We characterized the security issues in asp - based networked manufacturing system , especially the issue of the user access control . then the typical methods of access control were introduced , which include discretionary access control ( dac ) , mandatory access control ( mac ) , role - based access control ( rbac ) , task - based access control ( tbac ) , coalition - based access control ( cbac ) and relationship - driven access control ( rdac ) and so on . based on that , we provided an integrated user access control model , which was composed of rbac , tbac , rdac and cbac 本章描述了asp和网络化制造系统的安全性问题,尤其是用户访问控制的问题;接着介绍了几种浙江大学博士学位论文典型的访问控制方法,包括强制访问控制、任意访问控制、基于角色的访问控制、基于任务的访问控制,以及基于公司关系的访问控制、基于企业联盟的访问控制等;在前面描述的典型访问控制模型基础上,给出了一个网络化制造系统的综合访问控制模型,包括网络化制造系统的用户和资源层次关系图、访问控制参考模型和访问控制过程模型,并定义了各个模型中的相关元素和关系,给出了各级约束验证和授权的表达;最后我们给出了以xacml为基础的网络化制造系统的访问控制描述语言。
To sum up , there are several innovative researches in this paper as follows : 1 . this paper researches on the standard of security operating system . with the features of the embedded system such as resource limit , security safeguard functions of embedded operating sysmtem are defined in terms of b1 level 文中着重对以下几个方面进行探索和创新: 1 ) 、研究安全操作系统的安全标准并结合嵌入式系统资源有限等特征,界定了b1级安全嵌入式操作系统应提供的安全保障功能; 2 ) 、研究了嵌入式网络安全的重要性及其保护措施,识别出了嵌入式操作系统层面最后一道网络安全门槛,在socket层实现了强制访问控制。
In this paper , measures to ensure database safety and research about encrypted database are presented firstly . then , cryptography used in encrypted database system is discussed ; the qualification of encrypted database is presented ; advantages and disadvantages of two kinds of architecture and scheme are analysed ; encryption granularity , key management , ciphertext index , mandatory access control , encryption dictionary and integrity restriction are studied ; methods to realize encrypted database based on oracle8i are studied . at last , the transformation from ws9 cat database to encrypted database is realized and a wizard is coded to help people design encrypted database 本文首先介绍了数据库安全防护及密文数据库研究现状;然后阐述了密码学在密文数据库系统中的应用;提出了密文数据库设计要求;分析了两种结构体系和开发方式的优缺点;在详细研究了加密粒度、密钥管理、密文索引、强制访问控制、加密字典、完整性约束等技术的基础上,研究了基于oracle8i的密文数据库实现方法;实现ws9cat数据库向密文数据库的转化;设计了密文数据库开发向导。
An improved method called isandhu method is presented . based on this method , the mistakes of the original method are revised ; the support to the notation of trusted subjec t is provided and the scope of enforcement objects is extended to meet the practical requirements . as results , the exact enforcement of mandatory access control in rbac is guaranteed and the theoretical foundation for adopting mac in a large amount of commercial systems with small cost is offered 为此,提出了一种改进的方法? ? isandhu方法,修正了原有方法的错误,提供了对可信主体概念的支持,面向实际应用扩展了其实施范围,保证了强制访问控制策略在rbac中的正确实施,为在大量商业系统中以较小的代价引入强制访问控制提供了理论基础。
Several approaches are provided to construct secure operating systems . the paper mainly discusses diverse security policies in operating systems . by the gfac framework , we implement several security policies in linux kernel version 2 . 2 . 14 , including hru model based fine grain discretionary access control , multi - level security policy based mandatory access control and biba model based integrity access control 文章重点研究了如何在操作系统中实现多种安全策略,并在linux内核版本2 . 2 . 14中根据访问控制通用框架( gfac )方法,实现了基于hru模型的细粒度自主访问控制、基于bell - lapadula模型多级安全规则的强制访问控制以及基于biba模型的强制访问控制等多种安全策略,从而有效地增强了操作系统中信息的保密性和完整性。
Based on the analysis of current access control model , in chapter 3 the realization of mandatory access control in role - based protection system is discussed . at first , the definition of role and the application in security are discussed . then the concept of mac is introduced and a scheme of role - based protection is developed , which realizes mac by viewing each of the role contexts as a independent security - level and imposing non - cyclic information flow requirement 分析了目前已有的访问控制模型,提出了一个扩展rbac的安全约束实现强制访问控制的方法,其特点是利用信息流分析原理,把每个角色上下文看成一个安全标示,并确保信息流(由角色执行或用户? ?角色授权)是非循环的,通过给出的相关约束实现了B L P模型的有关规则。
So the souece code of postgresql - a kind of free software dbms and its security capability are analyzed firstly , and then based on the carefully analyzing of tcsec & tdi ' s requirements and present mls dbms ' s architecture , technical scheme to retrofit postgresql to a b1 - level mls dbms is given , which including security subsystem and audit subsystem . then some revellent machanism and policy about security label and mac are discueesd 本文分析可信任计算机系统评价准则和可信数据库系统解释的具体要求,对linux环境下的免费数据库系统postgresql的源代码和各种功能进行了初步分析,确定了基于postgresql的b1级安全数据库系统的技术选择及系统结构,提出了安全子系统、审计子系统的总体设计方案,并对设计方案中的安全标示和强制访问控制的相关机制和处理策略进行了分析及论述。
