摘要: 为解决信息系统中的非授权间接访问问题,提出一种基于信息流图的共谋访问风险控制模型。通过记录系统的历史访问行为构建信息流图,在此基础上定义共谋访问行为,同时基于状态机定义访问控制模型,利用安全性定理和规则防止共谋访问的发生,并对规则做安全性证明。根据信息熵理论对模型的有效性进行分析和验证,结果证明该模型可有效防止共谋访问的发生。
关键词:
信息流,
信息流图,
共谋访问,
风险控制模型,
访问控制模型,
安全熵
Abstract: To solve the problem of nonlicet indirectly access in the information system, this paper proposes a conspire-accesses risk control model based on information flow graph. It forms an information flow graph through recording history accesses, and defines the conspire-accesses. It defines the access control model based on states machine, to prevent the conspire-accesses by security theorems and rules, and proves the security of the rules. It analyses and verifies the model’s validity based on information entropy theory, and the result proves that the model can prevent conspire-accesses.
Key words:
information flow,
information flow graph,
conspire-accesses,
risk control model,
access control model,
security entropy
中图分类号:
王超, 陈性元. 一种基于信息流图的共谋访问风险控制模型[J]. 计算机工程, 2013, 39(8): 173-176.
WANG Chao, CHEN Xing-Yuan. A Conspire-accesses Risk Control Model Based on Information Flow Graph[J]. Computer Engineering, 2013, 39(8): 173-176.