Welcome to Journal of University of Chinese Academy of Sciences,Today is

›› 2010, Vol. 27 ›› Issue (4): 538-546.DOI: 10.7523/j.issn.2095-6134.2010.4.016

• Research Articles • Previous Articles     Next Articles

Enforcement of Clark-Wilson model in combination of RBAC and TE models

YUAN Chun-Yang1, DENG Chen-Lei2   

  1. 1. Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029, China;
    2. Graduate University, Chinese Academy of Sciences, Beijing 100049, China
  • Received:2009-11-18 Revised:2010-03-04 Online:2010-07-15
  • Supported by:

    Supported by National 863 Hight-tech Research Development Program of China (2006AA01Z451, 2007AA010505, and 2009AA01Z432) 

Abstract:

An approach to enforce Clark-Wilson model in the combination of RBAC and TE models is presented, namely: separation of duties is addressed by assigning different roles to different users; special domains are used for representing transformation procedures; and the constrained data items and unconstrained data items are labeled with different types. The correctness of the enforcement and certification rules is analyzed. A detailed case study of FTP integrity policy is implemented under SEBSD, and shows that the approach achieves fine-grained access control and flexible configuration.

Key words: secure operating system, Clark-Wilson, RBAC, type enforcement

CLC Number: