基于UCON访问控制模型的信息安全监控系统的研究
|
摘要
涉及国家安全的各种秘密信息,直接关系到国家的安全利益和社会的稳定。国家机密信息一旦被窃取或破坏,将对国家造成不可估量的损失。在信息安全攻防技术发展到了较高水平的今天,研究这一问题的解决方法有着重要的现实意义。
论文首先讨论了国内外信息安全监控技术的发展现状,分析了四种传统访问控制模型各自的优缺点,深入研究了UCON访问控制模型,综合分析了UCON访问控制模型核心组件的原理和优缺点;设计了基于UCON访问控制模型的信息安全监控系统系统结构;在网络信息下载监控子系统中,深入研究了网络数据包的捕获分析技术和通讯阻断技术,设计了UCONpreA1onB2模型,实现了对超量下载网络数据包的实时阻断;在防文件敏感信息泄漏监控子系统中,深入研究了文件过滤驱动技术和格式文档解析技术,设计了UCONonA2模型,实现了对主机敏感信息的有效监控;在QSAC匹配算法中,深入研究了多模式匹配算法,并针对在大字符集文本中算法效率较低的问题,提出了一种新颖的面向中英文环境的QSAC匹配算法,解决了在安全监控系统中对于大字符集文本匹配效率低下的问题。
论文研究工作目前已完成对了信息安全监控系统的总体设计,实现了两个安全监控子系统。相比当前同类安全监控系统研究成果,可提高对信息安全监控的效率和安全性。实验结果表明网络信息下载监控子系统能够自动阻断恶意下载的行为,保护网络服务器;防文件敏感信息泄漏监控子系统能够搜索和监控主机中含有敏感词的文件,实现内容过滤,有效防止信息泄密;目前,已有两个子系统在相关单位进行试用。
Involving a variety of confidential information of national security, directly related to the national security interests and social stability. Once the national confidential information is stolen or destroyed, it would cause incalculable damage to the country. In today’s higher level technology of information security attack and defense, to study the solution has important practical significance.
The paper firstly discusses the domestic and international information security and monitoring technology development status, analyzes the four kinds of traditional access control model for their own advantages and disadvantages, deeply studies of the UCON access control model, and comprehensively analyzes the UCON access control model principles of the core components and the advantages and disadvantages; We Designed for information security monitoring system architecture based on UCON access control model; In the Network Malicious Download subSystem, deeply study of the network packet capture analysis technology and communication blocking technology, propose a UCONpreA1onB2 model,it can block the excess download network data packets in real-time;In Anti-File Sensitive Information Leakage Monitoring subsystem, we deeply study of the file filter driver technology and the formated document parsing technology, propose a UCONonA2 model, it can monitor the sensitive information in the host effectively;In the QSAC matching algorithm, we deeply study of the multi-pattern matching algorithm, and for the problem of the low algorithm efficiency in big character set, we introduce a novel in English and Chinese-oriented environment QSAC matching algorithm, it solved the low efficiency problem in security monitoring system for large character-set matching.
Now, we have completed the overall design of Information Security Monitoring System, achieved two security monitoring subsystem. Compared to the current security monitoring system, it can improve the efficiency of information security monitoring and safety. Experimental results show that the Network Malicious Download subSystem can automatically block malicious downloads, protect the network server; Anti-File Sensitive Information Leakage Monitoring subsystem is able to search and monitor hosts file that containing sensitive words, and to achieve content filtering, effectively prevent the leakage of information; Currently, the two subsystems is in the trial in the relevant department.
论文首先讨论了国内外信息安全监控技术的发展现状,分析了四种传统访问控制模型各自的优缺点,深入研究了UCON访问控制模型,综合分析了UCON访问控制模型核心组件的原理和优缺点;设计了基于UCON访问控制模型的信息安全监控系统系统结构;在网络信息下载监控子系统中,深入研究了网络数据包的捕获分析技术和通讯阻断技术,设计了UCONpreA1onB2模型,实现了对超量下载网络数据包的实时阻断;在防文件敏感信息泄漏监控子系统中,深入研究了文件过滤驱动技术和格式文档解析技术,设计了UCONonA2模型,实现了对主机敏感信息的有效监控;在QSAC匹配算法中,深入研究了多模式匹配算法,并针对在大字符集文本中算法效率较低的问题,提出了一种新颖的面向中英文环境的QSAC匹配算法,解决了在安全监控系统中对于大字符集文本匹配效率低下的问题。
论文研究工作目前已完成对了信息安全监控系统的总体设计,实现了两个安全监控子系统。相比当前同类安全监控系统研究成果,可提高对信息安全监控的效率和安全性。实验结果表明网络信息下载监控子系统能够自动阻断恶意下载的行为,保护网络服务器;防文件敏感信息泄漏监控子系统能够搜索和监控主机中含有敏感词的文件,实现内容过滤,有效防止信息泄密;目前,已有两个子系统在相关单位进行试用。
Involving a variety of confidential information of national security, directly related to the national security interests and social stability. Once the national confidential information is stolen or destroyed, it would cause incalculable damage to the country. In today’s higher level technology of information security attack and defense, to study the solution has important practical significance.
The paper firstly discusses the domestic and international information security and monitoring technology development status, analyzes the four kinds of traditional access control model for their own advantages and disadvantages, deeply studies of the UCON access control model, and comprehensively analyzes the UCON access control model principles of the core components and the advantages and disadvantages; We Designed for information security monitoring system architecture based on UCON access control model; In the Network Malicious Download subSystem, deeply study of the network packet capture analysis technology and communication blocking technology, propose a UCONpreA1onB2 model,it can block the excess download network data packets in real-time;In Anti-File Sensitive Information Leakage Monitoring subsystem, we deeply study of the file filter driver technology and the formated document parsing technology, propose a UCONonA2 model, it can monitor the sensitive information in the host effectively;In the QSAC matching algorithm, we deeply study of the multi-pattern matching algorithm, and for the problem of the low algorithm efficiency in big character set, we introduce a novel in English and Chinese-oriented environment QSAC matching algorithm, it solved the low efficiency problem in security monitoring system for large character-set matching.
Now, we have completed the overall design of Information Security Monitoring System, achieved two security monitoring subsystem. Compared to the current security monitoring system, it can improve the efficiency of information security monitoring and safety. Experimental results show that the Network Malicious Download subSystem can automatically block malicious downloads, protect the network server; Anti-File Sensitive Information Leakage Monitoring subsystem is able to search and monitor hosts file that containing sensitive words, and to achieve content filtering, effectively prevent the leakage of information; Currently, the two subsystems is in the trial in the relevant department.
引文
[1] T. Budd, R.J.Lipton. Foundations of Secure Computation. New York: Academic CH. on classes of protection systems.1978: 281~293.
[2] L Snyder. Formal Models of Capability-based Protection Systems. IEEE Transactions on Computers.1981,30(3):172~181.
[3] Ravi Sandhu, E Coyne, H Feinstein, et al. Role-based Access Control Models. IEEE Computer.1996,29(6):38~47.
[4] Thomas RK, Ravi Sandhu. Task-Based authentication control (TBAC): A family of models for active an enterprise-oriented authentication management. In: Proc. of the 11th IFIP Conf. on Database Security. California,1997:11~13.
[5] Park J,Sandhu R.Towards usage control models:beyond traditional access control.ACM Symposium on Access control Models and Technologies,2002,2(3):57~64.
[6] Jaehong Park, Ravi Sandhu. Attribute mutability in Usage Control.IFIP WG11.3 Workshop on Database Security.2004:11:36~42.
[7] Jaehong Park, Ravi Sandhu. The UCONABC usage control model. ACM Trans. on Information and System Security.2004,7(1):128~174.
[8] Xinwen Zhang. A Logical Specification for Usage Control.ACM Symposium on Access Control Models and Technologies.2004,8:137~145.
[9] Xinwen Zhang. Formal Model and Policy Specification of Usage Control. ACM Transactions on Information and System Security(TISSEC). 2005,8(4):351~387.
[10] Xinwen Zhang. A Usage-based Authorization Framework for Collaborative Computing Systems. ACM Symposium on Access Control Models and Technologies.2006,7:83~91.
[11] Xinwen Zhang. Safety Analysis of Usage Control Authorization Models. AsiaCCS. 2006,9:10 3~112.
[12] Helge Janicke, Tio Cau. A note on the formalisation of UCON. SACMAT'07. 2007,6:182~193.
[13]袁磊.使用控制模型的研究.计算机工程, 2005,31(12):146~148.
[14]桂劲松,陈志刚,邓晓衡.一种改进UCONC的服务网格授权决策模型.西安电子科技大学学报.2008,3:46~52.
[15]桂劲松,陈志刚,胡玉乎.服务网格授权决策的UCONA模型.计算机工程.2009,35(2):70~73.
[16]丁霞,徐开勇,李立新,等.基于UCONABc模型的电子文档安全系统.计算机工程.2008,34(2):127~143.
[17]田光辉,吴江,张德同,等.基于动态描述逻辑的UCON授权模型.计算机工程.2008,34(19):163~166.
[18]桂劲松,陈志刚,胡玉平,等.一种改进UCONB的服务网格授权策略规范.小型微型计算机系统.2009,30(3):391~397.
[19]崔永泉.基于使用控制和上下文的动态网格访问控制模型研究.计算机科学.2008,2:46~57.
[20] http://www.cnnic.cn/uploadfiles/doc/2009/7/16/125040.doc.
[21] Ferraiolo, D. and Kuhn, R., Role Based Access Control, In 15th NIST-NCSC National ComPuter Security Conference. 1992:554~563.
[22] Nynanchama,M. and Osborn, S.,Access Rights Administration in Role-Based Security Systems,In IFIP WG11.3 Database Security,1994:37~56.
[23] Ferraiolo DF, Sandhu R, Gavrila S. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 2001,4(3):224~274.
[24] Osborn S, Sandhu R. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security, 2000,3(2):85~106.
[25] Jaehong Park, Ravi Sandhu. Originator Control in Usage Control. 3rd International Workshop on Policies for Distributed Systems and Networks(Policy02) . 2002,6:59~67.
[26] Jaehong Park, Ravi Sandhu. Usage Control:a united framework for next generation access control. George Mason University.2003.
[27] Jaehong Park, Ravi Sandhu. The UCONABC usage control model. ACM Trans. on Information and System Security,2004,7(1):128~174.
[28] Alexander Pret, Manuel Hil, David Basin. Distributed Usage Control. Communications of ACM. 2006,49(9):39~44.
[29] Lau Cheuk Lung, Marcelo Shin, Jonida Silva. Adapting the UCONABC Usage Control Policies on CORBASec Infrastructure. Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops. 2007:24~32.
[30] Bertino E, Bonatti P A, Ferrari E. TRBAC: a temporal role—based access control model. ACM Transactions on Information and System Security, 2001, 4(3):191~233.
[31] Joshi J B D, Bertino E, Latif U, et a1. A generalized temporal role-based access control model.IEEE Transactions on Knowledge and Data Engineering, 2005,17(1):4~23.
[32] Deqing Zou, Ligang He, Hai Jin, et al. CRBAC: Imposing multi-grained constraints on the RBAC model in the multi-application environment. Journal of Network and Computer Applications, 2009,32:402~411.
[33]鲁柯,周保群,王惠芳.基于带时间特性RBAC的使用控制模型及其管理.计算机工程,2008,34(6):170~172.
[34] Huang Jian, Qing Si-han, Wen Hong-zi. Timed Role-Based Access Control. Journal of Software, 2003,14(11):1944~1954.
[35] Dong Guang-yu, Qing Si-han, Liu Ke-long. Role-Based Authorization Constraint with Time Character. Journal of Software, 2002,13(08):1521~1527.
[36]刘文涛.网络安全开发包详解.北京:电子工业出版社. 2005:101~121.
[37] J. Postel. RFC959 - File Transfer Protocol.1985,10.
[38] A. Bhushan. RFC414 - File Transfer Protocol (FTP) status and further comments. 1972,11.
[39] T. Berners-Lee. RFC1945 - Hypertext Transfer Protocol -- HTTP/1.0.1996.5.
[40] R. Fielding. RFC 2616 - Hypertext Transfer Protocol -- HTTP /1.1[S].1999,6.
[41] V. Torvinen. RFC4169 - Hypertext Transfer Protocol(HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2. 2005,11.
[42] M. Nottingham. RFC4229 - HTTP Header Field Registrations.2005,10.
[43]张帆等. Windows驱动开发技术详解.北京:电子工业出版社. 2008:122~145.
[44] Art Baker, Jerry Lozano. Windows2000设备驱动程序设计指南.北京:机械工业出版社. 2001:36~125.
[45] Rajeev Nagar. Windows NT File System Internals. O'REILLY. 1997:20~115.
[46]庄毅,潘龙平,刘坤.分布式资源安全监控系统模型的研究.南京航空航天大学学报. 2006.38(1):86~90.
[47]庄毅,刘坤,王建东,潘龙平.主动式信息安全服务系统的研究.小型微型计算机系统. 2006.27(3):442~445.
[48] David A Solomon, Mark E Russinovich. Inside Microsoft Windows 2000. Microsoft Press, 2000: 32~87.
[49] OpenOffice.org. Microsoft Compound Document File Format. http://sc.openoffi ce.org/compdoc fileformat.pdf. 2007.8.7.
[50]Hong Fan, Cui Yongquan. Administrative Usage Control Model for Secure Interoperability. Proceedings of the Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies. 2006,12:34~40.
[51]胡兆玮,靳瑞芳,于万钧,等.使用控制的可变性研究.计算机工程与应用, 2007,43(25):66~79.
[52]胡兆玮,于万钧,杨博.使用控制授权模型的安全性研究.计算机应用研究, 2008,25(1):226-229.
[53] Fengying Wang, Lei Zhao, Caihong Li, et al. Usage Control Resource Dissemination Model Based on Fuzzy Logic. 2008 Fifth International Conference on Fuzzy Systems and Knowledge Discovery. 2008(3):454~458.
[54] Yonggang Ding, Junhua Zou. DRM Application in UCONABC. 2008 Advanced Software Engineering and Its Applications. 2008:182~185.
[55] Li Yang,Alma Cemerlic. Integrating Dirichlet reputation into usage control. ACM International Conference Proceeding Series. 2009.
[56]Aho A, Corasick M. Efficient string matching: An aid to bibliographic search. Communications of the ACM,1975, 18(6):333~343.
[57]王永成,沈州,许一震.改进的多模式匹配算法.计算机研究与发展, 2002, 39(1):55~60.
[58]万国根,秦志光.改进的AC-BM字符串匹配算法.电子科技大学学报,2006,35(4):531~541.
[59]马志柔,叶屹.一种有效的多关键词词频统计方法.计算机工程, 2006, 32(10):191~203.
[60]宋明秋,张国权,邓贵仕.入侵检测多模式匹配算法.计算机工程, 2006, 32(5):144~201.
[61]范立新,谢晓能,吴飞.基于过滤的中文多模式近似字符串匹配算法.计算机工程, 2006, 32(20):48~58.
[62]孙钦东,黄新波,王倩.面向中英文混合环境的多模式匹配算法.软件学报, 2008,19(3):674~686.
[63]李伟男,鄂跃鹏,葛敬国,等.多模式匹配算法及硬件实现.软件学报,2006,17(12):2403~2415.
[64] Fabrice Le Fessant, Luc Maranget. Optimizing Pattern Matching. Communications of the ACM, 2001.
[65] Nadia Nedjah, Luiza de Macedo Mourelle. Efficient Concise Deterministic Pattern-Matching Automata for Ambiguous Patterns. ACM, 2002, 37(2):57~67.
[66]Sarang Dharmapurikar, John Lockwood. Fast and Scalable Pattern Matching for Content Filtering.ACM, 2005.
[67]Lu Jun, Liu DaXin, Han XuJie. A Multiple Patterns Matching Method Based on Added Information. 2008 International Conference on Internet Computing in Science and Engineering(IEEE), 2008.
[68]R S Boyer, J S Moore. A fast string searching algorithm. Communications of the ACM, 1977, 20(10): 762~772.
[69]Fan Jang-Jong, Su Keh-Yih. An efficient algorithm for match multiple patterns. IEEE Trans on Knowledge and Data Engineering, 1993, 5(2):339~351.
[70] Hao Hu, Hao Li, Dengguo Feng. L-UCON: Towards Layered Access Control with UCON. 2009 International Conference on Computational Science and Engineering,2009,CSE, 2009,2: 823~829.
[71] Mohammad Nauman, Masoom Alam, Xinwen Zhang,et al. Remote Attestation of Attribute Updates and Information Flows in a UCON System. Lecture Notes in Computer Science, 2009, 5471: 63~80.
[72] Jianfeng Lu, Ruixuan Li, Vijay Varadharajan. Secure Interoperation in Multidomain Environments Employing UCON Policies. Lecture Notes in Computer Science, 2009, 5735: 395~402.
[73] Zhai Zhigang, Wang Jiandong, Mao Yuguang. Study and Safety Analysis on UCONonA Model. First International Workshop on Database Technology and Applications. 2009: 103~106.
[74] Anthony Jones. Windows Network Programming.北京:机械工业出版社. 2000:67~89.
[75]潘龙平,庄毅,吴学成.基于强制访问控制的安全Linux系统设计与实现.计算机工程与应用. 2006,42(5):142~145.
[2] L Snyder. Formal Models of Capability-based Protection Systems. IEEE Transactions on Computers.1981,30(3):172~181.
[3] Ravi Sandhu, E Coyne, H Feinstein, et al. Role-based Access Control Models. IEEE Computer.1996,29(6):38~47.
[4] Thomas RK, Ravi Sandhu. Task-Based authentication control (TBAC): A family of models for active an enterprise-oriented authentication management. In: Proc. of the 11th IFIP Conf. on Database Security. California,1997:11~13.
[5] Park J,Sandhu R.Towards usage control models:beyond traditional access control.ACM Symposium on Access control Models and Technologies,2002,2(3):57~64.
[6] Jaehong Park, Ravi Sandhu. Attribute mutability in Usage Control.IFIP WG11.3 Workshop on Database Security.2004:11:36~42.
[7] Jaehong Park, Ravi Sandhu. The UCONABC usage control model. ACM Trans. on Information and System Security.2004,7(1):128~174.
[8] Xinwen Zhang. A Logical Specification for Usage Control.ACM Symposium on Access Control Models and Technologies.2004,8:137~145.
[9] Xinwen Zhang. Formal Model and Policy Specification of Usage Control. ACM Transactions on Information and System Security(TISSEC). 2005,8(4):351~387.
[10] Xinwen Zhang. A Usage-based Authorization Framework for Collaborative Computing Systems. ACM Symposium on Access Control Models and Technologies.2006,7:83~91.
[11] Xinwen Zhang. Safety Analysis of Usage Control Authorization Models. AsiaCCS. 2006,9:10 3~112.
[12] Helge Janicke, Tio Cau. A note on the formalisation of UCON. SACMAT'07. 2007,6:182~193.
[13]袁磊.使用控制模型的研究.计算机工程, 2005,31(12):146~148.
[14]桂劲松,陈志刚,邓晓衡.一种改进UCONC的服务网格授权决策模型.西安电子科技大学学报.2008,3:46~52.
[15]桂劲松,陈志刚,胡玉乎.服务网格授权决策的UCONA模型.计算机工程.2009,35(2):70~73.
[16]丁霞,徐开勇,李立新,等.基于UCONABc模型的电子文档安全系统.计算机工程.2008,34(2):127~143.
[17]田光辉,吴江,张德同,等.基于动态描述逻辑的UCON授权模型.计算机工程.2008,34(19):163~166.
[18]桂劲松,陈志刚,胡玉平,等.一种改进UCONB的服务网格授权策略规范.小型微型计算机系统.2009,30(3):391~397.
[19]崔永泉.基于使用控制和上下文的动态网格访问控制模型研究.计算机科学.2008,2:46~57.
[20] http://www.cnnic.cn/uploadfiles/doc/2009/7/16/125040.doc.
[21] Ferraiolo, D. and Kuhn, R., Role Based Access Control, In 15th NIST-NCSC National ComPuter Security Conference. 1992:554~563.
[22] Nynanchama,M. and Osborn, S.,Access Rights Administration in Role-Based Security Systems,In IFIP WG11.3 Database Security,1994:37~56.
[23] Ferraiolo DF, Sandhu R, Gavrila S. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 2001,4(3):224~274.
[24] Osborn S, Sandhu R. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security, 2000,3(2):85~106.
[25] Jaehong Park, Ravi Sandhu. Originator Control in Usage Control. 3rd International Workshop on Policies for Distributed Systems and Networks(Policy02) . 2002,6:59~67.
[26] Jaehong Park, Ravi Sandhu. Usage Control:a united framework for next generation access control. George Mason University.2003.
[27] Jaehong Park, Ravi Sandhu. The UCONABC usage control model. ACM Trans. on Information and System Security,2004,7(1):128~174.
[28] Alexander Pret, Manuel Hil, David Basin. Distributed Usage Control. Communications of ACM. 2006,49(9):39~44.
[29] Lau Cheuk Lung, Marcelo Shin, Jonida Silva. Adapting the UCONABC Usage Control Policies on CORBASec Infrastructure. Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops. 2007:24~32.
[30] Bertino E, Bonatti P A, Ferrari E. TRBAC: a temporal role—based access control model. ACM Transactions on Information and System Security, 2001, 4(3):191~233.
[31] Joshi J B D, Bertino E, Latif U, et a1. A generalized temporal role-based access control model.IEEE Transactions on Knowledge and Data Engineering, 2005,17(1):4~23.
[32] Deqing Zou, Ligang He, Hai Jin, et al. CRBAC: Imposing multi-grained constraints on the RBAC model in the multi-application environment. Journal of Network and Computer Applications, 2009,32:402~411.
[33]鲁柯,周保群,王惠芳.基于带时间特性RBAC的使用控制模型及其管理.计算机工程,2008,34(6):170~172.
[34] Huang Jian, Qing Si-han, Wen Hong-zi. Timed Role-Based Access Control. Journal of Software, 2003,14(11):1944~1954.
[35] Dong Guang-yu, Qing Si-han, Liu Ke-long. Role-Based Authorization Constraint with Time Character. Journal of Software, 2002,13(08):1521~1527.
[36]刘文涛.网络安全开发包详解.北京:电子工业出版社. 2005:101~121.
[37] J. Postel. RFC959 - File Transfer Protocol.1985,10.
[38] A. Bhushan. RFC414 - File Transfer Protocol (FTP) status and further comments. 1972,11.
[39] T. Berners-Lee. RFC1945 - Hypertext Transfer Protocol -- HTTP/1.0.1996.5.
[40] R. Fielding. RFC 2616 - Hypertext Transfer Protocol -- HTTP /1.1[S].1999,6.
[41] V. Torvinen. RFC4169 - Hypertext Transfer Protocol(HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2. 2005,11.
[42] M. Nottingham. RFC4229 - HTTP Header Field Registrations.2005,10.
[43]张帆等. Windows驱动开发技术详解.北京:电子工业出版社. 2008:122~145.
[44] Art Baker, Jerry Lozano. Windows2000设备驱动程序设计指南.北京:机械工业出版社. 2001:36~125.
[45] Rajeev Nagar. Windows NT File System Internals. O'REILLY. 1997:20~115.
[46]庄毅,潘龙平,刘坤.分布式资源安全监控系统模型的研究.南京航空航天大学学报. 2006.38(1):86~90.
[47]庄毅,刘坤,王建东,潘龙平.主动式信息安全服务系统的研究.小型微型计算机系统. 2006.27(3):442~445.
[48] David A Solomon, Mark E Russinovich. Inside Microsoft Windows 2000. Microsoft Press, 2000: 32~87.
[49] OpenOffice.org. Microsoft Compound Document File Format. http://sc.openoffi ce.org/compdoc fileformat.pdf. 2007.8.7.
[50]Hong Fan, Cui Yongquan. Administrative Usage Control Model for Secure Interoperability. Proceedings of the Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies. 2006,12:34~40.
[51]胡兆玮,靳瑞芳,于万钧,等.使用控制的可变性研究.计算机工程与应用, 2007,43(25):66~79.
[52]胡兆玮,于万钧,杨博.使用控制授权模型的安全性研究.计算机应用研究, 2008,25(1):226-229.
[53] Fengying Wang, Lei Zhao, Caihong Li, et al. Usage Control Resource Dissemination Model Based on Fuzzy Logic. 2008 Fifth International Conference on Fuzzy Systems and Knowledge Discovery. 2008(3):454~458.
[54] Yonggang Ding, Junhua Zou. DRM Application in UCONABC. 2008 Advanced Software Engineering and Its Applications. 2008:182~185.
[55] Li Yang,Alma Cemerlic. Integrating Dirichlet reputation into usage control. ACM International Conference Proceeding Series. 2009.
[56]Aho A, Corasick M. Efficient string matching: An aid to bibliographic search. Communications of the ACM,1975, 18(6):333~343.
[57]王永成,沈州,许一震.改进的多模式匹配算法.计算机研究与发展, 2002, 39(1):55~60.
[58]万国根,秦志光.改进的AC-BM字符串匹配算法.电子科技大学学报,2006,35(4):531~541.
[59]马志柔,叶屹.一种有效的多关键词词频统计方法.计算机工程, 2006, 32(10):191~203.
[60]宋明秋,张国权,邓贵仕.入侵检测多模式匹配算法.计算机工程, 2006, 32(5):144~201.
[61]范立新,谢晓能,吴飞.基于过滤的中文多模式近似字符串匹配算法.计算机工程, 2006, 32(20):48~58.
[62]孙钦东,黄新波,王倩.面向中英文混合环境的多模式匹配算法.软件学报, 2008,19(3):674~686.
[63]李伟男,鄂跃鹏,葛敬国,等.多模式匹配算法及硬件实现.软件学报,2006,17(12):2403~2415.
[64] Fabrice Le Fessant, Luc Maranget. Optimizing Pattern Matching. Communications of the ACM, 2001.
[65] Nadia Nedjah, Luiza de Macedo Mourelle. Efficient Concise Deterministic Pattern-Matching Automata for Ambiguous Patterns. ACM, 2002, 37(2):57~67.
[66]Sarang Dharmapurikar, John Lockwood. Fast and Scalable Pattern Matching for Content Filtering.ACM, 2005.
[67]Lu Jun, Liu DaXin, Han XuJie. A Multiple Patterns Matching Method Based on Added Information. 2008 International Conference on Internet Computing in Science and Engineering(IEEE), 2008.
[68]R S Boyer, J S Moore. A fast string searching algorithm. Communications of the ACM, 1977, 20(10): 762~772.
[69]Fan Jang-Jong, Su Keh-Yih. An efficient algorithm for match multiple patterns. IEEE Trans on Knowledge and Data Engineering, 1993, 5(2):339~351.
[70] Hao Hu, Hao Li, Dengguo Feng. L-UCON: Towards Layered Access Control with UCON. 2009 International Conference on Computational Science and Engineering,2009,CSE, 2009,2: 823~829.
[71] Mohammad Nauman, Masoom Alam, Xinwen Zhang,et al. Remote Attestation of Attribute Updates and Information Flows in a UCON System. Lecture Notes in Computer Science, 2009, 5471: 63~80.
[72] Jianfeng Lu, Ruixuan Li, Vijay Varadharajan. Secure Interoperation in Multidomain Environments Employing UCON Policies. Lecture Notes in Computer Science, 2009, 5735: 395~402.
[73] Zhai Zhigang, Wang Jiandong, Mao Yuguang. Study and Safety Analysis on UCONonA Model. First International Workshop on Database Technology and Applications. 2009: 103~106.
[74] Anthony Jones. Windows Network Programming.北京:机械工业出版社. 2000:67~89.
[75]潘龙平,庄毅,吴学成.基于强制访问控制的安全Linux系统设计与实现.计算机工程与应用. 2006,42(5):142~145.