security level.However,under some circumstances,the upward information flow is also necessary.Clark-Wilson model is used to control and audit subject’s state transition and run time adjustment of low-water-mark policy parameters.This paper proposes a model that allows the upward information flow in the control of Clark-Wilson model.The model is proved secure and applicable.

Jun Li,Xiaolin Zheng,Yafeng Wu,Deren Chen

DOI: https://doi.org/10.1109/icebe.2010.27

2010-01-01

Abstract:In C2C e-commerce environment it is possible and indeed quite common to deal with unknown sellers, whose reliability are unknown. Reputation system is a popular technique currently used for providing a global quality score of sellers to consumers. However, such global information is far enough for clients to choose the most qualified products. In the real word, we always ask our trusted friends for some recommended information or trust the information recommended by the clients who have similar preference in recommender systems. Aiming at providing some more useful trust information to consumers, we propose a computational trust model based on the social network which is constructed by the similarity of users in the C2C e-commerce environment, and use a local trust metric for propagating trust in the constructed network. Experiments show that our model can produce a personalized recommended trust value for a specific user, which is more accuracy than a global value in some cases.

Wen Li,Lingdi Ping,Kuijun Lu,Xiaoping Chen

DOI: https://doi.org/10.1109/ICIE.2009.33

2009-01-01

Abstract:As traditional network security cannot meet the security requirements, the international research shows that network security is on the way to Trustworthy Internet and that the trustworthy issue becomes a hot topic in the future Internet. Trust evaluation of users' behavior is an important part of Trustworthy Internet and a rational trust model plays a key role in the evaluation. This paper concludes many principles of the trust model by analyzing existing trust models and proposes a novel trust model including both the direct and indirect trust. In our model, the direct trust is more trustworthy and is weighted more with the more and more interactions and the indirect evaluation becomes less and less important. The subjective factor is considered to make the direct trust obey the principle of "rise-lowly, decline-quickly". Furthermore, recommenders' credibility is taken into account in the indirect trust evaluation, which can avoid the denigration and make indirect trust more objective. We also consider the process of referral of the credibility to gain more information to evaluate the indirect trust effectively. Credibility evaluation is the basis of the filtering of low credibility and the improvement of trust evaluation. Finally, several experiments are shown to illustrate the properties of the model. © 2009 IEEE.

曾璎珞,潘雪增,陈健

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.10.052

2010-01-01

Abstract:This paper proposes a dynamic security access control model based on system reliability,so as to improve the flexibility of combination among multiple security access control strategies,and to ensure system security and practicality.The model can choose the proper kind of combination among the security access control strategies dynamically in order to deal with different system states and improve the whole system performance.Experimental results prove that this model makes the multiple strategies control more flexible,ensures the system security,and improves practicality of the system.

Lei Xia,Wei Huang,Hao Huang

DOI: https://doi.org/10.1007/978-3-540-77535-5_21

2007-01-01

Abstract:Multilevel security policies aim at only confidentiality assurance, with less consideration on integrity assurance and weakness in expressing channel control policies. Besides, the trusted subjects it introduces to handle the information flow "downgrade" have many security flaws. Moreover, increasing diversity of the computing environments results in various security requirements. However, current mainstream security models are aiming at only one or few requirements of them each. The Multi-Policy Views Security Model is presented, which is based on the MLS model, combining the domain and role attributes to the model, to enforce the expression power in channel control policies, make permission management more fine-grained and enhance the ability of confining the permission of the trusted subjects. Moreover, MPVSM has integrated the properties and functions of MLS, Domain-Type and Role Based models into one unified model. It is able to enforce multi-policy views in operating system in a flexible way.

刘雄,谭智勇,刘铎,戴一奇

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2010.01.028

2010-01-01

Abstract:The BLP (Bell-LaPadula) model and its derivatives are normally used to implement secure policies in multilevel security systems. The derivatives improved the flexibility but also introduce risks which have not been analyzed in detail. This paper investigates the multilevel security model with credibility characteristics to analyze the security of actions using the quantitative risk analysis method to compute the expected damage resulting from an action. The analysis result can be used to evaluate system security and as a criterion to judge the validity of the action. The system can then control the damage and improve flexibility.

LIU Xiong,ZHUO Xue-jun,TANG Yong-li,DAI Yi-qi

2010-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:Many typical security models have been proposed, such as the BLP model and the nondeducibility model, however, these models have some disadvantages and limitations in theoretical analysis or implementation respectively. For instance, BLP model did not take the covert channel into account, and the nondeducibility model cannot be applied to the nondeterministic systems. Considering these shortages brought about by the existing works, this paper take the properties of the covert channel as a main consideration, and propose a novel finite-information-leakage-tolerance communication channel model based on the BLP model. The proposed model finds a tradeoff between the availability and security of the practical system by adjusting the upper bound of the channel capacity of the information leakage.

Pau-Chen Cheng,Pankaj Rohatgi,Claudia Keser,Paul A. Karger,Grant M. Wagner,Angela Schuett Reninger

DOI: https://doi.org/10.1109/sp.2007.21

2007-05-01

Abstract:This paper presents a new model for, or rather a new way of thinking about adaptive, risk—based access control. Our basic premise is that there is always inherent uncertainty and risk in access control decisions that is best addressed in an explicit way. We illustrate this concept by showing how the rationale of the well—known, Bell—Lapadula model based, Multi-Level Security (MLS) access control model could be used to develop a risk-adaptive access control model. This new model is more like a Fuzzy Logic control system [9] than a traditional access control system and hence the name “Fuzzy MLS”. The long version of this paper is published as an IBM Research Report [3].

Yixin Jiang,Chuang Lin,Zhangxi Tan

DOI: https://doi.org/10.1109/ICSMC.2003.1244629

2003-01-01

Abstract:A large network is composed of many autonomous security domains. Based on the definition of security domain, a lattice model of security domains is described. Subsequently, a model of multilevel security domains combined with the multilevel security is derived. Another important concept tied up with multilevel security domains is authentication. According to the trust relationships between different security domains, an authentication architecture and two authentication protocols suitable for multilevel security domains are proposed in this paper. At last, the authentication protocol is formally analyzed with the aid of the BAN logic.

Xue Haiwei,Zhang Yunliang,Guo Zhien,Dai Yiqi

IF: 1.019

2014-01-01

Chinese Journal of Electronics

Abstract:Towards data leak caused by misoperation and malicious inside users, we proposed a multilevel security model based on Bell-lapadula（BLP） model. In our model each subject was assigned with a security level. Subjects can read objects only when their security levels are not less than objects’ security levels, and subjects can write objects only when their security levels are not more than objects’ security levels. The current security level in our model can be dynamically changed when users read sensitive data, since users can access data with different security levels in private cloud. Our model use mandatory access control method to control user’s operation and can guarantee that users can not leak sensitive data after they read them. Our model can be proved secure by mathematical method, and we implemented a prototype system of our model and the experimental results show that it is secure.

Liu Yanzhao,Zhang Lei,Luo Ping,Yao

DOI: https://doi.org/10.1109/paap.2012.47

2012-01-01

Abstract:This paper first analyzes the credibility of human society issues, gives a credible model, revealing the essence of credibility, that man's morality, competence and confidentiality of three aspects. Based on these we analyze the credible issue of the network software, and establish the credibility of a general model and a utility model, give the definition of software credibility and credible degree, and propose the key attributes or evidence of the software credibility: the identity evidence, the evidence of the basic norms and the capability. And finally with the general reliability, anti-aggressive and the basic norms to measure the software credibility is proposed. The software faults and vulnerabilities are classified in this paper, and an assessment method and a credibility formula to the credibility of the network software are given.

XIA Lei,HUANG Hao,YU Shu-ying,WANG Zhi-qiang

2007-01-01

Abstract:Increasing diversity and complexity of the computing environments result in various security requirements.MLS security policy only aims at confidentiality assurance,in less consideration of integrity assurance and weakness in channel control.To handle that the trusted subjects have many security shortcomings of MLS model,a multi-policy views security model(MPVSM)was presented.Based on the MLS model,MPVSM combined the domain and type attributes to the model,to enforce the channel control policy,make permission management more fine-grained and enhance the ability to confine the permission of the trusted subjects.MPVSM was also able to enforce multi-policy views in operating system in a flexible way.The implementation of the MPVSM model in our prototype trusted operating system Nutos was also introduced.