【摘要】 强制访问控制是保护数据库管理系统安全的有效机制.DMOSMAC是一个依赖于安全操作系统实现强制访问控制机制的数据库管理系统.在分析该系统实现的基础上,对该系统进行了形式化分析.给出了信息流的概念,将信息流集合作为被验证系统状态的一部分.信息流集合始终是一个递增的集合,利用信息集合流可防止删除等操作的证明被绕过的可能,保证验证过程的严密性.在信息流的基础上提出了一种对系统代码进行抽象、抽取的形式化分析方法.即抽象DMOSMAC系统状态,从源代码中提取操作规则,将BLP模型中的状态、访问规则分别与DMOSMAC系统的状态、操作规则建立映射关系,BLP模型中简单安全性和*-特性转换为面向信息流的状态不变式,继承BLP模型的相关安全公理和定理进行分析和证明;最后用定理证明器COQ进行安全性证明的方法.更多还原

【Abstract】 Mandatory Access Control is one of the essential secure mechanisms for a DBMS. In a DMOSMAC system,the mandatory access control is implemented based on the mandatory access control mechanism of a secure operating system. The system is verified formally and the implementation of the system is analyzed. The concept of information flow is presented in this paper. The set of information flow is one of the elements of the system status for the DMOSMAC system and the set of the information flow increases so that the circumvention of verification for delete operation( and so on) is prevented. Therefore,the rigidity of the verification is preserved. Based on information flow,a method of formal verification for source codes of a DBMS system is proposed: extracting the system status and operational rules from source codes of DMOSMAC to ensure that the verification is accordance with the implementation; mapping the system status and operational rules of the BLP model to the status and operational rules of the DMOSMAC; adapting the simple security property and *-property in BLP model into the invariants for information flow; verifying the security based on the axioms and theorems in the BLP model. The theorem prover COQ is used to verify the security of the DMOSMAC system.更多还原