a new formal model for privilege control with supporting posix capability mechanism
文献类型:期刊论文
| 作者 | Ji QG ; Qing SH ; He YP |
| 刊名 | SCIENCE IN CHINA SERIES F-INFORMATION SCIENCES
 |
| 出版日期 | 2005 |
| 卷号 | 48期号:1页码:46-66 |
| 关键词 | formal model least privilege role domain capability |
| ISSN号 | 1009-2757 |
| 学科主题 | Computer Science, Information Systems |
| 收录类别 | SCI |
| 语种 | 英语 |
| 公开日期 | 2011-07-28 |
| 附注 | In order to enforce the least privilege principle in the operating system, it is necessary for the process privilege to be effectively controlled; but this is very difficult because a process always changes as time changes. In this paper, based on the analysis on how the process privilege is generated and how it works, a hierarchy implementing the least privilege principle with three layers, i.e. administration layer, functionality control layer and performance layer, is posed. It is clearly demonstrated that to bound privileges working scope is a critical part for controlling privilege, but this is only mentioned implicitly while not supported in POSIX capability mechanism. Based on analysis of existing control mechanism for privilege, not only an improved capability inheritance formula but also a new complete formal model for controlling process based on integrating RBAC, DTE, and POSIX capability mechanism is introduced. The new invariants in the model show that this novel privilege control mechanism is different from RBAC s, IDTE s, and POSIX s, and it generalizes subdomain control mechanism and makes this mechanism dynamic. |
| 源URL | [http://124.16.136.157/handle/311060/12534]  |
| 专题 | 软件研究所_软件所图书馆_期刊论文 |
| 推荐引用方式 GB/T 7714 | Ji QG,Qing SH,He YP. a new formal model for privilege control with supporting posix capability mechanism[J]. SCIENCE IN CHINA SERIES F-INFORMATION SCIENCES,2005,48(1):46-66. |
| APA | Ji QG,Qing SH,&He YP.(2005).a new formal model for privilege control with supporting posix capability mechanism.SCIENCE IN CHINA SERIES F-INFORMATION SCIENCES,48(1),46-66. |
| MLA | Ji QG,et al."a new formal model for privilege control with supporting posix capability mechanism".SCIENCE IN CHINA SERIES F-INFORMATION SCIENCES 48.1(2005):46-66. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。