面向多级安全的网络安全通信模型及其关键技术研究
|
摘要
等级保护作为国家在信息安全保障方面致力推行的一项政策,已经受到了信息安全领域的广泛关注,成为信息安全研究的重要内容。信息系统进行分级保护以后,系统间无疑会构建起严格的保护与隔离壁垒,形成新的数据孤岛,因此,在不破坏原有信息系统正常运行和等级、多级安全特性的前提下,继续保持信息系统间的互联互通是等级保护实施必须要解决的关键问题。网络安全通信是实现信息系统间安全互联互通的重要手段,但是现有的网络安全通信技术缺乏对多级安全属性的支持,不能完全满足等级保护环境下信息系统间的安全通信需求,为此,迫切需要研究面向多级安全的网络安全通信问题。本文的主要工作包括:
1.分析了现有安全通信及其相关模型,指出了模型的不足以及在多级安全网络应用中存在的问题,并在上述分析的基础上,阐述了面向多级安全的网络安全通信所需要解决的关键问题。
2.为解决多级安全在网络应用中存在的灵活性、适应性、安全性以及安全通信等问题,本文提出了基于多维控制的多级安全网络通信模型。模型通过保护域间关系约束,实现了区域间、区域内的安全互联控制;通过主体在安全属性上的可信度,反映了主体网络操作的置信度,解决了多级安全网络中特殊情况下主体对客体的操作问题,并充分考虑了主体违规操作后主客体的处理方法,进而增强BLP模型在网络中的可用性;依据客体关系约束,限定了主体对关联客体和相似客体的访问,降低了由于客体聚合而引起的信息泄密风险,进而增强了BLP在机密性安全属性上的限制;在访问控制的基础上,通过建立多级安全通道,构建了逻辑、独立、多级别的虚拟子网,实现了非对等成员间的安全互联,确保了不同级别信息的安全传输与相互隔离。
3.针对安全标记与信息客体的绑定问题,本文提出了一种基于信息客体统一化描述的安全标记绑定方法。通过分析客体类型,给出了基于数据树的多类型信息客体的统一表示,依据经典的树形结构XML,定义了XML客体安全标记,据此基于数据树遍历给出了XML客体安全标记绑定算法,讨论了多级安全网络信息客体的相关操作。该方法不仅提高了安全标记绑定的灵活性,实现了多类型信息客体与安全标记绑定的统一,而且能够实施更为细粒度的访问控制,解决了信息系统间异构数据交换访问控制难的问题。
4.针对多级安全网络中信息客体聚合推导而引起的泄密问题,本文深入分析了信息客体的复杂关系,针对客体的关联性、相似性,分别提出了基于属性关联、聚类分析的客体聚合信息级别推演方法。依据属性依赖关系与属性关联规则、形式概念分析与概念引力计算,实现了关联客体的挖掘与相似客体的聚类,最后,依据属性或属性子集级别模糊集可能性测度,推演出由关联客体、相似客体推导出更高级别信息的可能性。通过这两种方法,能够有效制定多级安全网络访问控制策略,控制主体对关联客体、相似客体的受限访问,使多级安全网络防护原则拓展到信息客体间的关系上来,从而进一步降低系统失泄密的风险。
5.为确保多级安全网络中非对等成员间可信可靠安全传输与信息的相互隔离,本文针对现有安全协议在支持多级安全属性方面的不足,设计了多级安全网络通信协议簇。该协议簇包括多级安全通道建立协议和多级安全网络传输协议。多级安全通道建立协议通过联合机制、虚拟主体转换、安全标记映射,构建了非对等成员间的多级安全通道,完成了不同信息系统内通信主体的授权,克服了安全标记的异构性问题,实现了不同级别信息的安全传输与隔离。设计了多级安全网络传输协议报文格式、操作模式以及工作流程,并基于IP安全选项携带安全标记,实现了安全标记与数据流的显式绑定,达到了数据流强制访问控制的目的。
Classified security protection that is a national policy about information security assuranceis a key research content of information security,which is gained widely attention in informationsecurity realm. After information system is classified, information isolated island would beformed because of strictly barrier among information systems undoubtedly. So, on the premise ofnot violating normal working of information system and classified security characteristics, howto keep continuously interconnection among information systems is a key problem in theimplementation of classified security protection. Network security communication is animportant method of secure interconnection among information systems. However, the existingsecure communication technology that reckons without multilevel security attributes can notsatisfy the demand of secure communication among information systems in classified securityprotection so that the research on MLS oriented secure communication technology is urgency.The main works and creations of this paper are as the following:
1. After analyzing the existing secure communication models and its relevant models, thispaper points out the shortcomings of the existing models, and their problems about MLS appliedto actual network. At the same time, the key problems that are urgent to solve about MLSoriented network communication are expounded.
2. To solve the problems that are appeared when multilevel security is applied to actualnetwork, such as flexibility, availability, security and secure communication etc., this paper putsforward a multilevel security oriented network secure communication model based onmulti-dimension control. In the model, relational restraints among protection domains mayeffectively accomplish inter-domain and intra-domain interconnection control. The trust degreethat reflects confidence on behaviors of subject may solve the problem that a subject mightaccess an object in special situation, at the same time, the methods about treatment of subject andobject after a subject‘s illegal access are considered adequately for strengthening availability ofBLP model. Relational restraints among objects may control limited access of associated objectsand similar objects so that the risk of information leakage caused by aggregation of objects isreduced for strengthening restriction on confidentiality of BLP model. Moreover, logical virtualnetwork with secure level may be built by establishing different secure level tunnel and restraintsof secure tunnel, which can accomplish secure data transmission and segregation of information,and then reduce the probability of information leakage.
3.For the problem about secure label bound to information object, this paper puts forward amethod for binding secure label to information object based on unified description of information object. Firstly, the method analyzes types of information objects, and describesmulti-types information objects uniformly. Then, it expounds secure label of object based on xml,at the same time, gives an algorithm about binding secure label to information object. Finally,operations on information object in multilevel security network are discussed. The method cannot only unify the method of binding between multi-types information object and secure label,which may improve flexibility of binding, but also accomplish fine-grained mandatory accesscontrol, which may solve the problem that access control of heterogeneous data amongmultilevel secure system is more difficult.
4. To solve the problem of information leakage caused by aggregation among objects, thispaper deeply analyzes the relations among objects, and respectively puts forward level inferencemethod for aggregated information of objects based on associated attributes and clusteringanalysis. Highly associated objects are found by dependency relationships and association rules,and then similar objects are clustered by concept analysis and concept gravity. Finally, theprobability of higher level information inferred by aggregation of associated objects and similarobjects is computed by probability estimates of fuzzy sets on secure level of attribute andattribute set. The methods may contribute to establish access control policy in multilevel securenetwork, and control restricted access of associated objects and similar objects in order to reducethe risk on information system.
5. For accomplishing secure transmission and segregation of information amongnonequivalence interconnection members, this paper designs secure communication protocolcluster in multilevel security network that is composed of multilevel secure tunnel establishmentprotocol and security transmission protocol. In tunnel establishment protocol, multilevel securetunnels are established among nonequivalence members by coalition, virtual subject andmapping of secure label. It may not only accomplish secure transmission and segregation ofdifferent level information, but also authorization of subject in order to overcome theheterogeneous of secure label in different information systems. In secure transmission protocol,protocol format, operation mode and work procedure are designed, and then binding betweensecure label and data stream is enforced by IPSO in order to accomplish mandatory accesscontrol based on data stream.
1.分析了现有安全通信及其相关模型,指出了模型的不足以及在多级安全网络应用中存在的问题,并在上述分析的基础上,阐述了面向多级安全的网络安全通信所需要解决的关键问题。
2.为解决多级安全在网络应用中存在的灵活性、适应性、安全性以及安全通信等问题,本文提出了基于多维控制的多级安全网络通信模型。模型通过保护域间关系约束,实现了区域间、区域内的安全互联控制;通过主体在安全属性上的可信度,反映了主体网络操作的置信度,解决了多级安全网络中特殊情况下主体对客体的操作问题,并充分考虑了主体违规操作后主客体的处理方法,进而增强BLP模型在网络中的可用性;依据客体关系约束,限定了主体对关联客体和相似客体的访问,降低了由于客体聚合而引起的信息泄密风险,进而增强了BLP在机密性安全属性上的限制;在访问控制的基础上,通过建立多级安全通道,构建了逻辑、独立、多级别的虚拟子网,实现了非对等成员间的安全互联,确保了不同级别信息的安全传输与相互隔离。
3.针对安全标记与信息客体的绑定问题,本文提出了一种基于信息客体统一化描述的安全标记绑定方法。通过分析客体类型,给出了基于数据树的多类型信息客体的统一表示,依据经典的树形结构XML,定义了XML客体安全标记,据此基于数据树遍历给出了XML客体安全标记绑定算法,讨论了多级安全网络信息客体的相关操作。该方法不仅提高了安全标记绑定的灵活性,实现了多类型信息客体与安全标记绑定的统一,而且能够实施更为细粒度的访问控制,解决了信息系统间异构数据交换访问控制难的问题。
4.针对多级安全网络中信息客体聚合推导而引起的泄密问题,本文深入分析了信息客体的复杂关系,针对客体的关联性、相似性,分别提出了基于属性关联、聚类分析的客体聚合信息级别推演方法。依据属性依赖关系与属性关联规则、形式概念分析与概念引力计算,实现了关联客体的挖掘与相似客体的聚类,最后,依据属性或属性子集级别模糊集可能性测度,推演出由关联客体、相似客体推导出更高级别信息的可能性。通过这两种方法,能够有效制定多级安全网络访问控制策略,控制主体对关联客体、相似客体的受限访问,使多级安全网络防护原则拓展到信息客体间的关系上来,从而进一步降低系统失泄密的风险。
5.为确保多级安全网络中非对等成员间可信可靠安全传输与信息的相互隔离,本文针对现有安全协议在支持多级安全属性方面的不足,设计了多级安全网络通信协议簇。该协议簇包括多级安全通道建立协议和多级安全网络传输协议。多级安全通道建立协议通过联合机制、虚拟主体转换、安全标记映射,构建了非对等成员间的多级安全通道,完成了不同信息系统内通信主体的授权,克服了安全标记的异构性问题,实现了不同级别信息的安全传输与隔离。设计了多级安全网络传输协议报文格式、操作模式以及工作流程,并基于IP安全选项携带安全标记,实现了安全标记与数据流的显式绑定,达到了数据流强制访问控制的目的。
Classified security protection that is a national policy about information security assuranceis a key research content of information security,which is gained widely attention in informationsecurity realm. After information system is classified, information isolated island would beformed because of strictly barrier among information systems undoubtedly. So, on the premise ofnot violating normal working of information system and classified security characteristics, howto keep continuously interconnection among information systems is a key problem in theimplementation of classified security protection. Network security communication is animportant method of secure interconnection among information systems. However, the existingsecure communication technology that reckons without multilevel security attributes can notsatisfy the demand of secure communication among information systems in classified securityprotection so that the research on MLS oriented secure communication technology is urgency.The main works and creations of this paper are as the following:
1. After analyzing the existing secure communication models and its relevant models, thispaper points out the shortcomings of the existing models, and their problems about MLS appliedto actual network. At the same time, the key problems that are urgent to solve about MLSoriented network communication are expounded.
2. To solve the problems that are appeared when multilevel security is applied to actualnetwork, such as flexibility, availability, security and secure communication etc., this paper putsforward a multilevel security oriented network secure communication model based onmulti-dimension control. In the model, relational restraints among protection domains mayeffectively accomplish inter-domain and intra-domain interconnection control. The trust degreethat reflects confidence on behaviors of subject may solve the problem that a subject mightaccess an object in special situation, at the same time, the methods about treatment of subject andobject after a subject‘s illegal access are considered adequately for strengthening availability ofBLP model. Relational restraints among objects may control limited access of associated objectsand similar objects so that the risk of information leakage caused by aggregation of objects isreduced for strengthening restriction on confidentiality of BLP model. Moreover, logical virtualnetwork with secure level may be built by establishing different secure level tunnel and restraintsof secure tunnel, which can accomplish secure data transmission and segregation of information,and then reduce the probability of information leakage.
3.For the problem about secure label bound to information object, this paper puts forward amethod for binding secure label to information object based on unified description of information object. Firstly, the method analyzes types of information objects, and describesmulti-types information objects uniformly. Then, it expounds secure label of object based on xml,at the same time, gives an algorithm about binding secure label to information object. Finally,operations on information object in multilevel security network are discussed. The method cannot only unify the method of binding between multi-types information object and secure label,which may improve flexibility of binding, but also accomplish fine-grained mandatory accesscontrol, which may solve the problem that access control of heterogeneous data amongmultilevel secure system is more difficult.
4. To solve the problem of information leakage caused by aggregation among objects, thispaper deeply analyzes the relations among objects, and respectively puts forward level inferencemethod for aggregated information of objects based on associated attributes and clusteringanalysis. Highly associated objects are found by dependency relationships and association rules,and then similar objects are clustered by concept analysis and concept gravity. Finally, theprobability of higher level information inferred by aggregation of associated objects and similarobjects is computed by probability estimates of fuzzy sets on secure level of attribute andattribute set. The methods may contribute to establish access control policy in multilevel securenetwork, and control restricted access of associated objects and similar objects in order to reducethe risk on information system.
5. For accomplishing secure transmission and segregation of information amongnonequivalence interconnection members, this paper designs secure communication protocolcluster in multilevel security network that is composed of multilevel secure tunnel establishmentprotocol and security transmission protocol. In tunnel establishment protocol, multilevel securetunnels are established among nonequivalence members by coalition, virtual subject andmapping of secure label. It may not only accomplish secure transmission and segregation ofdifferent level information, but also authorization of subject in order to overcome theheterogeneous of secure label in different information systems. In secure transmission protocol,protocol format, operation mode and work procedure are designed, and then binding betweensecure label and data stream is enforced by IPSO in order to accomplish mandatory accesscontrol based on data stream.
引文
[1] DEPARTMENT OF DEFENSE STANDARD.Department of defense Trusted computer system evaluationcriteria[S]. Washington.D.C: Department of defense,1985.
[2] Bell DE, La Padula L J. Secure Computer System:Unified Exposition and Multics Interpretation[R].The MiterCorporation Technical Report. MTR-2997Rev.1,1976.
[3] Biba K J.Integrity consideration for secure computer system[R].Bedford MAThe MITRE Corporation.MTR-3153.1977.
[4] GB/T22239-2008.信息安全技术信息系统安全等级保护基本要求[S].北京:中国标准出版社,2007.
[5] GB17859-1999.计算机信息系统安全保护等级划分准则[S].北京:中国标准出版社,1999.
[6] NCSC-TG-005. TNI (red book): Trusted Network Interpretation[S], National Computer Security Center,1987.
[7] ISO/IEC15408.The International Common Criteria for Information Technology Security Evaluation[S],1999.
[8] Common Criteria. Common Criteria for Information Technology Security Evaluation[S].1999.
[9] FIPS PUB199.Standards for Security Categorization of Federal Information and Information Systems[S],2004.
[10] Irvine, C. E., Shifflett, D. J., Clark, P. C., Levin, T. E., and Dinolt, G. W., MYSEA Security Architecture[R],NPS-CS-02-006, Naval Postgraduate School, May2002.
[11] Irvine, C. E., Levin, T. E. and Dinolt, G. W., A National Trusted Computing Strategy[R], NPS-CS-02-003,Naval Postgraduate School, May2002.
[12] Kang, Myong H.,An architecture for multilevel secure interoperability[A],Proceedings of13th AnnualonComputer Security Applications Conference[C],San Diego, CA,8-12Dec1997:194–204.
[13]国务院147号令.中国人民共和国计算机信息系统安全保护条例,1994.
[14]中办发[2003]27号文.国务院信息化领导小组关于加强信息安全保障的意见.2003.
[15]公通字[2004]66号文.关于信息安全等级保护工作的实施意见》.2004.
[16]公通字[2007]43号文.信息安全等级保护管理办法.2007.
[17] GB17859-1999.计算机信息系统安全保护等级划分准则[S].北京:中国标准出版社.1999.
[18] GB/T18336.信息技术安全技术信息技术安全性评估准则[S].北京:中国标准出版社.2001.
[19] GB/T22240-2008.信息安全技术信息系统安全等级保护定级指南[S].北京:中国标准出版社.2008.
[20] GB20271-2006.信息安全技术信息系统安全通用技术要求[S].北京:中国标准出版社.2006.
[21] GB/T20273-2006.信息安全技术网络基础安全技术要求[S].北京:中国标准出版社.2006.
[22] GB/T20269-2006.信息安全技术信息系统安全管理要求[S].北京:中国标准出版社.2006.
[23]沈昌祥.信息安全导论[M].北京:电子工业出版社,2009,12.
[24]陈性元.网络安全通信协议[M].北京:高等教育出版社.2008.
[25]陈性元.基于虚拟子网的安全VPN技术研究[D].郑州:解放军信息工程大学.2003.
[26] D.Brewer, M.nash. The Chinese Wall Security Policy [A].Proceeding of the1989IEEE Symposium onSecurity and Privacy[C].May,1989.206-214.
[27] L Badger,D F Steme,D L Sheman.Practical Domain and Type Enforcement for Unix[A].Proc of the1995IEEESymposium on Security and Privacy[C].1995.66-77.
[28] D Denning. A Lattice model of secure information flow [J].Communication of the ACM.1976,19(5):236-243.
[29] DIVITO L,PALMQUIST P H,ANDERSON E R, et al. Specification and verification of the ASOSkernel[A].Proceedings of the1990IEEE Computer Society Symposium on Research in Security andPrivacy[C].1990.61-74.
[30]蔡谊,郑志溶,沈昌祥.基于多级安全策略的二维标识模型[J].计算机学报.2004,27(5):619-624.
[31] Yihe Liu, Xingshu Chen. A New Information Security Model Based on BLP Model and Biba Model [A].The7th International Conferences on Signal Processing [C].2004:32-36.
[32]周正,刘毅,沈昌祥.一种新的保密性与完整性统一安全策略[J].计算机工程与应用.2007,43(34):1-2.
[33]张俊,周正,李建,刘毅.基于MLS策略的机密性和完整性动态统一模型[J].计算机工程与应用.2008,44(12):19-21.
[34]刘彦明,董庆宽,李小平.BLP模型的完整性增强研究[J].通信学报.2010,31(2):100-106.
[35]石文昌,孙玉芳,梁洪亮.经典BLP安全公理的一种适应性标记实施方法及其正确性[J].计算机研究与发展,2001,38(11):1366-1372.
[36]季庆光,卿斯汉,贺也平.一个改进的可动态调节的机密性策略模型[J].软件学报,2004,15(10):1547-1557.
[37] Cheng P.C.; Rohatgi P.; Keser C. Fuzzy Multi-level security: An Experiment on Quantified Risk-AdaptiveAccess control[C].IEEE Symposium on Security and Privacy. Oakland, CA, May.20-23,2007,222-230.
[38]谭智勇,刘铎,司天歌,戴一奇.一种具有可信度特征的多级安全模型[J].电子学报.2008,36(8):1637-1641.
[39] Andrei Sabelfeld, Andrew C.Myers, Language-Based Information-Flow security, selected areas in communica-tion.IEEE Journal on selected areas in communication.2003,21(1):1-15.
[40] Andrew C. Myers, Barbara Liskov.A Decentralized Model for Information Flow Control [A]. Proceedings ofthe16th ACM Symposium on Operating Systems Principles[C]. France: Saint-Malo.octoer,1997.
[41] Andrew C. Myers.JFlow: Practical Mostly-static Information Flow Control [A].Proceeding of the26th ACMSymposium on Principles of Programming Languages (POPL’99)[C], Texas of USA: San Antonio. January1999.
[42] Shaffer, A., Auguston, M., Irvine, C. and Levin, T. Toward a security domain model for static analysis andverification of information systems [A]. Proceedings of the7th OOPSLA Workshop on Domain-SpecificModeling[C]. Montreal, Canada.2007.160-171.
[43] Shaffer A, Auguston M, Irvine C, et al. A security domain model for implementing trustedsbjectbehaviors[A],Workshop on Modeling Security(MODSEC’08)[C].Berlin: Springer.2008:69-81.
[44] US National Security Agent. Information Assurance Technical Framework[S].Release1.1.1998,10
[45]陈兴蜀,应用区域边界的安全体系结构及实用模型研究[D],四川成都:四川大学.博士论文.2004.
[46]刘益和,应用区域边界安全体系结构的模型研究[D],四川成都:四川大学.博士论文.2005.
[47] John Wu, Yongdae Kim, et al. Logical Network Boundary Controller [A].Conference for homeland security,2009CATCH’09, Cybersecurity Application&Technology[C]. March,2009.261-266.
[48]刘益和.多密级子网的网络安全信息流模型[J].华东理工大学学报(自然科学版),2007,33(6):70-73.
[49]王涛,卢显良,段翰聪.基于SSL的P2P安全通信模型[J].计算机科学,2006,33(5):104-106.
[50] Bill sommerfeld. Labeld IPsec Phase1: Label-aware SADB Design[R], Sun Microsystems, Inc.Rev0.3.May6,2008.
[51]包义保.基于逻辑的安全策略系统建模与验证[D].北京:中国科学院计算技术研究所.博士学位论文.2012.
[52]王超.基于信息流强约束的多级互联访问控制模型研究[D].郑州:解放军信息工程大学.博士学位论文.2012.
[53]边力.基于多维域特征安全标记的文件访问控制关键技术研究[D].郑州:解放军信息工程大学.2012.
[54] William B., Elizabeth R., et al. Secure data sharing system [P]. United States: US7185066B2.2007.
[55]王雷,庄毅等,基于强制访问控制的文件安全监控系统的设计与实现,计算机应用,2006,26(12):2941-2944.
[56] Loscocco P., Smalley S.. Integrating Flexible Support for Security Policies into the Linux OperatingSystem[A].Proceedings of the FREENIX Track:2001USENIX Annual Technical Conference[C]. Berkeley,CA, USA: USENIX Association,2001:29-42.
[57]刘威鹏,胡俊等,LSM框架下可执行程序的强制访问控制机制[J],计算机工程,2008,34(7):160-162.
[58] Donald B., Arthur T., William C., et al.Multilevel Secure Database [P].United States: US7539682B2.2009.
[59] Terence T. Multi-level and multi-category [P]. United States: US7134022B2.2006.
[60] Paul Miller,Walid Rjaibi. System and method for controlling data access using security label component[P].United States: US20060059567A1.2006.
[61]李斓,何永忠,冯登国.面向XML文档的细粒度强制访问控制模型[J].软件学报.2004,15(10):1528-1537.
[62] H. Zhu, K. Lu, R. Jin, A practical mandatory access control model for XML databases, Information Sciences179(8)(2009)1116–1133.
[63] Oudkerk S. A Proposal for an XML Confidentiality Label and Related Binding of Metadata to DataObjects[R].RTO-MP-IST-091-22.NATO C3Agency.2010
[64] Kenneth C., Kung, et al.System and techniques to bind information objects to security labels [P].United States:US20030196108A1.2003.
[65] Blazic A J, Saljic S. Confidentiality Labeling Using Structured Data Types[C].2010Fourth InternationalConference on Digital Society. ST, Maarten.Feb.10-16,2010,182-187.
[66] Konrad Wrona. Designing Medium Assurance XML-Labelling Guards for NATO[A]. The2010MilitaryCommunications Conference–unclassified program-cyber security and network management[C].2010.
[67] S.Kent.Security Options for the Internet Protocol[S]. RFC1108.Washington.D.C: Department of Defense,1991.
[68] FIPS188. Standard security label for information transfer[S].1994.US Dept. of Commerce.1994.
[69] Amir Houmansadr. Design, Analysis, And Implementation of Effective Network Flow WatermarkingSchemes [D]. Illinois of US: University of Illinois at Urbana-Champaign,2012.
[70]张连成,王振兴,徐静.一种基于包序重排的流水印技术[J].软件学报.2011,22(2):1726.
[71] Denning D.E., T.Lunt, P.Neumann, R.Schell, Secure Distributed Data Views-Security Policy and Interpretationfor a Class A1multilevel Secure Relational Database System, SRI International, November1986.
[72] Emilin C, Swamynathan S. Reason based access control for privacy protection in object relational databasesystems [J]. International Journal of Computer Theory and Engineering.2011,3(1):1793-8201.
[73] Su,Tzong, OZSOYOGLU g. Controlling FD and MVD inference in multilevel relational databasesystems.IEEE Trans. On Knowledge and Data Engineering1991,3(4):474-485.
[74] Bhavani Thuraisingham. Knowledge-based inference control in multilevel secure database managementsystem. In15th National Computer Security Conference Proceedings,1992.
[75] Hinke T. Inference aggregation detection in database management systems. In: Proc. Of the IEEE Sym. Onsecurity and privacy. IEEE Computer Society Press,1998.96-106.
[76] Zur Erlangung. A Framework for Inference Control in Incomplete Logic Databases [D]. TechnischenUniversitat Dortmund an der Fakultat fur informatik.2008
[77] Santosh Kumar Chauhan. A study of inference control techniques [D]. National Institute of TechnologyRourkela. India.2010.
[78] Biskup, Joachim, Sven Hartmann, Sebastian Link. Efficient inference control for open relational queries [A].Proceedings of the24th Annual IFIP WG11.3Working Conference[C], DBSec, volume6166of Lecture Notesin Computer Science, Springer,2010,162–176.
[79] Matthew David Parno. A multiscale framework for Bayesian inference in elliptic problems [D]. MassachusettsInstitute of Technology.2011.
[80] Biskup J, Embley D W, Lochner J H. Reducing inference control to access control for normalized databaseschemas [J]. Information Processing Letters,2008,106(1):8-12.
[81] Chad Cumby, Rayid Ghani.Inference control to protect sensitive information in text documents [A].Proceeding of ISI-KDD '10ACM SIGKDD on Intelligence and Security Informatics[C]. New York, NY, USA,2010.
[82] Vasilios Katos, Dimitrios Vrakas, et al. A Framework for Access Control with Inference Constraints [A].35thIEEE Annual Computer Software and Applications Conference[C]. Munich. July,18-22,2011,289-297.
[83] Q. Ni, E. Bertino, and J. Lobo. Risk-based access control systems built on fuzzy inferences[C], In Proceedingsof the5th ACM Symposium on Information, Computer and Communications Security, New York, NY, USA,2010,250-260.
[84] Barbara Carminati, Elena Ferrari, Jianneng Cao, Kian Lee Tan, A framework to enforce access control overdata streams[J], ACM Transactions on Information and System Security (TISSEC),2010,13(3):1-31.
[85] Suresh Chari, Jorge Lobo, Ian Molloy, Practical risk aggregation in RBAC models, Proceedings of the17thACM symposium on Access Control Models and Technologies, June20-22,2012, Newark, New Jersey, USA.
[86] Trent R. Jaeger, Serge Hallyn, Joy Latten. Leveraging IPSec for mandatory access control of linux networkcommunications.Technical Report RC23642(W0506-109), IBM, June2005.
[87] Jaeger T, King D H, Butler K R, et al. Leveraging ipsec for mandatory per-packet access control[A],IEEESecurecomm and Workshops[C], Baltimore, MD, Aug.282006-Sept.12006,2006:1-9.
[88]孟祥义.多级安全网络[D].陕西西安:西安电子科技大学.硕士学位论文.2008.
[89] Mazeikis, Andrew J. A communication protocol for a multi-level secure network [A]. Proceedings ofTRICOMM '91on IEEE Communications for Distributed Applications and Systems[C]. Chapel Hill,NC.18-19Apr1991.89-103
[90] John M. Boyle, Eric S.Maiwald, David W. Snow. Apparatus and method for providing multi-level security forcommunication among computers and terminals on a network [P]. United States: US005577209A.
[91] Kelly S., Daniel D. Data transfer between networks operating at different security levels [P]. United States:US20070204145A1.
[92] James M. Holden, Stephen E. Levin, Wrench, Jr.. Support of Limited Write Downs through TrustworthyPredictions In Multilevel Security of Computer Network Communications [P]. United States: US005692124A.
[93] R.Atkinson.draft-gont-opsec-ip-options-filtering-04.http://tools.ietf.org/html/draft-gont-opsec-ip-options-filtering-04. March11,2012.
[94]李守鹏,孙红波.信息系统安全模型研究[J].电子学报.2003,31(10):1491-1495.
[95]谢钧,许峰,黄皓.基于可信级别的多级安全策略及其状态机模型[J],软件学报.2004,15(11):1700-1708.
[96]刘威鹏,张兴.基于非传递无干扰理论的二元多级安全模型研究[J].通信学报.2009,30(2):52-58.
[97]张兴.无干扰可信模型及可信平台体系结构实现研究[D].郑州:解放军信息工程大学.博士学位论文.2009.
[98] Rushby J. Noninterference, transitivity, and channel-control security policies. Technical Report, CSL-92-02,Menlo Park: Stanford Research Institute,1992.
[99] C. Weissman,“Security controls in the ADEFT-50time-sharingsystem,” procedings of, AFIPS, vol.35, pp.119-133.
[100] RFC1457. Security Label Framework for the Internet[S].1993.
[101] Liu, C. and Orgun, M.A.(2006). Towards Security Labelling [A]. Proceedings of Twenty-NinthAustralasian Computer Science Conference (ACSC2006)[C], Hobart, Australia. January16-19,2006.69-76.
[102] Magnani M, Montesi D.A Unified Approach to Structured, Semistructured and UnstructuredData[R].UBLCS-2004-9.University of Bologna.2004.
[103] Horowitz S L, Pavlidis T. Picture segmentation by a tree traversal algorithm [J]. Journal of the ACM(JACM),1976,23(2):368-388.
[104] Lee T Y. Formalisms on Semi-structured and Unstructured Data Schema Computations [D].[Ph.D.thesis].University of Hong Kong. Hong Kong Special Administrative Region.2010.
[105] Deepanwita Roy.Multilevel XML DATA Model [D].USA: University of South Carolina.2005.
[106]李晓光,于戈等,有效的非完全结构XML查询[J]。计算机学报。2007,30(1):57-67.
[107] Vailhav Gowadia. Tree Aut oma for Schema-level Filtering of XML Associations [J].Journal of Research andPratice in Information Technology,2006,38(1):97-109.
[108] Pernul G., Winiwarter W., Tjoa A.M..The entity-relationship model for multilevel security [A]. Proceedingsof the12th international conference on the entity-relationship approach: entity-relationship approach[C].Arlington, Texas, USA, December.15-17,1994,166-177.
[109]秦超,陈钟,段云所.中国墙策略及其在多级安全中的应用[J].北京大学学报.2002.38(3):369-374.
[110] J.Threet. Designing Secure Relational Databases [D]. Oklahoma, USA: University of Tulsa.1993.
[111]苗夺谦,李道国.粗糙集理论、算法与应用[M].北京:清华大学出版社.2008:2-7.
[112] Zhang Dongwen,Jiang Yan, Qiu Jiqing.The Elimination of Inference channel based on rough set theory.2010International conference on computer application and system modeling(ICCASM2010).2010.314-317.
[113] Jan Noessner, Mathias Nipert. ELOG: a probabilistic reasoner for OWL EL[C].RR’11proceedings of the5thInternational Conference on Web Reasoning and Rule Systems.Galway,Ireland, August,2011,281-286.
[114]李凤华,苏铓等.访问控制模型的研究进展与发展趋势[J].电子学报,2012,40(4):805-813.
[115]付钰,吴晓平等.基于模糊集与熵权理论的信息系统安全风险评估研究[J].电子学报,2010,38(7):1489-1494.
[116]张明卫,刘莹,,张斌,朱志良.一种基于概念的数据聚类模型[J].软件学报.2009,20(9):2387-2396.
[117]史金成,胡学刚.基于二部图的概念聚类研究[J].计算机工程与应用.2010,46(13):132-134.
[118] Gautam Biswas, Senior Member, Jerry B. Weinberger, et al. ITERATE:A Conceptual Clustering Algorithmfor Data Mining[J].IEEE Transactions On Systems,MAN,AND Cybernetics,1998,28(2):100-111.
[119] Istvan Jonyer, Lawrence B., et al. Graph-Based Hierarchical Conceptual Clustering [J]. The Journal ofMachine Learning Research.2002,2(3).19-43.
[120]淦文燕,李德毅,王建民.一种基于数据场的层次聚类方法[J].电子学报.2006,34(2):258-262.
[121]罗承忠.模糊集引论(下册)[M].北京:北京师范大学出版社.2007:13-14.
[122] Tian Zhang, Raghu Ramakrishnan, Miron Livny. BIRCH: an efficient data clustering method for verylargedatabases [A], ACM SIGMOD international Conference on Management of Data[C]. Montreal, Quebec,Canada, June4-6,1996,103-114.
[123] Ester M, Kriegel H P, Sander J, et al. A density-based algorithm for discovering clusters in large spatialdatabases with noise [A], Proceedings of the2nd International Conference on Knowledge Discovery and Datamining[C]. AAAI Press,1996, Chicago, IL, USA, August21-24,2005,226-231.
[124]宋擒豹,沈钧毅.基于关联规则的Web文档聚类算法[J].软件学报.2002,13(3):417-423.
[125] Lent B, Swami A, Widom J. Clustering association rules [A]. Proceedings of the13th IEEE InternationalConference on Data Engineering[C]. Birmingham.7-11Apr1997.220-231.
[126] Randall S.Brooks. System and method for transferring information through a trusted network. United States:US20090282460A1.2009.
[127] Eng.Wissam Morsi, Using IPSec to Secure Multi-level Data Classification in MLS Networks. Proceeding ofITS Telecommunication,6th International Conference on IEEE.2006:817-821.
[128] D.Harkins, D.Carrel.RFC2409. The Internet Key Exchange.1998.
[129]周永彬,张振峰,冯登国.一种认证密钥协商协议的安全分析及改进.软件学报.2006.17(4):868-875
[130] Fábrega FJT JC, Guttman JD. Honest ideals on strand spaces [A]. Proceedings of the11th IEEE ComputerSecurity Foundations Workshop[C]. IEEE Computer Sociery Press, Rockport, MA.9-11Jun1998.66-77.
[131] Guttman J D, Herzog J C, Fábrega F J T. Strand spaces: Proving security protocols correct [J]. Journal ofComputer Security,1999,7(2-3):191-230.
[132]孙海波,林东岱,李莉.基于理想的协议安全性分析.软件学报,2005.16(12):2150-2156.
[133]董学文,马建峰等.基于串空间的Ad Hoc安全路由协议攻击分析模型.软件学报,2011.22(7):1641-1651.
[134]张相锋,Biba模型中严格完整性政策的动态实施[J],计算机研究与发展,2005,42(5):746-754
[135]卢正鼎.一种改进的BLP模型主体敏感标记及其动态调整方案[J].计算机工程与科学.2004,26(001):26-30.
[136]刘雄,戴一奇等.一种基于通信信道容量的多级安全模型[J].电子学报.2010.38(10):2460-2464.
[137]张晓菲,许访,沈昌祥.基于可信状态的多级安全模型及其应用研究[J].电子学报,2007,35(8):1511-1515.
[138]聂晓伟,冯登国.基于动态可信度的可调节安全模型[J].通信学报,2008,29(10).37-44.
[139]王楠.一种实现Web数据到XML文档的转化算法[J].大连海事大学:自然科学版.201036(3);76-78.
[140]刘克龙,丁丽.基于“安全主体访问”概念对BLP模型的改造[J].通信学报,2007,28(12):25-32.
[141]李晓峰,冯登国,陈朝武,房子河.基于属性的访问控制模型[J].通信学报,2008,29(4):90-98.
[142]何建波,卿斯汉,王超.对一类多级安全模型安全性的形式化分析[J].计算机学报,2006,29(8):1468-1479.
[143] Yu Guangcan,Li Ruixuan,Lu Zhengding,Mudar Sarem,Song Wei,Su Yonghong Multi-level access controlmodel for tree-like hierarchical organizations[J].Jouranl of Southeast University(English Edition),2008,9:393-396.
[144]郑志蓉.一种基于良构应用的多级安全策略模型,计算机工程,2008,34(3):168-170.
[145]梁彬.一种改进的以基于角色的访问控制实施BLP模型及其变种的方法,计算机学报,2004,27(5):636-644.
[146]范艳芳,韩臻,曹香港等.基于时间限制的多级安全模型[J].计算机研究与发展,2010(003):508-514.
[147] Diep N N, Lee S, Lee Y K, et al. Contextual risk-based access control[A]. Proceedings of Security andManagement,2007:406-412.
[148] Steve Vinoski, CORBA: Integrating Diverse Applications within Distributed Heterogeneous Environments[J], IEEE Communications Magazine.1997,35(2):46-55.
[149] C. E. Irvine, T. D. Nguyen, D. J. Shifflett, T. E. Levin, J. Khosalim, C. Prince, P. C. Clark, and M. Gondree,"MYSEA: The Monterey Security Architecture," in proc. Workshop on Scalable Trusted Computing (ACMSTC), Conference on Computer and Communications Security (CCS), Association for Computing Machinery(ACM),2009.
[150] Chuchang Liu, Angela Billard, Maris Ozols, Nikifor Jeremic. Access control models and security labelling[A]. Proceedings of the thirtieth Australasian conference on Computer science[C]. Ballarat, Victoria, Australia.January30-February02,2007.181-190.
[151]卿斯汉,刘文清,温红子,刘海峰.操作系统安全[M].北京.清华大学出版社,2004,8.
[2] Bell DE, La Padula L J. Secure Computer System:Unified Exposition and Multics Interpretation[R].The MiterCorporation Technical Report. MTR-2997Rev.1,1976.
[3] Biba K J.Integrity consideration for secure computer system[R].Bedford MAThe MITRE Corporation.MTR-3153.1977.
[4] GB/T22239-2008.信息安全技术信息系统安全等级保护基本要求[S].北京:中国标准出版社,2007.
[5] GB17859-1999.计算机信息系统安全保护等级划分准则[S].北京:中国标准出版社,1999.
[6] NCSC-TG-005. TNI (red book): Trusted Network Interpretation[S], National Computer Security Center,1987.
[7] ISO/IEC15408.The International Common Criteria for Information Technology Security Evaluation[S],1999.
[8] Common Criteria. Common Criteria for Information Technology Security Evaluation[S].1999.
[9] FIPS PUB199.Standards for Security Categorization of Federal Information and Information Systems[S],2004.
[10] Irvine, C. E., Shifflett, D. J., Clark, P. C., Levin, T. E., and Dinolt, G. W., MYSEA Security Architecture[R],NPS-CS-02-006, Naval Postgraduate School, May2002.
[11] Irvine, C. E., Levin, T. E. and Dinolt, G. W., A National Trusted Computing Strategy[R], NPS-CS-02-003,Naval Postgraduate School, May2002.
[12] Kang, Myong H.,An architecture for multilevel secure interoperability[A],Proceedings of13th AnnualonComputer Security Applications Conference[C],San Diego, CA,8-12Dec1997:194–204.
[13]国务院147号令.中国人民共和国计算机信息系统安全保护条例,1994.
[14]中办发[2003]27号文.国务院信息化领导小组关于加强信息安全保障的意见.2003.
[15]公通字[2004]66号文.关于信息安全等级保护工作的实施意见》.2004.
[16]公通字[2007]43号文.信息安全等级保护管理办法.2007.
[17] GB17859-1999.计算机信息系统安全保护等级划分准则[S].北京:中国标准出版社.1999.
[18] GB/T18336.信息技术安全技术信息技术安全性评估准则[S].北京:中国标准出版社.2001.
[19] GB/T22240-2008.信息安全技术信息系统安全等级保护定级指南[S].北京:中国标准出版社.2008.
[20] GB20271-2006.信息安全技术信息系统安全通用技术要求[S].北京:中国标准出版社.2006.
[21] GB/T20273-2006.信息安全技术网络基础安全技术要求[S].北京:中国标准出版社.2006.
[22] GB/T20269-2006.信息安全技术信息系统安全管理要求[S].北京:中国标准出版社.2006.
[23]沈昌祥.信息安全导论[M].北京:电子工业出版社,2009,12.
[24]陈性元.网络安全通信协议[M].北京:高等教育出版社.2008.
[25]陈性元.基于虚拟子网的安全VPN技术研究[D].郑州:解放军信息工程大学.2003.
[26] D.Brewer, M.nash. The Chinese Wall Security Policy [A].Proceeding of the1989IEEE Symposium onSecurity and Privacy[C].May,1989.206-214.
[27] L Badger,D F Steme,D L Sheman.Practical Domain and Type Enforcement for Unix[A].Proc of the1995IEEESymposium on Security and Privacy[C].1995.66-77.
[28] D Denning. A Lattice model of secure information flow [J].Communication of the ACM.1976,19(5):236-243.
[29] DIVITO L,PALMQUIST P H,ANDERSON E R, et al. Specification and verification of the ASOSkernel[A].Proceedings of the1990IEEE Computer Society Symposium on Research in Security andPrivacy[C].1990.61-74.
[30]蔡谊,郑志溶,沈昌祥.基于多级安全策略的二维标识模型[J].计算机学报.2004,27(5):619-624.
[31] Yihe Liu, Xingshu Chen. A New Information Security Model Based on BLP Model and Biba Model [A].The7th International Conferences on Signal Processing [C].2004:32-36.
[32]周正,刘毅,沈昌祥.一种新的保密性与完整性统一安全策略[J].计算机工程与应用.2007,43(34):1-2.
[33]张俊,周正,李建,刘毅.基于MLS策略的机密性和完整性动态统一模型[J].计算机工程与应用.2008,44(12):19-21.
[34]刘彦明,董庆宽,李小平.BLP模型的完整性增强研究[J].通信学报.2010,31(2):100-106.
[35]石文昌,孙玉芳,梁洪亮.经典BLP安全公理的一种适应性标记实施方法及其正确性[J].计算机研究与发展,2001,38(11):1366-1372.
[36]季庆光,卿斯汉,贺也平.一个改进的可动态调节的机密性策略模型[J].软件学报,2004,15(10):1547-1557.
[37] Cheng P.C.; Rohatgi P.; Keser C. Fuzzy Multi-level security: An Experiment on Quantified Risk-AdaptiveAccess control[C].IEEE Symposium on Security and Privacy. Oakland, CA, May.20-23,2007,222-230.
[38]谭智勇,刘铎,司天歌,戴一奇.一种具有可信度特征的多级安全模型[J].电子学报.2008,36(8):1637-1641.
[39] Andrei Sabelfeld, Andrew C.Myers, Language-Based Information-Flow security, selected areas in communica-tion.IEEE Journal on selected areas in communication.2003,21(1):1-15.
[40] Andrew C. Myers, Barbara Liskov.A Decentralized Model for Information Flow Control [A]. Proceedings ofthe16th ACM Symposium on Operating Systems Principles[C]. France: Saint-Malo.octoer,1997.
[41] Andrew C. Myers.JFlow: Practical Mostly-static Information Flow Control [A].Proceeding of the26th ACMSymposium on Principles of Programming Languages (POPL’99)[C], Texas of USA: San Antonio. January1999.
[42] Shaffer, A., Auguston, M., Irvine, C. and Levin, T. Toward a security domain model for static analysis andverification of information systems [A]. Proceedings of the7th OOPSLA Workshop on Domain-SpecificModeling[C]. Montreal, Canada.2007.160-171.
[43] Shaffer A, Auguston M, Irvine C, et al. A security domain model for implementing trustedsbjectbehaviors[A],Workshop on Modeling Security(MODSEC’08)[C].Berlin: Springer.2008:69-81.
[44] US National Security Agent. Information Assurance Technical Framework[S].Release1.1.1998,10
[45]陈兴蜀,应用区域边界的安全体系结构及实用模型研究[D],四川成都:四川大学.博士论文.2004.
[46]刘益和,应用区域边界安全体系结构的模型研究[D],四川成都:四川大学.博士论文.2005.
[47] John Wu, Yongdae Kim, et al. Logical Network Boundary Controller [A].Conference for homeland security,2009CATCH’09, Cybersecurity Application&Technology[C]. March,2009.261-266.
[48]刘益和.多密级子网的网络安全信息流模型[J].华东理工大学学报(自然科学版),2007,33(6):70-73.
[49]王涛,卢显良,段翰聪.基于SSL的P2P安全通信模型[J].计算机科学,2006,33(5):104-106.
[50] Bill sommerfeld. Labeld IPsec Phase1: Label-aware SADB Design[R], Sun Microsystems, Inc.Rev0.3.May6,2008.
[51]包义保.基于逻辑的安全策略系统建模与验证[D].北京:中国科学院计算技术研究所.博士学位论文.2012.
[52]王超.基于信息流强约束的多级互联访问控制模型研究[D].郑州:解放军信息工程大学.博士学位论文.2012.
[53]边力.基于多维域特征安全标记的文件访问控制关键技术研究[D].郑州:解放军信息工程大学.2012.
[54] William B., Elizabeth R., et al. Secure data sharing system [P]. United States: US7185066B2.2007.
[55]王雷,庄毅等,基于强制访问控制的文件安全监控系统的设计与实现,计算机应用,2006,26(12):2941-2944.
[56] Loscocco P., Smalley S.. Integrating Flexible Support for Security Policies into the Linux OperatingSystem[A].Proceedings of the FREENIX Track:2001USENIX Annual Technical Conference[C]. Berkeley,CA, USA: USENIX Association,2001:29-42.
[57]刘威鹏,胡俊等,LSM框架下可执行程序的强制访问控制机制[J],计算机工程,2008,34(7):160-162.
[58] Donald B., Arthur T., William C., et al.Multilevel Secure Database [P].United States: US7539682B2.2009.
[59] Terence T. Multi-level and multi-category [P]. United States: US7134022B2.2006.
[60] Paul Miller,Walid Rjaibi. System and method for controlling data access using security label component[P].United States: US20060059567A1.2006.
[61]李斓,何永忠,冯登国.面向XML文档的细粒度强制访问控制模型[J].软件学报.2004,15(10):1528-1537.
[62] H. Zhu, K. Lu, R. Jin, A practical mandatory access control model for XML databases, Information Sciences179(8)(2009)1116–1133.
[63] Oudkerk S. A Proposal for an XML Confidentiality Label and Related Binding of Metadata to DataObjects[R].RTO-MP-IST-091-22.NATO C3Agency.2010
[64] Kenneth C., Kung, et al.System and techniques to bind information objects to security labels [P].United States:US20030196108A1.2003.
[65] Blazic A J, Saljic S. Confidentiality Labeling Using Structured Data Types[C].2010Fourth InternationalConference on Digital Society. ST, Maarten.Feb.10-16,2010,182-187.
[66] Konrad Wrona. Designing Medium Assurance XML-Labelling Guards for NATO[A]. The2010MilitaryCommunications Conference–unclassified program-cyber security and network management[C].2010.
[67] S.Kent.Security Options for the Internet Protocol[S]. RFC1108.Washington.D.C: Department of Defense,1991.
[68] FIPS188. Standard security label for information transfer[S].1994.US Dept. of Commerce.1994.
[69] Amir Houmansadr. Design, Analysis, And Implementation of Effective Network Flow WatermarkingSchemes [D]. Illinois of US: University of Illinois at Urbana-Champaign,2012.
[70]张连成,王振兴,徐静.一种基于包序重排的流水印技术[J].软件学报.2011,22(2):1726.
[71] Denning D.E., T.Lunt, P.Neumann, R.Schell, Secure Distributed Data Views-Security Policy and Interpretationfor a Class A1multilevel Secure Relational Database System, SRI International, November1986.
[72] Emilin C, Swamynathan S. Reason based access control for privacy protection in object relational databasesystems [J]. International Journal of Computer Theory and Engineering.2011,3(1):1793-8201.
[73] Su,Tzong, OZSOYOGLU g. Controlling FD and MVD inference in multilevel relational databasesystems.IEEE Trans. On Knowledge and Data Engineering1991,3(4):474-485.
[74] Bhavani Thuraisingham. Knowledge-based inference control in multilevel secure database managementsystem. In15th National Computer Security Conference Proceedings,1992.
[75] Hinke T. Inference aggregation detection in database management systems. In: Proc. Of the IEEE Sym. Onsecurity and privacy. IEEE Computer Society Press,1998.96-106.
[76] Zur Erlangung. A Framework for Inference Control in Incomplete Logic Databases [D]. TechnischenUniversitat Dortmund an der Fakultat fur informatik.2008
[77] Santosh Kumar Chauhan. A study of inference control techniques [D]. National Institute of TechnologyRourkela. India.2010.
[78] Biskup, Joachim, Sven Hartmann, Sebastian Link. Efficient inference control for open relational queries [A].Proceedings of the24th Annual IFIP WG11.3Working Conference[C], DBSec, volume6166of Lecture Notesin Computer Science, Springer,2010,162–176.
[79] Matthew David Parno. A multiscale framework for Bayesian inference in elliptic problems [D]. MassachusettsInstitute of Technology.2011.
[80] Biskup J, Embley D W, Lochner J H. Reducing inference control to access control for normalized databaseschemas [J]. Information Processing Letters,2008,106(1):8-12.
[81] Chad Cumby, Rayid Ghani.Inference control to protect sensitive information in text documents [A].Proceeding of ISI-KDD '10ACM SIGKDD on Intelligence and Security Informatics[C]. New York, NY, USA,2010.
[82] Vasilios Katos, Dimitrios Vrakas, et al. A Framework for Access Control with Inference Constraints [A].35thIEEE Annual Computer Software and Applications Conference[C]. Munich. July,18-22,2011,289-297.
[83] Q. Ni, E. Bertino, and J. Lobo. Risk-based access control systems built on fuzzy inferences[C], In Proceedingsof the5th ACM Symposium on Information, Computer and Communications Security, New York, NY, USA,2010,250-260.
[84] Barbara Carminati, Elena Ferrari, Jianneng Cao, Kian Lee Tan, A framework to enforce access control overdata streams[J], ACM Transactions on Information and System Security (TISSEC),2010,13(3):1-31.
[85] Suresh Chari, Jorge Lobo, Ian Molloy, Practical risk aggregation in RBAC models, Proceedings of the17thACM symposium on Access Control Models and Technologies, June20-22,2012, Newark, New Jersey, USA.
[86] Trent R. Jaeger, Serge Hallyn, Joy Latten. Leveraging IPSec for mandatory access control of linux networkcommunications.Technical Report RC23642(W0506-109), IBM, June2005.
[87] Jaeger T, King D H, Butler K R, et al. Leveraging ipsec for mandatory per-packet access control[A],IEEESecurecomm and Workshops[C], Baltimore, MD, Aug.282006-Sept.12006,2006:1-9.
[88]孟祥义.多级安全网络[D].陕西西安:西安电子科技大学.硕士学位论文.2008.
[89] Mazeikis, Andrew J. A communication protocol for a multi-level secure network [A]. Proceedings ofTRICOMM '91on IEEE Communications for Distributed Applications and Systems[C]. Chapel Hill,NC.18-19Apr1991.89-103
[90] John M. Boyle, Eric S.Maiwald, David W. Snow. Apparatus and method for providing multi-level security forcommunication among computers and terminals on a network [P]. United States: US005577209A.
[91] Kelly S., Daniel D. Data transfer between networks operating at different security levels [P]. United States:US20070204145A1.
[92] James M. Holden, Stephen E. Levin, Wrench, Jr.. Support of Limited Write Downs through TrustworthyPredictions In Multilevel Security of Computer Network Communications [P]. United States: US005692124A.
[93] R.Atkinson.draft-gont-opsec-ip-options-filtering-04.http://tools.ietf.org/html/draft-gont-opsec-ip-options-filtering-04. March11,2012.
[94]李守鹏,孙红波.信息系统安全模型研究[J].电子学报.2003,31(10):1491-1495.
[95]谢钧,许峰,黄皓.基于可信级别的多级安全策略及其状态机模型[J],软件学报.2004,15(11):1700-1708.
[96]刘威鹏,张兴.基于非传递无干扰理论的二元多级安全模型研究[J].通信学报.2009,30(2):52-58.
[97]张兴.无干扰可信模型及可信平台体系结构实现研究[D].郑州:解放军信息工程大学.博士学位论文.2009.
[98] Rushby J. Noninterference, transitivity, and channel-control security policies. Technical Report, CSL-92-02,Menlo Park: Stanford Research Institute,1992.
[99] C. Weissman,“Security controls in the ADEFT-50time-sharingsystem,” procedings of, AFIPS, vol.35, pp.119-133.
[100] RFC1457. Security Label Framework for the Internet[S].1993.
[101] Liu, C. and Orgun, M.A.(2006). Towards Security Labelling [A]. Proceedings of Twenty-NinthAustralasian Computer Science Conference (ACSC2006)[C], Hobart, Australia. January16-19,2006.69-76.
[102] Magnani M, Montesi D.A Unified Approach to Structured, Semistructured and UnstructuredData[R].UBLCS-2004-9.University of Bologna.2004.
[103] Horowitz S L, Pavlidis T. Picture segmentation by a tree traversal algorithm [J]. Journal of the ACM(JACM),1976,23(2):368-388.
[104] Lee T Y. Formalisms on Semi-structured and Unstructured Data Schema Computations [D].[Ph.D.thesis].University of Hong Kong. Hong Kong Special Administrative Region.2010.
[105] Deepanwita Roy.Multilevel XML DATA Model [D].USA: University of South Carolina.2005.
[106]李晓光,于戈等,有效的非完全结构XML查询[J]。计算机学报。2007,30(1):57-67.
[107] Vailhav Gowadia. Tree Aut oma for Schema-level Filtering of XML Associations [J].Journal of Research andPratice in Information Technology,2006,38(1):97-109.
[108] Pernul G., Winiwarter W., Tjoa A.M..The entity-relationship model for multilevel security [A]. Proceedingsof the12th international conference on the entity-relationship approach: entity-relationship approach[C].Arlington, Texas, USA, December.15-17,1994,166-177.
[109]秦超,陈钟,段云所.中国墙策略及其在多级安全中的应用[J].北京大学学报.2002.38(3):369-374.
[110] J.Threet. Designing Secure Relational Databases [D]. Oklahoma, USA: University of Tulsa.1993.
[111]苗夺谦,李道国.粗糙集理论、算法与应用[M].北京:清华大学出版社.2008:2-7.
[112] Zhang Dongwen,Jiang Yan, Qiu Jiqing.The Elimination of Inference channel based on rough set theory.2010International conference on computer application and system modeling(ICCASM2010).2010.314-317.
[113] Jan Noessner, Mathias Nipert. ELOG: a probabilistic reasoner for OWL EL[C].RR’11proceedings of the5thInternational Conference on Web Reasoning and Rule Systems.Galway,Ireland, August,2011,281-286.
[114]李凤华,苏铓等.访问控制模型的研究进展与发展趋势[J].电子学报,2012,40(4):805-813.
[115]付钰,吴晓平等.基于模糊集与熵权理论的信息系统安全风险评估研究[J].电子学报,2010,38(7):1489-1494.
[116]张明卫,刘莹,,张斌,朱志良.一种基于概念的数据聚类模型[J].软件学报.2009,20(9):2387-2396.
[117]史金成,胡学刚.基于二部图的概念聚类研究[J].计算机工程与应用.2010,46(13):132-134.
[118] Gautam Biswas, Senior Member, Jerry B. Weinberger, et al. ITERATE:A Conceptual Clustering Algorithmfor Data Mining[J].IEEE Transactions On Systems,MAN,AND Cybernetics,1998,28(2):100-111.
[119] Istvan Jonyer, Lawrence B., et al. Graph-Based Hierarchical Conceptual Clustering [J]. The Journal ofMachine Learning Research.2002,2(3).19-43.
[120]淦文燕,李德毅,王建民.一种基于数据场的层次聚类方法[J].电子学报.2006,34(2):258-262.
[121]罗承忠.模糊集引论(下册)[M].北京:北京师范大学出版社.2007:13-14.
[122] Tian Zhang, Raghu Ramakrishnan, Miron Livny. BIRCH: an efficient data clustering method for verylargedatabases [A], ACM SIGMOD international Conference on Management of Data[C]. Montreal, Quebec,Canada, June4-6,1996,103-114.
[123] Ester M, Kriegel H P, Sander J, et al. A density-based algorithm for discovering clusters in large spatialdatabases with noise [A], Proceedings of the2nd International Conference on Knowledge Discovery and Datamining[C]. AAAI Press,1996, Chicago, IL, USA, August21-24,2005,226-231.
[124]宋擒豹,沈钧毅.基于关联规则的Web文档聚类算法[J].软件学报.2002,13(3):417-423.
[125] Lent B, Swami A, Widom J. Clustering association rules [A]. Proceedings of the13th IEEE InternationalConference on Data Engineering[C]. Birmingham.7-11Apr1997.220-231.
[126] Randall S.Brooks. System and method for transferring information through a trusted network. United States:US20090282460A1.2009.
[127] Eng.Wissam Morsi, Using IPSec to Secure Multi-level Data Classification in MLS Networks. Proceeding ofITS Telecommunication,6th International Conference on IEEE.2006:817-821.
[128] D.Harkins, D.Carrel.RFC2409. The Internet Key Exchange.1998.
[129]周永彬,张振峰,冯登国.一种认证密钥协商协议的安全分析及改进.软件学报.2006.17(4):868-875
[130] Fábrega FJT JC, Guttman JD. Honest ideals on strand spaces [A]. Proceedings of the11th IEEE ComputerSecurity Foundations Workshop[C]. IEEE Computer Sociery Press, Rockport, MA.9-11Jun1998.66-77.
[131] Guttman J D, Herzog J C, Fábrega F J T. Strand spaces: Proving security protocols correct [J]. Journal ofComputer Security,1999,7(2-3):191-230.
[132]孙海波,林东岱,李莉.基于理想的协议安全性分析.软件学报,2005.16(12):2150-2156.
[133]董学文,马建峰等.基于串空间的Ad Hoc安全路由协议攻击分析模型.软件学报,2011.22(7):1641-1651.
[134]张相锋,Biba模型中严格完整性政策的动态实施[J],计算机研究与发展,2005,42(5):746-754
[135]卢正鼎.一种改进的BLP模型主体敏感标记及其动态调整方案[J].计算机工程与科学.2004,26(001):26-30.
[136]刘雄,戴一奇等.一种基于通信信道容量的多级安全模型[J].电子学报.2010.38(10):2460-2464.
[137]张晓菲,许访,沈昌祥.基于可信状态的多级安全模型及其应用研究[J].电子学报,2007,35(8):1511-1515.
[138]聂晓伟,冯登国.基于动态可信度的可调节安全模型[J].通信学报,2008,29(10).37-44.
[139]王楠.一种实现Web数据到XML文档的转化算法[J].大连海事大学:自然科学版.201036(3);76-78.
[140]刘克龙,丁丽.基于“安全主体访问”概念对BLP模型的改造[J].通信学报,2007,28(12):25-32.
[141]李晓峰,冯登国,陈朝武,房子河.基于属性的访问控制模型[J].通信学报,2008,29(4):90-98.
[142]何建波,卿斯汉,王超.对一类多级安全模型安全性的形式化分析[J].计算机学报,2006,29(8):1468-1479.
[143] Yu Guangcan,Li Ruixuan,Lu Zhengding,Mudar Sarem,Song Wei,Su Yonghong Multi-level access controlmodel for tree-like hierarchical organizations[J].Jouranl of Southeast University(English Edition),2008,9:393-396.
[144]郑志蓉.一种基于良构应用的多级安全策略模型,计算机工程,2008,34(3):168-170.
[145]梁彬.一种改进的以基于角色的访问控制实施BLP模型及其变种的方法,计算机学报,2004,27(5):636-644.
[146]范艳芳,韩臻,曹香港等.基于时间限制的多级安全模型[J].计算机研究与发展,2010(003):508-514.
[147] Diep N N, Lee S, Lee Y K, et al. Contextual risk-based access control[A]. Proceedings of Security andManagement,2007:406-412.
[148] Steve Vinoski, CORBA: Integrating Diverse Applications within Distributed Heterogeneous Environments[J], IEEE Communications Magazine.1997,35(2):46-55.
[149] C. E. Irvine, T. D. Nguyen, D. J. Shifflett, T. E. Levin, J. Khosalim, C. Prince, P. C. Clark, and M. Gondree,"MYSEA: The Monterey Security Architecture," in proc. Workshop on Scalable Trusted Computing (ACMSTC), Conference on Computer and Communications Security (CCS), Association for Computing Machinery(ACM),2009.
[150] Chuchang Liu, Angela Billard, Maris Ozols, Nikifor Jeremic. Access control models and security labelling[A]. Proceedings of the thirtieth Australasian conference on Computer science[C]. Ballarat, Victoria, Australia.January30-February02,2007.181-190.
[151]卿斯汉,刘文清,温红子,刘海峰.操作系统安全[M].北京.清华大学出版社,2004,8.