J4 ›› 2012, Vol. 47 ›› Issue (11): 18-23.
• Articles • Previous Articles Next Articles
LI Yu, MA Chao-bin
Received:
Online:
Published:
Abstract:
The privileges of the superuser can cause a lot of malicious attacks. To solve the problem, the privilege separation model in high level information systems was proposed. The administrator in operating system was decomposed into three roles. The formal definition of support and constraints relationships of the permissions was obtained. Besides, the privilege separation algorithm and security theorems were proposed in the model. Through the formal analysis, it is proved that the privileges of different roles in the algorithm meet the support and constraints relationships. The model can ensure the implementation of principle of least privilege effectively.
Key words: privilege separation; least privilege; security model; operating system
LI Yu, MA Chao-bin. Research on the privilege separation model of high level information systems[J].J4, 2012, 47(11): 18-23.
0 / / Recommend
Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks
URL: http://lxbwk.njournal.sdu.edu.cn/EN/
http://lxbwk.njournal.sdu.edu.cn/EN/Y2012/V47/I11/18
Cited
