[1] Yu Guangcan, Li Ruixuan, Lu Zhengding, Mudar Sarem, et al. Multi-level access control model for tree-like hierarchical organizations [J]. Journal of Southeast University (English Edition), 2008, 24 (3): 393-396. [doi:10.3969/j.issn.1003-7985.2008.03.035]
Copy
Multi-level access control model for tree-like hierarchical organizations(
)
)Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]
- Volumn:
- 24
- Issue:
- 2008 3
- Page:
- 393-396
- Research Field:
- Computer Science and Engineering
- Publishing date:
- 2008-09-30
Info
- Title:
- Multi-level access control model for tree-like hierarchical organizations
- Author(s):
- Yu Guangcan; Li Ruixuan; Lu Zhengding; Mudar Sarem; Song Wei; Su Yonghong
- College of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China
- PACS:
- TP311
- DOI:
- 10.3969/j.issn.1003-7985.2008.03.035
- Abstract:
- An access control model is proposed based on the famous Bell-LaPadula(BLP)model.In the proposed model, hierarchical relationships among departments are built, a new concept named post is proposed, and assigning security tags to subjects and objects is greatly simplified.The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree, the more secret objects can be exchanged by the staff of the departments.The access control matrices of the department, post and staff are defined.By using the three access control matrices, a multi granularity and flexible discretionary access control policy is implemented.The outstanding merit of the BLP model is inherited, and the new model can guarantee that all the information flow is under control.Finally, our study shows that compared to the BLP model, the proposed model is more flexible.
References:
[1] Wang Yuanyuan, Cheng Jun, Zheng Yuelin.Design of organization administration model on workflow system [J].China Management Informationization, 2006, 9(12):5-7.(in Chinese)
[2] Bell D E, LaPadula L J.Secure computer systems:unified exposition and multics interpretation, ESD-TR-75-306[R].Bedford, MA, USA:The Mitre Corporation, 1976.
[3] Li Ruixuan, Zhao Zhanxi, Wang Zhigang, et al.A BLP model based on access history [J].Computer Science, 2006, 33(7):286-288.(in Chinese)
[4] Li Lan, He Yongzhong, Feng Dengguo.A fine-grained mandatory access control model for XML documents [J].Journal of Software, 2004, 15(10):1528-1537.(in Chinese)
[5] He Jianbo, Qing Sihan, Wang Chao.Analysis of two improved BLP models [J].Journal of Software, 2007, 18(6):1501-1509.(in Chinese)
[6] Verschuren J, Govaerts R, Vandewalle R.Realization of the Bell-LaPadula security policy in an OSI distributed system using asymmetric and symmetric cryptographic algorithms [C]//Proc of Computer Security Foundations Workshop.IEEE Computer Society Press, 1992:168-178.
[7] LaPadula L J.Foreword for republishing of the Bell-LaPadula model [J].Journal of Computer Security, 1996, 4(9):233-238.
[8] Focardi R, Martinelli F.A uniform approach for the definition of security properties [C]//Proc of World Congress on Formal Models.Springer, 1999, 1708:794-813.
[9] Liu Wenqing, Qing Sihan, Liu Haifeng.Design of a modified BLP security model and its application to secLinux [J].Journal of Software, 2004, 13(4):567-573.(in Chinese)
[10] Wang Guilin, Qing Sihan, Ni Xizhen, et al.The Bell-LaPadula formal model for secure computer systems [J].Computer Science, 2003, 12(7):89-92.(in Chinese)
Memo
- Memo:
-
Biographies: Yu Guangcan(1974—), male, graduate;Li Ruixuan(corresponding author), male, doctor, associate professor, rxli@hust.edu.cn.
Foundation items: The National Natural Science Foundation of China(No.60403027, 60773191, 70771043), the National High Technology Research and Development Program of China(863 Program)(No.2007AA01Z403).
Citation: Yu Guangcan, Li Ruixuan, Lu Zhengding, et al.Multi-level access control model for tree-like hierarchical organizations[J].Journal of Southeast University(English Edition), 2008, 24(3):393-396.