期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

增强可生存性的访问控制模型

Access control model for enhancing survivability
在线阅读 下载PDF
导出
摘要 针对传统访问控制模型应用到可生存系统时存在的局限性,提出可生存性访问控制的概念和要求,并设计一种可生存性访问控制模型TTC。TTC模型在系统受到入侵而被控制之后仍然能保护关键服务和数据,能实时响应入侵检测报警并指导入侵恢复工作。它包括触发、跟踪和控制等三个规则。触发规则和跟踪规则利用攻击树跟踪入侵者在系统内的活动,控制规则禁止被跟踪的主体破坏关键服务和数据。通过对模型的形式化证明,模型的应用示例,以及与传统访问控制模型的对比,证实了TTC模型在增强可生存性方面的价值。 Traditional access control models have disadvantages when they are applied in a survivability system.An access control model for enhancing survivability is proposed,which named TTC.The model can protect critical services and data,response to intrusion alarm in real time and help recovery process even when the system is compromised.It contains three rules of trigger,track and control.The trigger and track rules trace activities of intruder in system by using attack tree.The control rule forbids the traced subjects to tamper critical services and data.The value of TTC for enhancing survivability is attested by formal proving, application demonstration and comparing with traditional access control models.
作者 单智勇 石文昌 梁彬 孟晓峰
机构地区 中国人民大学信息学院计算机系 教育部数据工程与知识工程重点实验室 中国人民大学系统与信息安全研究实验室
出处 《计算机工程与应用》 CSCD 北大核心 2008年第35期1-4,8,共5页 Computer Engineering and Applications
基金 国家自然科学基金No.60703103 No.60703102 国家高技术研究发展计划(863)No.2007AA01Z414 中国人民大学科研基金(No.06XNB053)~~
关键词 访问控制 可生存性 攻击树 access control survivability attack tree
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献28

  • 1Jajodia S.Topological analysis of network attack vulnerability[C]// ACM SIGSAC ASIACCS'2007,Singapore,2007.
  • 2Barbacci M.Survivability in the age of vulnerable systems[J].IEEE Computer, 1996,29( 11 ).
  • 3Ellison R J,Fisher D A,Linger R C,et al.Survivable network systems:an emerging discipline,Technical Report CMU/SEI-97-TR- 013[R].USA:Carnegie Mellon University, 1997.
  • 4Knight J, Heimbigner D,Wolf A,et al.The willow architecture : comprehensive survivability for large-scale distributed applications[C]// Intrusion Tolerance Workshop,the International Conference on Dependable Systems and Networks(DSN-2002),Washington,DC,USA, 2002.
  • 5Hiltunen M A,Sehlichting R D,Ugarte C A,et al.Survivability through customization and adaptability:the cactus approach[C]// DARPA Information Survivability Conference and Exposition(DISCEX 2000) ,2000 : 294-307.
  • 6Liu P.Architectures for intrusion tolerant database systems[C]//Proceedings of 18th Annual Computer Security Applications Conference(ACSAC 2002),2002:311-320.
  • 7Wylie J,Bigrigg M,Strunk J,et al.Survivalbe information storage systems[J].IEEE Computer, 2000,33 (8).
  • 8林闯,汪洋,李泉林.网络安全的随机模型方法与评价技术[J].计算机学报,2005,28(12):1943-1956. 被引量:92
  • 9ZHUJianming,WANGChao,MAJianfeng.Intrusion-Tolerant Based Survivable Model of Database System[J].Chinese Journal of Electronics,2005,14(3):481-484. 被引量:3
  • 10王超,马建峰.可生存网络系统的构建方法[J].电子学报,2005,33(B12):2336-2341. 被引量:4

二级参考文献132

  • 1钟华,冯玉琳,姜洪安.扩充角色层次关系模型及其应用[J].软件学报,2000,11(6):779-784. 被引量:91
  • 2林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758. 被引量:253
  • 3ZHUJianming,WANGChao,MAJianfeng.Intrusion-Tolerant Based Survivable Model of Database System[J].Chinese Journal of Electronics,2005,14(3):481-484. 被引量:3
  • 4Ivan G. Institute for the Advanced Study of Information Warfare(IASIW). The IASIW Project, January 1996. Web page on-line.Available at: http:∥www. psycom. net/iwar. 1. html Accessed February 4, 2000
  • 5Liu P. Architectures for Intrusion Tolerant Database Systems. In:Proc. of 18th Annual Computer Security Applications Conf.Dec. 2002. Las Vegas, Nevada
  • 6Ammann P,Jajodia S,McCollum C D,et al. Surviving information warfare attacks on databases. In: Proc. of the IEEE Symposium on Security and Privacy,Oakland, CA, May 1997. 164~174
  • 7Carter,Katz. Computer crime: an emerging challenge for law enforcement. FBI Law Enforcement Bulletin,Dec. 1996
  • 8Ellison RI, et al. Survivability: Protecting your critical systems.IEEE Internet Computing 3, 6Nov. -Dec. 1999.55~63
  • 9Liu P,Jajodia S. Multi-phase damage confinement in database systems for intrusion tolerance. In:Proc. 14th IEEE Computer Security Foundations Workshop,June 2001. 191~205
  • 10Liu P,Jajodia S,McCollum C D. Intrusion Confinement by Isolation in Information Systems. Journal of Computer Security,2000,8(4) :243~279

共引文献109

计算机工程与应用
2008年 第35期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部