Acta Scientiarum Naturalium Universitatis Pekinensis

Previous Articles     Next Articles

Chinese Wall Policy and Its Extension in Multilevel Security System

QIN Chao,CHEN Zhong,DUAN Yunsuo   

  1. Department of Computer Science, Peking University, Beijing, 100871
  • Received:2001-03-28 Online:2002-05-20 Published:2002-05-20

Chinese Wall策略及其在多级安全环境中的扩展

秦超,陈钟,段云所   

  1. 北京大学计算机系信息安全实验室,北京,100871

Abstract: The Chinese Wall security policy is an excellent example of a commercial nondisclosure policy. To extend Chinese Wall policy in multilevel security environment, authors use lattice to label data, and propose an improving policy in term of aggregate system. Moreover, authors present a scheme using a database based history access and linklist of aggregate dataset of interest conflict.

Key words: Chinese Wall policy, data aggregate, lattice label, history access database

摘要: Chinese Wall安全策略因不同于BLP的动态特性而备受人们关注,但Brewer和Nash定义的Chinese Wall策略只适用一定的应用范围,没有考虑普遍存在的多级访问控制的限制条件。本文主要结合多级安全环境,分析研究具有多级访问控制环境的Chinese Wall策略的扩展实现。根据该环境中的Chinese Wall的利益冲突处理表现为数据聚合问题,利用数据标签的格级标定,提出一种基于历史访问库和利益冲突聚合链表的安全策略实现方法

关键词: ChineseWall策略, 数据聚合, 格级, 历史访问库

CLC Number: