A Conspire-accesses Risk Control Model  Based on Information Flow Graph

doi:10.3969/j.issn.1000-3428.2013.08.037

Computer Engineering ›› 2013, Vol. 39 ›› Issue (8): 173-176. doi: 10.3969/j.issn.1000-3428.2013.08.037

• Networks and Communications • Previous Articles Next Articles

A Conspire-accesses Risk Control Model Based on Information Flow Graph

WANG Chao ^1a,2, CHEN Xing-yuan^1b

(1a. The 4th Institute; 1b. The 3rd Institute, PLA Information Engineering University, Zhengzhou 450004, China; 2. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450004, China)

Received:2012-02-10 Online:2013-08-15 Published:2013-08-13

一种基于信息流图的共谋访问风险控制模型

王超1a,2，陈性元1b

(1. 解放军信息工程大学 a. 四院；b. 三院，郑州 450004；2. 数学工程与先进计算国家重点实验室，郑州 450004)

作者简介:王超(1975－)，男，讲师，主研方向：信息安全；陈性元，教授、博士生导师
基金资助:
国家“973”计划基金资助项目(2011CB311801)；河南省科技创新人才计划基金资助项目(114200510001)

Abstract

Abstract: To solve the problem of nonlicet indirectly access in the information system, this paper proposes a conspire-accesses risk control model based on information flow graph. It forms an information flow graph through recording history accesses, and defines the conspire-accesses. It defines the access control model based on states machine, to prevent the conspire-accesses by security theorems and rules, and proves the security of the rules. It analyses and verifies the model’s validity based on information entropy theory, and the result proves that the model can prevent conspire-accesses.

Key words: information flow, information flow graph, conspire-accesses, risk control model, access control model, security entropy

摘要： 为解决信息系统中的非授权间接访问问题，提出一种基于信息流图的共谋访问风险控制模型。通过记录系统的历史访问行为构建信息流图，在此基础上定义共谋访问行为，同时基于状态机定义访问控制模型，利用安全性定理和规则防止共谋访问的发生，并对规则做安全性证明。根据信息熵理论对模型的有效性进行分析和验证，结果证明该模型可有效防止共谋访问的发生。

关键词: 信息流, 信息流图, 共谋访问, 风险控制模型, 访问控制模型, 安全熵

CLC Number:

TP309.2

WANG Chao, CHEN Xing-Yuan. A Conspire-accesses Risk Control Model Based on Information Flow Graph[J]. Computer Engineering, 2013, 39(8): 173-176.

王超, 陈性元. 一种基于信息流图的共谋访问风险控制模型[J]. 计算机工程, 2013, 39(8): 173-176.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.3969/j.issn.1000-3428.2013.08.037

http://www.ecice06.com/EN/Y2013/V39/I8/173

[1]	XIE Na, TAN Wenan, CAO Yan, ZHAO Lu. Modeling and Analysis of Security Information Flow in Mobile Edge Computing [J]. Computer Engineering, 2022, 48(5): 35-42,52.
[2]	DU Yuanzhi,DU Xuehui,YANG Zhi. Attribute-based Encryption Information Flow Control and Implementation in Cloud Computing Environment [J]. Computer Engineering, 2018, 44(3): 27-36.
[3]	XIONG Shixun,FAN Tongrang. A Time-varying Trusted Central Node Selection Strategy in Community Network [J]. Computer Engineering, 2016, 42(5): 146-150.
[4]	XU Peijuan,ZHENG Jing,XU Maojing. Multi-level Security Database Model Based on Roles [J]. Computer Engineering, 2015, 41(1): 135-138.
[5]	WU Qian, ZHOU Qiang. Workflow Security Access Model Based on Dynamic Control Mechanism [J]. Computer Engineering, 2012, 38(9): 151-152,173.
[6]	WANG Cong-Cong, JU Shi-Guang, SONG Xiang-Mei. Analysis and Improvement of Covert Flow Tree Method [J]. Computer Engineering, 2012, 38(08): 114-116.
[7]	SHI Lei, CA Guo-Yong, DUO Xin. Research on Information Flow Control in Electronic Institution [J]. Computer Engineering, 2011, 37(2): 120-122.
[8]	GE Rong-Wan, JIAN Dun-Pan, DIAO Ling-Zhong. Study of Information Confidentiality in C Program Based on Abstract Interpretation [J]. Computer Engineering, 2010, 36(24): 48-50.
[9]	HU Fang-Wan, GUO Yin-Zhang. Collaborative Design Dynamic Access Control Based on TRBAC [J]. Computer Engineering, 2010, 36(21): 143-145.
[10]	FENG Xin-yang; SHEN Jian-jing; LI Ping. Access Control Model for Web Services Based on SOAP Message Handler Chain [J]. Computer Engineering, 2009, 35(9): 161-163.
[11]	OU Qing-yu. Security Embedded System Based on Partition Kernel [J]. Computer Engineering, 2009, 35(23): 158-160.
[12]	HUANG Qiang ; ZENG Qing-kai;. Information Flow Analysis in Source Code Based on SSA Intermediate Representation [J]. Computer Engineering, 2009, 35(13): 166-168,.
[13]	FENG Yi; WANG Ya-di; HAN Ji-hong; FAN Jue-dan. Description and Reasoning of Access Control Based on Logical Program [J]. Computer Engineering, 2008, 34(8): 77-79.
[14]	WU Chun-xue; FENG Bin. Information Flow Scheduling Model for WSN Based on Proportion Distribution [J]. Computer Engineering, 2008, 34(23): 130-132.
[15]	TAN Qing; HAN Zhen. Access Control Model of Defending Operating System Against Executable Malicious Code Effectively [J]. Computer Engineering, 2008, 34(16): 168-170.

Please choose a citation manager

Content to export

A Conspire-accesses Risk Control Model Based on Information Flow Graph

一种基于信息流图的共谋访问风险控制模型

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments

模态框（Modal）标题

Please choose a citation manager

Content to export

A Conspire-accesses Risk Control Model Based on Information Flow Graph

一种基于信息流图的共谋访问风险控制模型

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments