摘要
在现有安全模型的基础上提出了NDMAC模型。该模型对主客体进行了明确的定义和分类,并采用最细客体粒度为属性和元组级的方案。该模型提出了隶属完整性规则、实体完整性规则和推理完整型规则,并给出了六种操作的处理策略。此外模型引入了同步约束、互斥约束和推理约束,并通过引入特权机制增强该模型的灵活性。
This paper presents a database security model named NDMAC,which is based on existing security models. After a brief introduction of current work,the database security model is presented and interpreted in detail. The main contributions of the model include: explicit definition and classification of subjects and objects; the finest granularity of objects is attribute-level and tuple-level; subjection integrity rule makes security levels of related objects satisfy definite relation; entity integrity rule ensures that the primary key of a visible tuple is entirely visible; inference integrity rule and inference restriction prevent information leakage caused by functional dependency; the disposal of six kinds of operation makes information flow from some subjects to others ,which are associated with equal or higher security levels; the privilege mechanism makes the model more flexible.
出处
《计算机科学》
CSCD
北大核心
2004年第10期101-103,149,共4页
Computer Science
基金
国家"八六三"高技术研究发展计划基金(项目编号2002AA141091)
