Security Information Flow Control Model and Method in MILS

被引:0
|
作者
Zhou Yinping [1 ]
Shen Yulong [1 ]
Pei Qingqi [1 ]
Cui Xining [2 ]
Li Yahui [2 ]
机构
[1] Xidian Univ, Xian, Peoples R China
[2] Aeronaut Comp Technol Res Inst, Xian, Peoples R China
基金
中国国家自然科学基金;
关键词
MILS; information flow control; security policy;
D O I
10.1109/CIS.2012.138
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Multiple Independent Levels of Security (MILS) is a high-assurance architecture which protects information sharing at different security levels. MILS ensures mutual independence and prevents the spread of the error effectively between partitions. However, in some specific applications, there exists enormous amount of information interaction and sharing between partitions, the process of which has the problem of potential sensitive information leakage and tamper. From the point of view of information flow control, the article puts forward a model and method of security information flow control strictly between MILS partitions based on trusted computing. At first, we designed a lattice-based multi-level policy and a downgrading policy. The two policies not only automatically make the indirect information flow secure, but also break the traditional BLP model curt rules "not read up, not write down", which meet the needs of the security level of subjects and objects with the changes of task requirements in MILS. On this basis, a complete information flow control mechanism is established. By detailed analysis and verification, our information security flow security control method can effectively ensure that the information flow between partitions are all legitimate news after authorized by Separation Kernel and filtered by credible components, which can efficaciously protect the confidentiality and integrity of sensitive information.
引用
收藏
页码:591 / 595
页数:5
相关论文
共 50 条
  • [1] Information flow control model and method in distribute MILS
    Li, Kaiqiang
    Feng, Hao
    Li, Yahui
    Zhang, Zhiwei
    [J]. 2014 TENTH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY (CIS), 2014, : 598 - 602
  • [2] Information Flow Control with Decentralized Labeling Model in Information Security
    Hakkoymaz, Veli
    Bakir, Cigdem
    [J]. JOURNAL OF WEB ENGINEERING, 2020, 19 (7-8): : 903 - 930
  • [3] An improved method of access control based on BLP model In MILS
    Li, Kaiqiang
    Feng, Hao
    Li, Yahui
    Zhang, Zhiwei
    [J]. 2014 TENTH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY (CIS), 2014, : 588 - 592
  • [4] The hybrid model for web services security Access control and information flow control
    Kedjar, Saadia
    Tari, Abdelkamel
    [J]. 2013 8TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS (ICITST), 2013, : 194 - +
  • [5] Information Flow for Security in Control Systems
    Weerakkody, Sean
    Sinopoli, Bruno
    Kar, Soummya
    Datta, Anupam
    [J]. 2016 IEEE 55TH CONFERENCE ON DECISION AND CONTROL (CDC), 2016, : 5065 - 5072
  • [7] Information flow model of integrated security system
    Valinevicius, A
    Zilys, M
    Eidukas, D
    [J]. ITI 2004: PROCEEDINGS OF THE 26TH INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY INTERFACES, 2004, : 567 - 572
  • [8] MILS-BASED INFORMATION FLOW CONTROL IN THE AVIONIC DOMAIN: A CASE STUDY ON COMPOSITIONAL ARCHITECTURE AND VERIFICATION
    Mueller, Kevin
    Paulitsch, Michael
    Schwarz, Reinhard
    Tverdyshev, Sergey
    Blasum, Holger
    [J]. 2012 IEEE/AIAA 31ST DIGITAL AVIONICS SYSTEMS CONFERENCE (DASC), 2012,
  • [9] Access Control and Information Flow Control for Web Services Security
    Kedjar, Saadia
    Tari, Abdelkamel
    Bertok, Peter
    [J]. INTERNATIONAL JOURNAL OF INFORMATION TECHNOLOGY AND WEB ENGINEERING, 2016, 11 (01) : 44 - 76
  • [10] MILS-based Information Flow Control in the Avionic Domain A Case Study on Compositional Architecture and Verification
    Mueller, Kevin
    Paulitsch, Michael
    Schwarz, Reinhard
    Tverdyschev, Sergey
    Blasum, Holger
    [J]. 2012 IEEE/AIAA 31ST DIGITAL AVIONICS SYSTEMS CONFERENCE (DASC), 2012,