计算机应用 ›› 2013, Vol. 33 ›› Issue (03): 717-719.DOI: 10.3724/SP.J.1087.2013.00717

• 信息安全 • 上一篇    下一篇

跨域引用监视器及其以数据为中心的多级安全模型

李洪敏1*,万平国2,葛杨3   

  1. 1.中国工程物理研究院 总体工程研究所,四川 绵阳 621900;
    2.国际信息战略研究中心,北京 100094;
    3.军工保密资格认证中心,北京 100094
  • 收稿日期:2012-09-25 修回日期:2012-10-22 出版日期:2013-03-01 发布日期:2013-03-01
  • 通讯作者: 李洪敏
  • 作者简介:李洪敏(1968-),女,四川绵阳人,副研究员,CCF会员,主要研究方向:网络与信息安全; 万平国(1964-),男,北京人,研究员,主要研究方向:网络与信息安全; 葛杨(1957-),男,北京人,研究员,主要研究方向:信息安全、安全检测。
  • 基金资助:

    基于典型工作流跨域交换技术研究

Cross domain reference monitor and its data-centered multilevel security model

LI Hongmin1*, WAN Pingguo2, GE Yang3   

  1. 1.Institute of System Engineering, China Academy of Engineering Physics, Mianyang Sichuan 621900, China;
    2.Center of International Information Strategy Studies, Beijing 100094, China;
    3.Center of Defense and Industrial Security Clearance Accreditation, Beijing 100094, China
  • Received:2012-09-25 Revised:2012-10-22 Online:2013-03-01 Published:2013-03-01

摘要: 为基于不可信计算机系统来构建一个可信的多级安全(MLS)大系统,提出一种新型的跨域引用监视器及其多级安全模型。该跨域引用监视器采用现有的商业现货(COTS)产品,使用一个或多个独立的计算机,在两个或多个不同的网络之间,通过满足EAL7的单向传输硬件装置来连接。基于该跨域监视器实现了以数据为中心的多级安全模型。该模型允许信息从低密级网络流向高密级网络,也允许高密级网络把低密级数据发布给低密级网络,禁止高密级网络的高密级信息和无密级标记信息流向低密级网络,并已在分级保护的网络系统中成功应用。通过安全模型和安全策略的形式化描述和证明表明,基于该安全模型构建可信MLS大系统是可行的。

关键词: 多级安全, 引用监视器, 安全模型, 跨域, 分级保护

Abstract: A new cross domain reference monitor and Multi-Level Security (MLS) model were proposed for a trusted MLS system. The model was based on Commercial Off-The-Shelf (COTS) products like commercial computers and security compliant hardware devices. System high networks were properly connected with reference validation computer by trusted one-way transfer devices (EAL7) for data-centric MLS model. The model allowed information to flow from low domain to high domain, and allowed sanitization data with low label to flow from high domain to low domain, but data without low label were prohibited to flow from high domain to low domain. The model was applied to the information system of classification protection. Formal verification of security model and policy demonstrates it is feasible for a MLS system with COTS products and trusted hardware devices.

Key words: Multi Level Security (MLS), reference monitor, security model, cross domain, cascade protection

中图分类号: