[1] Yu Guangcan, Li Ruixuan, Lu Zhengding, Mudar Sarem, et al. Multi-level access control model for tree-like hierarchical organizations [J]. Journal of Southeast University (English Edition), 2008, 24 (3): 393-396. [doi:10.3969/j.issn.1003-7985.2008.03.035]

Copy

Multi-level access control model for tree-like hierarchical organizations()

树形层次化组织机构中的分级访问控制模型

Share：

Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]

Volumn:

24

Issue:

2008 3

Page:

393-396

Research Field:

Computer Science and Engineering

Publishing date:

2008-09-30

Info

Title:

Multi-level access control model for tree-like hierarchical organizations

树形层次化组织机构中的分级访问控制模型

Author(s):

Yu Guangcan;  Li Ruixuan;  Lu Zhengding;  Mudar Sarem;  Song Wei;  Su Yonghong

College of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China

於光灿;  李瑞轩;  卢正鼎;  Mudar Sarem;  宋伟;  苏永红

华中科技大学计算机科学与技术学院, 武汉 430074

Keywords:

multi-level access control;  hierarchical organization;  multiple security tags

分级访问控制;  层次化组织机构;  多安全标签

PACS:

TP311

DOI:

10.3969/j.issn.1003-7985.2008.03.035

Abstract:

An access control model is proposed based on the famous Bell-LaPadula(BLP)model.In the proposed model, hierarchical relationships among departments are built, a new concept named post is proposed, and assigning security tags to subjects and objects is greatly simplified.The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree, the more secret objects can be exchanged by the staff of the departments.The access control matrices of the department, post and staff are defined.By using the three access control matrices, a multi granularity and flexible discretionary access control policy is implemented.The outstanding merit of the BLP model is inherited, and the new model can guarantee that all the information flow is under control.Finally, our study shows that compared to the BLP model, the proposed model is more flexible.

在BLP模型基础上提出一个新的分级访问控制模型, 模型中建立部门之间的层次关系, 提出岗位这一新的概念, 简化了安全标记指派这一烦琐工作.通过为岗位指派多个安全标记, 实现上下级及平级部门之间的互相沟通, 在树形层次中靠得越近的部门, 其职员之间可交流的客体密级越高.定义3个层次的访问矩阵, 实现多种粒度的灵活的自主访问控制.模型在增加灵活性和实用性的同时保证信息的流动始终处于系统的控制之下, 继承了BLP模型最突出的优点, 并通过形式化证明的方式对模型进行了验证.

References:

[1] Wang Yuanyuan, Cheng Jun, Zheng Yuelin.Design of organization administration model on workflow system [J].China Management Informationization, 2006, 9(12):5-7.(in Chinese)
[2] Bell D E, LaPadula L J.Secure computer systems:unified exposition and multics interpretation, ESD-TR-75-306[R].Bedford, MA, USA:The Mitre Corporation, 1976.
[3] Li Ruixuan, Zhao Zhanxi, Wang Zhigang, et al.A BLP model based on access history [J].Computer Science, 2006, 33(7):286-288.(in Chinese)
[4] Li Lan, He Yongzhong, Feng Dengguo.A fine-grained mandatory access control model for XML documents [J].Journal of Software, 2004, 15(10):1528-1537.(in Chinese)
[5] He Jianbo, Qing Sihan, Wang Chao.Analysis of two improved BLP models [J].Journal of Software, 2007, 18(6):1501-1509.(in Chinese)
[6] Verschuren J, Govaerts R, Vandewalle R.Realization of the Bell-LaPadula security policy in an OSI distributed system using asymmetric and symmetric cryptographic algorithms [C]//Proc of Computer Security Foundations Workshop.IEEE Computer Society Press, 1992:168-178.
[7] LaPadula L J.Foreword for republishing of the Bell-LaPadula model [J].Journal of Computer Security, 1996, 4(9):233-238.
[8] Focardi R, Martinelli F.A uniform approach for the definition of security properties [C]//Proc of World Congress on Formal Models.Springer, 1999, 1708:794-813.
[9] Liu Wenqing, Qing Sihan, Liu Haifeng.Design of a modified BLP security model and its application to secLinux [J].Journal of Software, 2004, 13(4):567-573.(in Chinese)
[10] Wang Guilin, Qing Sihan, Ni Xizhen, et al.The Bell-LaPadula formal model for secure computer systems [J].Computer Science, 2003, 12(7):89-92.(in Chinese)

Memo

Memo:

Biographies: Yu Guangcan(1974—), male, graduate;Li Ruixuan(corresponding author), male, doctor, associate professor, rxli@hust.edu.cn.
Foundation items: The National Natural Science Foundation of China(No.60403027, 60773191, 70771043), the National High Technology Research and Development Program of China(863 Program)(No.2007AA01Z403).
Citation: Yu Guangcan, Li Ruixuan, Lu Zhengding, et al.Multi-level access control model for tree-like hierarchical organizations[J].Journal of Southeast University(English Edition), 2008, 24(3):393-396.

Common functions