P2P环境下基于信任域划分的访问控制模型研究
|
摘要
P2P(Peer to Peer)作为年轻而又古老的技术,在资源共享和协同协作方面有着崭新的应用,目前已经成为Internet一个新的发展起点。但是该技术在计算机网络安全尤其是在信任管理和访问控制等方面存在着严重问题,P2P网络的访问控制就是这诸多问题中的一个难点。
传统的访问控制都是基于身份认证的,但是P2P网络的特性决定了在P2P环境下身份认证的不现实性,因此在P2P环境下基于PKI(Public Key Infrastructure)证书管理的访问控制机制不能得到很好的应用。
针对P2P的网络应用环境,本文构建了一种不同于传统访问控制的模型,这个模型采用现有的信任评价体制对P2P节点进行信任评价,并依赖评价结果对P2P节点进行信任域的划分,然后结合RBAC(Role based access control)的访问控制模型,将每个信任域指派到一类角色,最后对角色进行信任授权,从而完成用户请求到角色授权的整个过程。这个过程所使用的算法和方法简洁可行,能够实现信任管理和访问控制的完整结合。
论文首先阐述了P2P网络的基本原理和存在的安全问题,并就其安全问题中的访问控制问题提出了基于信任域和RBAC结合的信任授权模型的思想。该模型弥补了传统方式下无法将信任管理和访问控制相结合的不足,使得从信任管理到访问控制的实现简单可行。该模型可以集成到各种P2P应用中,其访问控制策略也非常灵活和实用;其次,设计了信任模型的基本框架,定义了信任域及其变迁规则;设计了整个访问控制模型的框架、各个组成部分和每个部分的结构及功能;设计了授权证书和角色证书以及模型的工作流程;最后,对模型进行了分析和仿真。
As a modern as well as traditional technology, P2P (peer to peer) has showed new application in the fields of resource sharing and cooperation, and has become another starting point in Internet. This technology, however, has serious problems as for Internet security, especially about trust management and access control.
Traditional access control based on authentication, while the characteristics of P2P network made this approach impractical, so the access control based on PKI (Public Key Infrastructure) certificates management cannot be applied well in P2P environment. Considering the network environment of P2P, this thesis constructs a model different from the traditional. This model applies present trust evaluation system to evaluate P2P nodes, then based on this result, it divides trust domain. Combined with RBAC (Role based access control), the model assign each trust domain a role, and grant trust authorization to the roles to finish the whole process from user's request to role authorization. The algorithm and methods used in this process are simple and feasible enough to realize complete combination between trust management and access control.
This thesis, at first, put forward Trust Authorization Model based on combination of trust domain and RBAC. This model makes up the shortcoming of traditional model, i.e. trust management finding no way to combine with access control, so the realization from trust management and access control has become feasible. This model can be integrated into every application of P2P, and its access control strategies are also flexible and practical. Second, Design the basic frame of trust model, and define trust domain and transition rule. Design the trust model's general frame, each part, and structure and function of each part. Design authorization certificate, role certificate and model's work flow. Last, Analyzing and simulating of the model.
传统的访问控制都是基于身份认证的,但是P2P网络的特性决定了在P2P环境下身份认证的不现实性,因此在P2P环境下基于PKI(Public Key Infrastructure)证书管理的访问控制机制不能得到很好的应用。
针对P2P的网络应用环境,本文构建了一种不同于传统访问控制的模型,这个模型采用现有的信任评价体制对P2P节点进行信任评价,并依赖评价结果对P2P节点进行信任域的划分,然后结合RBAC(Role based access control)的访问控制模型,将每个信任域指派到一类角色,最后对角色进行信任授权,从而完成用户请求到角色授权的整个过程。这个过程所使用的算法和方法简洁可行,能够实现信任管理和访问控制的完整结合。
论文首先阐述了P2P网络的基本原理和存在的安全问题,并就其安全问题中的访问控制问题提出了基于信任域和RBAC结合的信任授权模型的思想。该模型弥补了传统方式下无法将信任管理和访问控制相结合的不足,使得从信任管理到访问控制的实现简单可行。该模型可以集成到各种P2P应用中,其访问控制策略也非常灵活和实用;其次,设计了信任模型的基本框架,定义了信任域及其变迁规则;设计了整个访问控制模型的框架、各个组成部分和每个部分的结构及功能;设计了授权证书和角色证书以及模型的工作流程;最后,对模型进行了分析和仿真。
As a modern as well as traditional technology, P2P (peer to peer) has showed new application in the fields of resource sharing and cooperation, and has become another starting point in Internet. This technology, however, has serious problems as for Internet security, especially about trust management and access control.
Traditional access control based on authentication, while the characteristics of P2P network made this approach impractical, so the access control based on PKI (Public Key Infrastructure) certificates management cannot be applied well in P2P environment. Considering the network environment of P2P, this thesis constructs a model different from the traditional. This model applies present trust evaluation system to evaluate P2P nodes, then based on this result, it divides trust domain. Combined with RBAC (Role based access control), the model assign each trust domain a role, and grant trust authorization to the roles to finish the whole process from user's request to role authorization. The algorithm and methods used in this process are simple and feasible enough to realize complete combination between trust management and access control.
This thesis, at first, put forward Trust Authorization Model based on combination of trust domain and RBAC. This model makes up the shortcoming of traditional model, i.e. trust management finding no way to combine with access control, so the realization from trust management and access control has become feasible. This model can be integrated into every application of P2P, and its access control strategies are also flexible and practical. Second, Design the basic frame of trust model, and define trust domain and transition rule. Design the trust model's general frame, each part, and structure and function of each part. Design authorization certificate, role certificate and model's work flow. Last, Analyzing and simulating of the model.
引文
[1] M. Parameswaran, A. Susarla, and A. B. Whinston. P2P Networking: An Information Sharing Alternative. IEEE Computer. 34171. 2001.
[2] Napster. http://www.napster.com.
[3] http://spec.jxta.org/v1.0/docbook/JXTAProtocols.html.
[4] Gnutella. http://www.gnutella.com.
[5] Ross Lee Graham. P2P Security Issues. http://www.ida.liu.se/~rosgr/p2psecurity.html.
[6] Prashant Dewan, Partha Dasgupta, Securing P2P Networks Using Peer Reputations: Is there a silver bullet-pdf.
[7] Kabay, M. E. "Peer-to-Peer Software and Security." Network World Security Newsletter. August 28, 2000. http://www.nwfusion.com/newsletters/sec/2000/0828secl.html?nf (3 July, 2001)
[8] Etruzzi, Mike, et al. "Security Concerns for Peer-to-Peer Software." July 18, 2000. http://www.ktsi.net/pdf_files/Security_Concerns-Peer-to-Peer KTSI.pdf (13 Aug.2001)
[9] M.Abadi, M.Burrows, B.Lampson and G.plotkin.A calculus for access control in distributed systems. TOPLAS, 15(4):706-734, sept.1993.
[10] S.J.mullender and A.S.Tanenbaum. The design of a capability-based distributed Operating system. The computer Journal, 29(4); 289-299, Aug. 1986.
[11] Deng.p, Kuo.C and Kao.V. A dynamic access control model for object-oriented system. Security Technology, 1993, Security Technology proceedings. Insititute of Electrical and Electronics Engineers1993 International Carnahan conference on 13-15Oct, 1993. Pages:159-163.
[12] D. Elliott Bell and Leonard J. La Padula. Secure Computer System: A refinement of the mathematical model. Technical Technical Report ESD-TR-278, vol.3, MITRE Corp. MTR-2997, Bedford, MA,1973.
[13] T. Grandison and M.Sloman, A survey of trust in Internet application, IEEE Communications Survevs. Fourth Ouarter. 2000.
[14] Y. Mass and A. Herzberg. Access control meets public key infrastructure or: Assigning roles to strangers. In Proceedings of the 21st IEEE Symposium on Security and Privacy, May 2000. Available at http://www.hrl.il.ibm.com/TrustEstablishment/default.asp.
[15] M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. A calculus for access control in distributed systems. In J. Feigenbaum, editor, Advances in Cryptology—CRYPTO '91, 11th Annual International Crvptolop-v Conference. pav-es 1-23. Aue. 1991.LNCS 576.
[16] PKI原理与技术,谢冬青、冷健编著,清华大学出版社,2004年1月出版
[17] 信息安全原理及应用,阙喜戎、孙锐等编著,清华大学出版社,2003年7月出版
[18] International Telecommunications Union. ITU-T Recommendation X.5091IS0/IEC 9594-8: Information Technology—Open Systems Interconnection—The Directory:Public-Key and Attribute Certificate Frameworks. ITU-T 2000.
[19] Chokhani, S., and Ford, W., "Internet X.509 Public Key Infrastructure Certificate Policy And Certification Practices Framework," RFC 2527, March 1999.
[20] Internet X.509 Public Key Infrastructure Certificate and CRL Profile. IETF RFC2459,1999.
[21] E. Gerck,Overview of Certification Systems: X.509, CA, PGP and SKIP, http://novaware.cps.softex.br/mcg/cert.html.
[22] Selcuk, Ali Aydin and Uzun, Ersin and Pariente, Mark R. A Reputation-Based Trust Management System for P2P Networks, CCGRID2004, April 2004.
[23] L. Xiong and L. Liu. A reputation-based trust model for peer-to-peer ecommerce communities. In IEEE Conference on E-Commerce (CEC'03). 2003.
[24] 2004-RA-Reputation Management Framework and its use as Currency in Large-Scale Peer-to-Peer Networks-.pdf.
[25] Peer-to-Peer Overlay Networks: A Survey, Chonggang Wang Bo Li, Department of Computer Science, The Hong Kong University of Science and Technology, Hong Kong.
[26] http://developer.netscape.com/does/manuals/security/sslin/contents.htm.
[27] Naftaly Minsky &Victoria Ungureanu. Law-Governed Interaction http://cs.rutgers.edu/-minsky/papers/coordination-and-control.pdf
[28] Rita Chen &William Yeager.A distributed Trust Model for Peer-to-Peer Networks. http://www.jxta.org/projeet/www/does/trust.pdf.
[29] Kamvar SD, Schlosser MT. EigenRep: Reputation management in P2P networks. In: Lawrence S, ed. Proc. of the 12th Int'l World Wide Web Conf. Budapest: ACM Press, 123-134.
[30] Altman J. PKI Security for JXTA overlay networks. Technical Report,TR-I2-03-06, Palo Alto: Sun Microsystem, 2003.
[31] Albrecht K, Ruedi AR. Clippee: A large-scale client/peer system. Technical Report, TR-410, Swiss Federal Institute of Technology, 2003.
[32] Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-based acess control models. IEEE Computer, 29(2):38-47, February 1996.
[33] Ravi S Sandhu. Role-Based Access Control Models. Advances in Computers, vol. 46, Academic Press, San Diego, CA, 1998
[34] S. Marsh, Formalising Trust as a Computational Concept, Ph.D. Thesis, University of Stirling, 1994
[35] R. Yahalom, B. Klein, and Th. Beth. Trust relationships in secure systems—a distributed authentication perspective. In Proc. 1993 IEEE Symp. on Research in Security and Privacy, pages 150—164, 1993.
[36] T. Beth, M. Borcherding, and B. Klein. Valuation of trust in open networks. In ESORICS 94. Brighton, UK, November 1994.
[37] 乐光学,李仁发,周祖德.基于Region多层结构P2P计算网络模型,软件学报,Vol.16,No.6
[38] 张书钦等,对等网络中基于信任的访问控制研究,计算机科学,2005.5
[39] 陈姝,方滨兴,周勇林.P2P技术的研究与应用.计算机工程与应用,2002年第13期.Pages:20~24.
[40] Jean-Camille Birget, Xukai Zou, Guevara Noubir and Byrav Ramamurthy. Hierarchy-Based Access Control in Distributed Environments. Proceedings of IEEE International Conference on Communications, June 2001.Pages:229-233.
[41] D. W. Manchala, E-Commerce Trust Metrics and Models, IEEE, Internet Computing, April 2000.
[42] H. Zhuang, S. Wongsoontorn and Y. Zhao:.A Fuzzy-Logic Based Trust Model and its Optimization for e-Commerce, Florida Conference on the Recent Advances in Robotics—2003
[43] A V.S. Grishchenko:A Fuzzy Model for Context-Dependent Reputation. Workshop on Trust, Security and Reputation. International Semantic Web Conference 2004, Hiroshima, Japan, October 2004.
[44] S. Song, K. Hwang, and M. Macwan, Fuzzy Trust Integration for Security Enforcement in Grid Computing, Proceedings of IFIP International Symposium on Network and Parallel Computing (NPC-2004), 2004, 9-21P
[45] 唐文,陈钟.基于模糊集合理论的主观信任管理模型研究.软件学报,2003,14(8):1401—1408页
[46] S. D. Ramchurn, C. Sierra, L. Godo and N. R. Jennings, A Computational Trust Model for Multi-Agent Interactions Based on Confidence and Reputation.In Proceedings of 6th International Workshop of Deception, Fraud and Trust in Agent Societies, page 69-75, 2003.
[47] J. C. Rubiera, J. M. Molina, J. Davila: A Fuzzy Model of Reputation in Multi-Agent Systems, Proceedings of the 5th international conference on Autonomous agents, 2001, 25-26P
[48] R. Rivest SEXP (S-expressions), draft-rivest-sexp-00.txt, Internet Draft, May 4, 1997 http://theory.lcs.mit.edu/~rivest/sexp.txt
[49] Manoj P, Anjana S. P2P networking: an information-sharing alternative. IEEE Computing Practices. 2001, 34(7):31~38.
[50] Daniel Hasselrot, A Java based framework for simulating peer-to-peer overlay networks, SICS Technical Report T2005:02, ISSN 1100-3154, ISRN:SICS-T-2005/02-SE, January 24, 2005
[51] Ben D. The Power of P2P. Multimedia at Work.2001, 8(2):100~103.
[52] P2P网络的应用前景.http://www.yesky.com/20010912/196283_1.shtml.
[53] anonymous information storage and retrieval system. In Proceedings of the Workshop on Design Issues in Anonymity and Unobservability. Berkely, California, June 2000.
[54] The Graphical Gnutella Client for Unix. http://gtk-gnutella.sourceforge.net/.
[55] The IMesh Toolkit, An architecture and toolkit for distributed subject gateways. http://www.imesh.org/toolkit/.
[56] Project JXTA: A Technology Overview.http://www.jxta.org/project/www/docs/TechOverview.pdf, February 2002.
[57] OpenSSL. http://www.openssl.org/docs/apps/openssl.html, February 2002.
[58] M.Abadi, M.Burrows, B.Lampson and G.plotkin.A calculus for access control in distributed systems. TOPLAS, 15(4):706-734, sept.1993.
[59] S.J.mullender and A.S.Tanenbaum. The design of a capability-based distributed operating system. The computer Journal, 29(4); 289-299, Aug. 1986.
[60] Deng.p, Kuo.C and Kao.V. A dynamic access control model for object-oriented system. Security Technology, 1993, Security Technology proceedings.Insititute of Electrical and Electronics Engineers1993 International Carnahan conference on 13-15Oct,1993.Pages:159-163.
[61] D. Elliott Bell and Leonard J. La Padula. Secure Computer System: A refinement of the mathematical model. Technical Technical Report ESD-TR-278,vol.3,MITRE Corp. MTR-2997, Bedford, MA,1973.
[2] Napster. http://www.napster.com.
[3] http://spec.jxta.org/v1.0/docbook/JXTAProtocols.html.
[4] Gnutella. http://www.gnutella.com.
[5] Ross Lee Graham. P2P Security Issues. http://www.ida.liu.se/~rosgr/p2psecurity.html.
[6] Prashant Dewan, Partha Dasgupta, Securing P2P Networks Using Peer Reputations: Is there a silver bullet-pdf.
[7] Kabay, M. E. "Peer-to-Peer Software and Security." Network World Security Newsletter. August 28, 2000. http://www.nwfusion.com/newsletters/sec/2000/0828secl.html?nf (3 July, 2001)
[8] Etruzzi, Mike, et al. "Security Concerns for Peer-to-Peer Software." July 18, 2000. http://www.ktsi.net/pdf_files/Security_Concerns-Peer-to-Peer KTSI.pdf (13 Aug.2001)
[9] M.Abadi, M.Burrows, B.Lampson and G.plotkin.A calculus for access control in distributed systems. TOPLAS, 15(4):706-734, sept.1993.
[10] S.J.mullender and A.S.Tanenbaum. The design of a capability-based distributed Operating system. The computer Journal, 29(4); 289-299, Aug. 1986.
[11] Deng.p, Kuo.C and Kao.V. A dynamic access control model for object-oriented system. Security Technology, 1993, Security Technology proceedings. Insititute of Electrical and Electronics Engineers1993 International Carnahan conference on 13-15Oct, 1993. Pages:159-163.
[12] D. Elliott Bell and Leonard J. La Padula. Secure Computer System: A refinement of the mathematical model. Technical Technical Report ESD-TR-278, vol.3, MITRE Corp. MTR-2997, Bedford, MA,1973.
[13] T. Grandison and M.Sloman, A survey of trust in Internet application, IEEE Communications Survevs. Fourth Ouarter. 2000.
[14] Y. Mass and A. Herzberg. Access control meets public key infrastructure or: Assigning roles to strangers. In Proceedings of the 21st IEEE Symposium on Security and Privacy, May 2000. Available at http://www.hrl.il.ibm.com/TrustEstablishment/default.asp.
[15] M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. A calculus for access control in distributed systems. In J. Feigenbaum, editor, Advances in Cryptology—CRYPTO '91, 11th Annual International Crvptolop-v Conference. pav-es 1-23. Aue. 1991.LNCS 576.
[16] PKI原理与技术,谢冬青、冷健编著,清华大学出版社,2004年1月出版
[17] 信息安全原理及应用,阙喜戎、孙锐等编著,清华大学出版社,2003年7月出版
[18] International Telecommunications Union. ITU-T Recommendation X.5091IS0/IEC 9594-8: Information Technology—Open Systems Interconnection—The Directory:Public-Key and Attribute Certificate Frameworks. ITU-T 2000.
[19] Chokhani, S., and Ford, W., "Internet X.509 Public Key Infrastructure Certificate Policy And Certification Practices Framework," RFC 2527, March 1999.
[20] Internet X.509 Public Key Infrastructure Certificate and CRL Profile. IETF RFC2459,1999.
[21] E. Gerck,Overview of Certification Systems: X.509, CA, PGP and SKIP, http://novaware.cps.softex.br/mcg/cert.html.
[22] Selcuk, Ali Aydin and Uzun, Ersin and Pariente, Mark R. A Reputation-Based Trust Management System for P2P Networks, CCGRID2004, April 2004.
[23] L. Xiong and L. Liu. A reputation-based trust model for peer-to-peer ecommerce communities. In IEEE Conference on E-Commerce (CEC'03). 2003.
[24] 2004-RA-Reputation Management Framework and its use as Currency in Large-Scale Peer-to-Peer Networks-.pdf.
[25] Peer-to-Peer Overlay Networks: A Survey, Chonggang Wang Bo Li, Department of Computer Science, The Hong Kong University of Science and Technology, Hong Kong.
[26] http://developer.netscape.com/does/manuals/security/sslin/contents.htm.
[27] Naftaly Minsky &Victoria Ungureanu. Law-Governed Interaction http://cs.rutgers.edu/-minsky/papers/coordination-and-control.pdf
[28] Rita Chen &William Yeager.A distributed Trust Model for Peer-to-Peer Networks. http://www.jxta.org/projeet/www/does/trust.pdf.
[29] Kamvar SD, Schlosser MT. EigenRep: Reputation management in P2P networks. In: Lawrence S, ed. Proc. of the 12th Int'l World Wide Web Conf. Budapest: ACM Press, 123-134.
[30] Altman J. PKI Security for JXTA overlay networks. Technical Report,TR-I2-03-06, Palo Alto: Sun Microsystem, 2003.
[31] Albrecht K, Ruedi AR. Clippee: A large-scale client/peer system. Technical Report, TR-410, Swiss Federal Institute of Technology, 2003.
[32] Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-based acess control models. IEEE Computer, 29(2):38-47, February 1996.
[33] Ravi S Sandhu. Role-Based Access Control Models. Advances in Computers, vol. 46, Academic Press, San Diego, CA, 1998
[34] S. Marsh, Formalising Trust as a Computational Concept, Ph.D. Thesis, University of Stirling, 1994
[35] R. Yahalom, B. Klein, and Th. Beth. Trust relationships in secure systems—a distributed authentication perspective. In Proc. 1993 IEEE Symp. on Research in Security and Privacy, pages 150—164, 1993.
[36] T. Beth, M. Borcherding, and B. Klein. Valuation of trust in open networks. In ESORICS 94. Brighton, UK, November 1994.
[37] 乐光学,李仁发,周祖德.基于Region多层结构P2P计算网络模型,软件学报,Vol.16,No.6
[38] 张书钦等,对等网络中基于信任的访问控制研究,计算机科学,2005.5
[39] 陈姝,方滨兴,周勇林.P2P技术的研究与应用.计算机工程与应用,2002年第13期.Pages:20~24.
[40] Jean-Camille Birget, Xukai Zou, Guevara Noubir and Byrav Ramamurthy. Hierarchy-Based Access Control in Distributed Environments. Proceedings of IEEE International Conference on Communications, June 2001.Pages:229-233.
[41] D. W. Manchala, E-Commerce Trust Metrics and Models, IEEE, Internet Computing, April 2000.
[42] H. Zhuang, S. Wongsoontorn and Y. Zhao:.A Fuzzy-Logic Based Trust Model and its Optimization for e-Commerce, Florida Conference on the Recent Advances in Robotics—2003
[43] A V.S. Grishchenko:A Fuzzy Model for Context-Dependent Reputation. Workshop on Trust, Security and Reputation. International Semantic Web Conference 2004, Hiroshima, Japan, October 2004.
[44] S. Song, K. Hwang, and M. Macwan, Fuzzy Trust Integration for Security Enforcement in Grid Computing, Proceedings of IFIP International Symposium on Network and Parallel Computing (NPC-2004), 2004, 9-21P
[45] 唐文,陈钟.基于模糊集合理论的主观信任管理模型研究.软件学报,2003,14(8):1401—1408页
[46] S. D. Ramchurn, C. Sierra, L. Godo and N. R. Jennings, A Computational Trust Model for Multi-Agent Interactions Based on Confidence and Reputation.In Proceedings of 6th International Workshop of Deception, Fraud and Trust in Agent Societies, page 69-75, 2003.
[47] J. C. Rubiera, J. M. Molina, J. Davila: A Fuzzy Model of Reputation in Multi-Agent Systems, Proceedings of the 5th international conference on Autonomous agents, 2001, 25-26P
[48] R. Rivest SEXP (S-expressions), draft-rivest-sexp-00.txt, Internet Draft, May 4, 1997 http://theory.lcs.mit.edu/~rivest/sexp.txt
[49] Manoj P, Anjana S. P2P networking: an information-sharing alternative. IEEE Computing Practices. 2001, 34(7):31~38.
[50] Daniel Hasselrot, A Java based framework for simulating peer-to-peer overlay networks, SICS Technical Report T2005:02, ISSN 1100-3154, ISRN:SICS-T-2005/02-SE, January 24, 2005
[51] Ben D. The Power of P2P. Multimedia at Work.2001, 8(2):100~103.
[52] P2P网络的应用前景.http://www.yesky.com/20010912/196283_1.shtml.
[53] anonymous information storage and retrieval system. In Proceedings of the Workshop on Design Issues in Anonymity and Unobservability. Berkely, California, June 2000.
[54] The Graphical Gnutella Client for Unix. http://gtk-gnutella.sourceforge.net/.
[55] The IMesh Toolkit, An architecture and toolkit for distributed subject gateways. http://www.imesh.org/toolkit/.
[56] Project JXTA: A Technology Overview.http://www.jxta.org/project/www/docs/TechOverview.pdf, February 2002.
[57] OpenSSL. http://www.openssl.org/docs/apps/openssl.html, February 2002.
[58] M.Abadi, M.Burrows, B.Lampson and G.plotkin.A calculus for access control in distributed systems. TOPLAS, 15(4):706-734, sept.1993.
[59] S.J.mullender and A.S.Tanenbaum. The design of a capability-based distributed operating system. The computer Journal, 29(4); 289-299, Aug. 1986.
[60] Deng.p, Kuo.C and Kao.V. A dynamic access control model for object-oriented system. Security Technology, 1993, Security Technology proceedings.Insititute of Electrical and Electronics Engineers1993 International Carnahan conference on 13-15Oct,1993.Pages:159-163.
[61] D. Elliott Bell and Leonard J. La Padula. Secure Computer System: A refinement of the mathematical model. Technical Technical Report ESD-TR-278,vol.3,MITRE Corp. MTR-2997, Bedford, MA,1973.