中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
《结构化保护级》安全操作系统若干关键技术的研究
作者: 刘文清
答辩日期: 2002
专业: 计算机应用技术
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 安全操作系统 ; 结构化保护级 ; 保护框架 ; 安全目标 ; 安全模型 ; 网络安全
其他题名: Research on Some Key Technologies of Structured Protection Level Secure Operating System Development
摘要: 该文围绕着一个符合GB17859第四级《结构化保护级》安全操作系统的设计开发,从理论和实践两个方面研究了高安全等级操作系统研制所涉及的一些关键技术问题.论文取得了以下六个方面的主要成果:第一,首次结合GB17859和GB/T18336,提出了一个符合GB17859《结构化保护级》安全操作系统的保护框架(SPLPP),为系统的开发和将来的评测奠定了基础,第二,对应于安全保护框架SPLPP,首次按照GB/T18336要求,对一个安全功能符合GB17859《结构化保护级》相应要求的安全操作系统进行了详细的安全目标(ST)设计.第三,在深入研究多级安全模型、完整性模型、基于角色的授权模型等基础上,首先提出了一个修改BLP模型(MBLP)的方案,并在一个自主开发的安全操作系统中得到了应用;然后通过将BLP模型、Clark-Wilson模型、DTE模型、RBAC模型有机地集成应用,提升出一个支持机密性、完整性和授权等多安全策略的,可实现动态授权的访问控制模型(DAACM).第四,借助一种受限的句法语言,研究了对系统顶层功能进行半形式化规范的方法和过程,而顶层功能规范则为系统验证、隐蔽通道分析等后继工作奠定了基础.第五,通过研究当前国际上安全操作系统设计新技术——Flask体系结构并采用其先进设计思想,确立了适合《结构化保护级》安全操作系统实现的安全体系结构.第六,对高等级安全操作系统设计的其它几个关键问题,包括隐蔽通道分析处理、可信路径等做了有益的探索,给出了其在系统中实现的大致方案.
英文摘要: With the practical development of a secure operating system in accordance with the requirements of the fourth level, i.e. Structured Protection Level, of GB 17859, some key technologies of high level secure operating system are conducted both theoretically and practically in this thesis. As a result, six principal achievements have been obtained. First, with the integration of GB 17859 and GB/T18336 at the first time, a Structured Protection Level Protection Profile (SPLPP) is presented systematically in accordance with the Structured Protection Level of GB17859, which lays the ground for the development and evaluation of the system in future, and can be registered in the authorities for inspection, evaluation and verification of the security products. Second, corresponding to SPLPP and according to the requirements of GB/T18336, a security target (ST) design of a secure operating system which is conformant to the security function of the Structured Protection Level of GB17859 is constructed and presented in detail. This security target is a summary specification of the system and the base for the top level function specification. Third, based on the thorough research of the multilevel security models, integrity models and Role-Based Access Control Models (RBAC), a modified BLP model (MBLP) is designed and applied in a secure operating system developed independently. Then, a well-integrated model of BLP model, Clark-Wilson model, DTE model and RBAC models is proposed, leading to a prominent Dynamic Authorization Access Control Model (DAACM), which supports diverse security policies, including confidentiality, integrity and authorization. DAACM is conformant to the requirements of the secure operating system design of Structured Protection Level, and will be used to the practical system design. Forth, depending on a limited syntax language, a research on the method and process of the semi-formal specification of the top level function is developed. This top level specification paves the way for the system verification and the covert channel analysis. Fifth, assimilating the new idea of system design technology named Flask Security Architecture, we construct a security architecture which meets the requirements of Structured Protection Level, and shows its advantages in separating the security policy decision from the security policy enforcement and in system modularization. Sixth, we introduce some helpful investigations about some key technologies of high level secure operating system design, such as covert channel analysis and trusted path, and describe their coarse-gained implementation in the real system. To sum up, this thesis discusses many helpful technologies, and achieves some experiences for the implementation of Structured Protection Level Secure Operating System and the principal achievements of this thesis establish a firm foundation for the research and design of the high level secure operating system.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/5632
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW011197.pdf(2077KB)----限制开放-- 联系获取全文

Recommended Citation:
刘文清. 《结构化保护级》安全操作系统若干关键技术的研究[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2002-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[刘文清]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[刘文清]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace