黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

Chao-Qin Gao,Chuang-Bai Xiao

DOI: https://doi.org/10.1109/cis.2011.142

2011-01-01

Abstract:With the rapid development of informationization process, the demand to collaborate, share, and exchange information between different departments of information systems has become more and more imperative. By introducing the principle of need-to-share and the notion of multi-level object, a multi-level security model of information systems based on the BLP model is proposed. Then, the formal description and security analysis of the multi-level security model is presented. The new security model allows information being securely shared with the right users and protected from the wrong users, while maintaining the multi-level security of information systems.

高朝勤,肖创柏,高允翔,徐潇

2012-01-01

Abstract:To address the problem of protection and sharing of information, the BLP model of stand-alone computer system was extended to information systems with multi-level security, the principle of need-to- share and the notion of multi-level object was introduced, and a multi-level security model of information system for application was developed. Then, some basic security assumptions were proposed, and the formal multi-level security model of information system was presented. The security model allowed the information to be securely shared with the right people and protected from the wrong people, while maintaining the multi-level security of information system.

刘尊,安喜锋,李伟华

DOI: https://doi.org/10.3778/j.issn.1002-8331.2009.14.030

2009-01-01

Abstract:This paper gives a multilevel security model based on dynamic security level named Dynamic Multilevel Security (DMLS) model.DMLS uses a couple of dynamic security levels of highest inflow and lowest outflow to replace the current security level of BLP model.With these dynamic security levels,DMLS can control the access of subjects to objects flexibly.In order to use the dynamic security level,DMLS makes a corresponding changes to the five of eleven rules of classic BLP model and the model is proved to be correct through formal methods.At last an application of DMLS to enhance security of linux is given.

Xue Haiwei,Zhang Yunliang,Guo Zhien,Dai Yiqi

IF: 1.019

2014-01-01

Chinese Journal of Electronics

Abstract:Towards data leak caused by misoperation and malicious inside users, we proposed a multilevel security model based on Bell-lapadula（BLP） model. In our model each subject was assigned with a security level. Subjects can read objects only when their security levels are not less than objects’ security levels, and subjects can write objects only when their security levels are not more than objects’ security levels. The current security level in our model can be dynamically changed when users read sensitive data, since users can access data with different security levels in private cloud. Our model use mandatory access control method to control user’s operation and can guarantee that users can not leak sensitive data after they read them. Our model can be proved secure by mathematical method, and we implemented a prototype system of our model and the experimental results show that it is secure.

Zhu Guiqiang,Huang Hao

DOI: https://doi.org/10.3969/j.issn.1000-386x.2013.04.003

2013-01-01

Abstract:Access control is the necessary means to realise multilevel information security.When defining and describing the information system,in this paper we divide its objects into static object and dynamic object.The static object is stored in the resource server for centralised management.Mails are used as the only carrier to transmit the dynamic object between subjects.The monitoring mechanism is deployed in both the mail client and the resource servers to implement access control.Function test shows that this system can control the subject visiting object and the communication between subjects simultaneously so as to protect the security of sensitive information and prevent the leakage and unauthorised access.

Tian Zhihong,Ye Jianwei,Wang Bailing,Liu Feng

DOI: https://doi.org/10.1109/itaic.2011.6030188

2011-01-01

Abstract:With rapid development of the Web system, security is becoming a most important part of computer science and technology. Security model introduced for Web resource as precise design guidance, which works during the entire design, coding, review process, evaluation and accreditation processes. There are several security models which focus on different aspects of security. This paper's intent is to introduce the most classical multilevel computer security model — Bell-LaPadula model(BLP) and some improvements that have been done well

ZHOU Huansheng,JIANG Jianhui

DOI: https://doi.org/10.3969/j.issn.0253-2778.2012.01.011

2012-01-01

Abstract:A multidimensional security index system was established by integrating information security measurements and allocation of information security levels.A quantitative level protection model based on security index was proposed.The security index of a system was evaluated by using a hierarchical method based on grading.The problem of security level allocation was Abstracted as a kind of linear programming problem.Compared to models using conventional methods,the proposed model is more quantifiable and operable.The application of the model was illustrated with an example of a real information system.

Junzhou Luo,Yang Liu

2001-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:As a result of the development of Internet and the popularity of E-Commerce, there is a growing demand for information security. On the basis of the technique of network information security and the analysis of policy, the paper puts forward a network security system model based on the technique of the deep defence (authentication and authorization system), the boundary defence (firewall system) and the security tunnel (VPN system). This system offers multi-level integration project of network security from host to network and from information deposit to information transmission.

Mang Su,Fenghua Li,Guozhen Shi,Li Li

2012-01-01

International Journal of Security and Its Applications

Abstract:The new computing modes, such as mobile computing, distributed computing, cloud computing and ubiquitous computing, etc., have brought about diversification and open features to the expression, exchange and access of computer network information. The multilevel security management is widely used in operation systems and information management systems. Focus on the multi-level security problem in various network environments, this paper defines the security identity, environment and temporal state of object, based on the ABAC (Action Based Access Control), and shows the security level, access scope and the demand of environment and temporal state of accessing subject, then proposes a multi-level security access control mechanism. Finally, an application example is given.

Na ZHOU,Guoyuan LIN,Zhengkui LI

DOI: https://doi.org/10.3969/j.issn.1671-1122.2015.12.004

2015-01-01

Abstract:For the problem of the integrity of information in cloud computing, this paper proposed a multi-level security model for a cloud-based platform. The system is divided into three layers by this model and takes the process of virtual machine as a basic layer. The virtual machines run on the same virtual machine monitor are middle layer. Finally, the virtual machine monitor is the top layer. Through comparing the safety in the bottom-up order, the access control method DIFC-B (Decentralized Information Control Flow Based on Biba and BLP)based on the information lfow control method of a distributed computing environment DIFC (Decentralized Information Flow Control) is proposed, which is raised for the security model. The method divides virtual machines and the processes in virtual machines into different security levels. Then according to the properties of Biba model and BLP model to verify the process between the access and to ensure the integrity and conifdentiality of information when the system is running. Finally, the multi-level security model based on cloud platform is analyzed with noninterference theory, which can show the usefulness of the model.

GU Qianjun,WANG Yue

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.22.057

2006-01-01

Abstract:Bell-LaPadula model(BLP) model is the most classical multilevel computer security model.Based on the research of BLP model,this paper analyzes the main defects in BLP model and different improving methods,puts forward a principle or “read the nearest and write the nearest”,improves the BLP model more effective security and integrity.

WANG Zhu,DAI Yi-qi

2012-01-01

Abstract:With the development of computer network,there come a lot of security threats.LAN is a basic unit of network functionality,and its security is very important and significant.A Multi-level Security Local Area Network System(MSLANS) based on BLP model is proposed,which with transparent computing system as the platform,conforms with the requirements of security infrastructure.By introducing the security policy server and dynamic monitoring switch into the system,and embedding modules into terminal computers to monitor the user's operations and login procedures,the secure LAN system could thus accomplish the centralized control and protection of the operations within the terminal computers.

Xian Wu,Peide Qian

2008-01-01

Abstract:In recent years, people, are paying more attention to the security of information system. With the research of secure operating system, many security models are proposed. This paper firstly introduces two widely-used security models in brief. The one is Bell-LaPadula model that is mainly used in military department for confidentiality purpose, the other is Clark-Wilson model that is mainly used in business department for integrity purpose. Using the idea of role concept in RBAC, we propose a multiple policy security model (MPSM) which supports both secrecy and integrity of information. We give the design of MPSM and discuss its policies of how to ensure secrecy and integrity. Then we implement MPSM as a security module of LSM in Linux. In this paper, we introduce the structure of MPSM and functions of its sub-modules. Finally, this paper addresses the evaluation of MPSM and other security models to show the usefulness of our work.

GUO Jian-dong,QIN Zhi-guang,ZHENG Min

DOI: https://doi.org/10.3969/j.issn.1001-0548.2008.02.035

2008-01-01

Abstract:In order to construct a secure architecture which possesses enough strictness and practicability using mechanisms of password, log auditing, and authority, a model of security for information system including interface logic, business logic, and abnormal activity detection is proposed in this paper. The working flows and functions of main components of the model are described. At the same time the abnormal activities in an information system are analyzed, and the working methods of abnormal activities detector, a practical format of log data, and the protecting method of log file are introduced as well.

Jia Zhao,Zhen Han,Changxiang Shen,Qiang Zhang

DOI: https://doi.org/10.1109/ICEMI.2007.4350677

2007-01-01

Abstract:Task-based information systems are special systems for task-based application with high secure requirements and explicitly secure goals. It has explicit application border, fixed process and roles and a lot of pre-experience knowledge. In order to develop the secure task-based information systems, secure models of the systems should be built firstly. A multi-layer secure policy model of the task-based information systems is proposed in the paper. According with the least privilege principle, we consider the properties of subject and object the requirement, secure policies and action environment together, introduce the confidentiality check engine and integrity check engine, and transit the authorization trusted of the subject to action trusted in the secure model. Its implementation provides a good reference for the design of the secure task-based information system as well.

GUO Jian-jun,ZHANG Jian,LIU Chang-ming

DOI: https://doi.org/10.3969/j.issn.1671-0428.2012.08.003

2012-01-01

Abstract:Aiming at centralized management of sensitive data,a centralized and encrypted storage solution is proposed.Security models of information system are researched.A centralized storage encryption system is designed.The security model is applied into the real system to guide the security and protection design in order to upgrade the system's safety and protection capability.

苏铓,李凤华,史国振,李莉

DOI: https://doi.org/10.3969/j.issn.1000-436x.2012.z1.029

2012-01-01

Abstract:In order to solve the problem caused by the variety and openness of the network,the research for the models of structured document and access control were taken.A new structured document representation model and method for the security requirements of the multi-element access control and multi-level security was proposed,and corresponding structure of security attribute and example of extensible markup language(XML) was given.Finally,analyzed the security performance.

Zhenwan Zou,Yingsa Hou,Huiting Yang,Bin Wang,Ruxia Yang

DOI: https://doi.org/10.1109/itaic49862.2020.9338955

2020-12-11

Abstract:Aiming at the current status and risks of industrial control system information security, a security protection system was proposed from the technical and management levels. At the technical level, it strengthen security protection by setting up firewall protection, isolating engineer stations, conducting system security tests, and deploying network monitoring. At the management level, it improves safety management through measures such as real-time maintenance and updating of existing management systems and safety technology standards. Finally, the feasibility of this protection system was proved by experiments, which has certain reference significance for the research on safety protection of industrial control systems.

陈建明,龚尧莞,王海峰

DOI: https://doi.org/10.3969/j.issn.1000-7180.2003.08.040

2003-01-01

Abstract:With the rapid development and wide application of information system,information security becomes one of the re-search hotspots.In this paper,a three-dimension model of in-formation system security,which is technology dimension,time dimension and management dimension,is proposed.This paper indicates the relationship between this three-dimension model and seven levels protocol of OSI/R.This model emphasizes that network security is important,the management is first in infor-mation system security,and human is key of security manage-ment.It is an important role to research information system se-curity.