Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/19033
標題: 一個新的強制式保護模型及其多例消除機構
A New Mandatory Protection Model and Its Polyinstantiation Elimination Scheme
作者: 張錦周 
Chang, Jin-Chou 
關鍵字: secrecy;祕密性;integrity;mandatory access control;discretionary access control;polyinstantiation;signaling channel;完整性;強制式存取控制;隨意式存取控制;多例;信號通知通道
出版社: 資訊科學學系
摘要: 
本研究中,我們將Bell LaPadula模型的祕密性限制條件與Biba模型
的完整性限制條件整合,並應用階層式存取控制密碼技術,提出一個新的
強制式存取控制模型。此模型滿足下列需求 1.避免限制一個主體只能讀
取同等級的受體。2.避免因更新或新增資料而過度提昇資料的安全等級
。3.使批次作業成為可能。此外,我們以這個模型為基礎,研究多層級關
連中的多例問題,並提出一個新的架構,以完全除去多層級關連中的多例
現象。由於這個架構是將一個多層級關連分解為多個基礎關連,並利用個
體識別碼做為這些基礎關連間連結的橋樑,所以它除了解決隱藏故事之安
全問題外,並可避免資料更新擴散與將"限制值"改回"非限制值"的需要。

In this study, we integrate the secrecy constraints of the
Bell LaPadula model with the integrity constraints of the Biba
model, andadopt the cryptographic technology of access control
in a hierarchy to derive a new mandatory access control model.
This model satisfiesthe following requirements: 1. avoid
limiting a subject only to be able to read an object with the
same access class. 2. avoid overly upgrading the security level
of data due to data update or insertion.3. make batch operations
possible. Furthermore, under this model, weinvestigate the
polyinstantiation problem and propose a new scheme tocompletely
eliminate polyinstantiation in a multilevel relation. Thisscheme
decomposes a multilevel relation into several base relations and
makes use of object identifier as a link between base relations.
It not only resolves cover story problem but also avoids the
need ofmodifying "restricted" values to "unrestricted" values
when all dataat higher access classes have to be updated to
null.
URI: http://hdl.handle.net/11455/19033
Appears in Collections:資訊科學與工程學系所

Show full item record
 

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.