J4 ›› 2012, Vol. 47 ›› Issue (11): 18-23.
• 电子技术与信息 • 上一篇 下一篇
李瑜,马朝斌
收稿日期:
出版日期:
发布日期:
作者简介:
LI Yu, MA Chao-bin
Received:
Online:
Published:
摘要:
为消除系统中作为超级用户的管理员权限,提出了一种高安全等级信息系统中的权限分离模型。将原有管理员分解为三个不同角色,形式化定义了权限的支撑关系和制约关系,给出了模型中的三权分立的权限制约算法、安全定理及安全性质,分析证明算法中不同角色的权限满足支撑及制约关系,保证了系统中最小特权原则的有效实施。
关键词: 权限分离;最小特权;安全模型;操作系统
Abstract:
The privileges of the superuser can cause a lot of malicious attacks. To solve the problem, the privilege separation model in high level information systems was proposed. The administrator in operating system was decomposed into three roles. The formal definition of support and constraints relationships of the permissions was obtained. Besides, the privilege separation algorithm and security theorems were proposed in the model. Through the formal analysis, it is proved that the privileges of different roles in the algorithm meet the support and constraints relationships. The model can ensure the implementation of principle of least privilege effectively.
Key words: privilege separation; least privilege; security model; operating system
李瑜,马朝斌. 高安全等级信息系统中的权限分离模型[J]. J4, 2012, 47(11): 18-23.
LI Yu, MA Chao-bin. Research on the privilege separation model of high level information systems[J]. J4, 2012, 47(11): 18-23.
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: http://lxbwk.njournal.sdu.edu.cn/CN/
http://lxbwk.njournal.sdu.edu.cn/CN/Y2012/V47/I11/18
Cited
