摘要: 对访问控制的评测是信息系统和产品安全评估中的一项重要内容。该文从安全标准中对访问控制的需求出发,研究了访问控制的自动测试方法,扩展了GFAC测试接口,并且使用该方法实现了在Linux+RSBAC的环境下对自主访问控制的自动测试。
关键词:
自主访问控制,
通用访问控制框架,
自动测试,
通用准则
Abstract: Test and validation of access control is a crucial part of the security evaluation of the system. A testing approach by extending GFAC is proposed, automatically to test the access control service according to requirements of security evaluation based on common criteria. The implementation of testing on Linux+RSBAC demonstrates the approach available.
Key words:
Discretionary access control,
Generalized framework for access control,
Automation test,
Common criteria(CC)
丁洪达;曾庆凯;包必显;. 访问控制的验证测试方法研究[J]. 计算机工程, 2007, 33(01): 161-163.
DING Hongda; ZENG Qingkai; BAO Bixian;. Study of Test Approach on Access Control[J]. Computer Engineering, 2007, 33(01): 161-163.