èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽClark-Wilsonå®Œæ•´æ€§ç–ç•¥çš„å®‰å…¨ç›‘è§†æ¨¡åž‹

A Secure Monitoring Model Based on the Clark-Wilson Integrity Policies

æŽ¨è CAJä¸‹è½½
PDFä¸‹è½½
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ æ–¯æ±‰ï¼› æ¸©çº¢åï¼› é›·æµ©ï¼› çŽ‹å»ºï¼›

ã€Authorã€‘ QING Si-Han1,2, WEN Hong-Zi1,2+, LEI Hao2,3, WANG Jian2,4 1(Engineering and Research Center for Information Security Technology, Institute of Software, The Chinese Academy of Sciences, Beijing 100080, China) 2(Graduate School, The Chinese Academy of Sciences, Beijing 100039, China) 3(State Key Laboratory of Information Security, Institute of Software, The Chinese Academy of Sciences, Beijing 100080, China) 4(Supercomputing Center, Computer Network Information Center, The Chinese Academy of Sciences, Beijing 100080, China)

ã€æ‘˜è¦ã€‘ ä¼ ç»Ÿçš„è®¡ç®—æœºè®¾è®¡ç³»ç»Ÿçš„å®‰å…¨ç›‘è§†åŠŸèƒ½å˜åœ¨æ—¥å¿—æ•°æ®å†—ä½™å’Œå¼‚å¸¸çº¿ç´¢æ£€æµ‹æ—¶å»¶è¿‡é•¿ç‰å›ºæœ‰é—®é¢˜.ç”±äºŽå®‰å…¨ç›‘è§†åŠŸèƒ½çš„æ—¥å¿—æ•°æ®é¡¹ä¸»è¦æ˜¯ç”±ç³»ç»Ÿå®žæ–½çš„å®‰å…¨ç–ç•¥æ‰€å†³å®š,æ‰€ä»¥é‡‡ç”¨å…³ç³»æ¨¡å¼,é€šè¿‡å½¢å¼åœ°æè¿°ã€åˆ†æžè‘—åçš„Clark-Wilsonå®Œæ•´æ€§ç–ç•¥,ä»Žè€Œç²¾ç¡®ç¡®å®šäº†ä¸Žå„æ¡ç–ç•¥ç›¸å…³çš„æœ€å°æ—¥å¿—é¡¹é›†,ç„¶åŽå°†å…¶åº”ç”¨äºŽåŸºäºŽClark-Wilsonå®Œæ•´æ€§ç–ç•¥çš„å½¢å¼åŒ–å®‰å…¨ç›‘è§†æ¨¡åž‹(CW-SMM).è¯¥æ¨¡åž‹ä¸ä½†å¯ä»¥æœ‰æ•ˆè§£å†³Clark-Wilsonå®‰å…¨ç–ç•¥é€‚ç”¨ç³»ç»Ÿçš„æ—¥å¿—æ•°æ®å†—ä½™é—®é¢˜,è€Œä¸”ä¹Ÿå¯ä»¥å½»åº•è§£å†³å¼‚å¸¸çº¿ç´¢æ£€æµ‹ä¸çš„æ—¶å»¶é—®é¢˜.æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ The redundant data in log files and the delay for detecting abnormal trails are the inherent problems existing in the traditional secure monitoring subsystem of a computer system. In this paper, it is identified that the system security policies determine the logging data items in a secure monitoring function. By formally describing and analyzing the famous Clark-Wilson integrity policies with the corresponding relation patterns, the minimal logging data items set involved in these security policies is precisely determined. A formal secure monitoring model based on Clark-Wilson integrity policies (CW-SMM) is proposed. The CW-SMM has the characteristics of both minimal logging data and auto-detecting of the system abnormal trails in time, and can thoroughly solve the problems mentioned above.æ›´å¤š è¿˜åŽŸ