a new formal model for privilege control with supporting posix capability mechanism
文献类型:期刊论文
| 作者 | Qingguang Ji ; Sihan Qing ; He Yeping |
| 刊名 | Science in China Series F: Information Sciences
 |
| 出版日期 | 2005 |
| 卷号 | 48期号:1页码:46-66 |
| 关键词 | formal model least privilege role domain capability |
| 通讯作者 | Ji, QG (通讯作者), Chinese Acad Sci, Inst Software, Engn Res Ctr Informat Secur Technol, Beijing 100080, Peoples R China |
| 收录类别 | SPRINGER,SCI |
| WOS记录号 | WOS:000228223600004 |
| 公开日期 | 2010-08-23 |
| 附注 | In order to enforce the least privilege principle in the operating system, it is necessary for the process privilege to be effectively controlled; but this is very difficult because a process always changes as time changes. In this paper, based on the analysis on how the process privilege is generated and how it works, a hierarchy implementing the least privilege principle with three layers, i.e. administration layer, functionality control layer and performance layer, is posed. It is clearly demonstrated that to bound privilege's working scope is a critical part for controlling privilege, but this is only mentioned implicitly while not supported in POSIX capability mechanism. Based on analysis of existing control mechanism for privilege, not only an improved capability inheritance formula but also a new complete formal model for controlling process based on integrating RBAC, DTE, and POSIX capability mechanism is introduced. The new invariants in the model show that this novel privilege control mechanism is different from RBAC ' s, IDTE ' s, and POSIX ' s, and it generalizes subdomain control mechanism and makes this mechanism dynamic. |
| 源URL | [http://124.16.136.157/handle/311060/3722]  |
| 专题 | 软件研究所_基础软件国家工程研究中心_期刊论文 |
| 推荐引用方式 GB/T 7714 | Qingguang Ji,Sihan Qing,He Yeping. a new formal model for privilege control with supporting posix capability mechanism[J]. Science in China Series F: Information Sciences,2005,48(1):46-66. |
| APA | Qingguang Ji,Sihan Qing,&He Yeping.(2005).a new formal model for privilege control with supporting posix capability mechanism.Science in China Series F: Information Sciences,48(1),46-66. |
| MLA | Qingguang Ji,et al."a new formal model for privilege control with supporting posix capability mechanism".Science in China Series F: Information Sciences 48.1(2005):46-66. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。