摘要： BLP模型存在完整性保护缺失、可信主体定义不明确和未考虑平台环境因素等问题。为此，提出一种基于可信等级的BLP改进模型TL-BLP。该模型引入主客体和平台的可信等级，并对BLP模型安全特性、主客体的敏感标记和状态转移规则进行改进，从而实现可信度的动态度量，保证访问操作平台的安全性，通过对BLP模型“下读上写”的限制，保证信息的完整性。分析结果表明，TL-BLP在保证信息机密性的基础上，能提高系统的完整性和可用性，实现基于可信度的访问控制。

关键词: BLP模型, 多级安全, 可信平台, 可信等级, 访问控制

Abstract: There are some problems in Bell-La Padula(BLP) model, including the loss of integrity protection, the indetermination of trusted subject and the neglect of the environment factors of the platform, so this paper proposes an improved BLP model based on trusted level, which is named TL-BLP. In TL-BLP, security property, sensitive label of subject and object, and state transfer rules are improved by introducing the trusted level of subject, object and platform. It realizes the dynamic measurement of trusted degree and ensures access platform security, and protects the information integrity by the restriction to “read down and write up”. Analysis shows that the model not only can ensure the confidentiality, but also can enhance the integrity and availability of the system effectively, and it implements the access control based on trusted degree.

Key words: Bell-La Padula(BLP) model, multi-level security, trusted platform, trusted level, access control

中图分类号: 

• TP309.2