Distributed multilevel security core architecture based on noninterference theory

doi:10.3724/SP.J.1087.2013.00712

Journal of Computer Applications ›› 2013, Vol. 33 ›› Issue (03): 712-716.DOI: 10.3724/SP.J.1087.2013.00712

• Information security • Previous Articles Next Articles

Distributed multilevel security core architecture based on noninterference theory

SHAO Jing^1,2*, CHEN Xingyuan¹, DU Xuehui², CAO Lifeng²

1.The Third Institute, Information Engineering University, Zhengzhou Henan 450004, China;
2.The Fourth Institute, Information Engineering University, Zhengzhou Henan 450004, China

Received:2012-09-21 Revised:2012-10-21 Online:2013-03-01 Published:2013-03-01
Supported by:
973 Program;Henan Science and Technology Innovation Talents Scheme

基于无干扰理论的分布式多级安全核心架构

邵婧^1,2*,陈性元¹,杜学绘²,曹利峰²

1.信息工程大学三院, 郑州 450004;
2.信息工程大学四院, 郑州 450004

通讯作者: 邵婧
作者简介:邵婧(1986-),女,江西贵溪人,博士研究生,主要研究方向:多级安全; 陈性元(1963-),男,安徽无为人,教授,博士生导师,博士,主要研究方向:多级安全、分布式操作系统; 杜学绘(1968-),女,河南新乡人,教授,博士,主要研究方向:多级安全、算法分析; 曹利峰(1981-),男,河南禹州人,讲师,博士研究生,主要研究方向:多级安全。
基金资助:
国家973计划项目(2011CB311801); 国家863计划项目(2012AA012704); 河南省科技创新人才计划项目(114200510001)。

Abstract

Abstract: To improve the correctness and feasibility of the implementation of multilevel security in the distributed environment, a distributed multilevel security core architecture — Distributed Trusted Computing Base (DTCB) was proposed. DTCB was divided into three layers, TCB of System layer, TCB of Module layer and TCB of Partition layer, finer multilevel control granularity was realized step by step, greatly reducing the complexity of the implementation of multilevel security in the distributed environment. At last, based on the composable noninterference model, the security of DTCB was formally proved. The result shows that DTCB assures the multilevel security of distributed system as a whole.

Key words: multilevel security, noninterference, Trusted Computing Base (TCB), distributed system, architecture

摘要： 为了提高分布式环境下多级安全实施的正确性和可行性,提出了一个分布式多级安全保护核心架构——分布式可信计算基(DTCB)。DTCB具有三层结构,包括系统层可信计算基、模块层可信计算基和分区层可信计算基,实现了从模块间、分区间到分区内部的逐步细化的信息流和访问控制,有效降低了分布式环境下多级安全实施的复杂性。最后,采用组合无干扰模型形式化证明了DTCB的安全性,结果表明,DTCB能够从整体上为分布式系统提供较好的多级安全保护。

关键词: 多级安全, 无干扰, 可信计算基, 分布式系统, 架构

CLC Number:

TP393.08

SHAO Jing CHEN Xingyuan DU Xuehui CAO Lifeng. Distributed multilevel security core architecture based on noninterference theory[J]. Journal of Computer Applications, 2013, 33(03): 712-716.

邵婧陈性元杜学绘曹利峰. 基于无干扰理论的分布式多级安全核心架构[J]. 计算机应用, 2013, 33(03): 712-716.

References

[1]SAYDJARI O S. Multilevel security: reprise[J]. Security & Privacy, 2004,2(5): 64-67.
[2]RUSHBY J. From DSS to MILS[M]. Berlin:Springer-Verlag, 2011: 53-57.
[3]BOETTCHER C, DELONG R, RUSHBY J, et al. The MILS component integration approach to secure information sharing[C]// Proceedings of the 27th IEEE/AIAA Digital Avionics Systems Conference. Piscataway, NJ: IEEE Press, 2008: 1-12.
[4]National computer security center. NCSC-TG-005, Trusted network interpretation[S]. USA: Department of Defence, 1987.
[5]LU W P, SUNDARESHAN M K. A model for multilevel security in computer networks[J]. IEEE Transactions on Software Engineering, 1990, 16(6): 647-659.
[6]VNADHARAJM V. A multilevel security policy model for networks[C]// INFOCOM '90. Proceedings of the Ninth Annual Joint Conference of the IEEE Computer and Communication Societies. Washington, DC: IEEE Computer Society, 1990: 710-718.
[7]LEVIN T E, IRVINE C E, WEISSMAN C, et al. Analysis of three multilevel security architectures[C]// Proceedings of 2007 ACM Workshop on Computer Security Architecture. New York: ACM Press, 2007: 610-619.
[8]FOSS J A, HARRISON W S, OMAN P, et al. The MILS architecture for high-assurance embedded systems[J]. International Journal of Embedded Systems, 2006, 2(3): 239-247.
[9]LEVIN T E, IRVINE C E, NGUYEN T D. Least privilege in separation kernels[C]// Proceedings of the IEEE International Conference on Security and Cryptography. Piscataway, NJ: IEEE Press, 2006: 355-362.
[10]LUO J, KANG M. Infrastructure for multi-level secure service-oriented architecture (MLS-SOA)[C]// Proceedings of 2010 Military Communications Conference. Piscataway, NJ: IEEE Press, 2010: 475-481.
[11]NGUYEN T D, GONDREE M A, SHIFFLETT D J, et al. A cloud-oriented cross-domain security architecture[C]// Proceedings of 2010 Military Communications Conference. Piscataway, NJ: IEEE Press, 2010: 441-447.
[12]GOGUEN J A, MESEGUER J. Security policies and security models[C]// IEEE Symposium on Security and Privacy. Washington, DC: IEEE Computer Society, 1982: 11-20.
[13]SHI Q, ZHANG N. An effective model for composition of secure systems[J]. The Journal of Systems and Software, 1998, 43(3): 233-244.
[14]RUSHBY J. Partitioning for avionics architectures: Requirements, mechanisms, and assurance, CR-1999-209347 [R]. Menlo Park CA : SRI International, 1999.
[15]CHENG P, ROHATGI P, KESER C, et al. Fuzzy multi-level security: an experiment on quantified risk-adaptive access control[C]// Proceedings of 2007 IEEE Symposium on Security and Privacy. Piscataway, NJ: IEEE Press, 2007: 222-230.

Distributed multilevel security core architecture based on noninterference theory

基于无干扰理论的分布式多级安全核心架构

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

[1]	ZHANG Xiaofei, YANG Yang, HUANG Jiajin, ZHONG Ning. Degree centrality based method for cognitive feature selection [J]. Journal of Computer Applications, 2021, 41(9): 2767-2772.
[2]	ZHANG Ling, KUANG Jishun. Multiple ring scan chains using the same test pin in round robin manner [J]. Journal of Computer Applications, 2021, 41(7): 2156-2160.
[3]	XIE Wenbo, WEI Yongzhuang, LIU Zhenghong. Parallel implementation and analysis of SKINNY encryption algorithm using CUDA [J]. Journal of Computer Applications, 2021, 41(4): 1136-1141.
[4]	HU Lihua, ZUO Weijian, NIE Yaoyao. Feature matching method based on weighted similarity measurement [J]. Journal of Computer Applications, 2021, 41(2): 511-516.
[5]	YANG Xianfeng, GUI Hongjun, FU Chunchang. F-X domain predictive filtering parallel algorithm based on compute unified device architecture [J]. Journal of Computer Applications, 2021, 41(2): 486-491.
[6]	FU Kui, LIANG Shaoqing, LI Bing. Commodity recommendation model based on improved deep Q network structure [J]. Journal of Computer Applications, 2020, 40(9): 2613-2621.
[7]	SHI Jiaqi, TAN Li, TANG Xiaojiang, LIAN Xiaofeng, WANG Haoyu. Wireless sensor network deployment algorithm based on basic architecture [J]. Journal of Computer Applications, 2020, 40(7): 2033-2037.
[8]	XU Jinrong, GUO Caiping, TONG Endong. Time-aware QoS prediction for SOA-based remote sensing image processing platform [J]. Journal of Computer Applications, 2020, 40(6): 1714-1721.
[9]	WU Zhijun, WANG Hang. System wide information management emergency response mechanism based on subscribe/publish service [J]. Journal of Computer Applications, 2020, 40(5): 1340-1347.
[10]	SHAO Jianwei, LIU Qiqun, WANG Huanqiang, CHEN Yaowang, YU Dongjin, SALAMAT Boranbaev. Microservice identification method based on class dependencies under resource constraints [J]. Journal of Computer Applications, 2020, 40(12): 3604-3611.
[11]	LIU Ran, LIU Yu, GU Jinguang. Improved AdaNet based on adaptive learning rate optimization [J]. Journal of Computer Applications, 2020, 40(10): 2804-2810.
[12]	MEI Guang, ZOU Henghua, ZHANG Tian, XU Weisheng. SOA based education informatization driven by master data management [J]. Journal of Computer Applications, 2019, 39(9): 2675-2682.
[13]	WAN Yuan, ZHANG Jinghui, WU Kefeng, MENG Xiaojing. Image classification based on multi-layer non-negativity and locality Laplacian sparse coding [J]. Journal of Computer Applications, 2018, 38(9): 2489-2494.
[14]	ZHANG Zhen, FU Yinjin, HU Guyu. Bloom filter-based wear-leveling scheme for novel hybrid memory architecture [J]. Journal of Computer Applications, 2018, 38(8): 2230-2235.
[15]	ZHOU Yue, CHEN Qingkui. Load balancing mechanism for large-scale data access system [J]. Journal of Computer Applications, 2018, 38(1): 50-55.