【作者】 高朝勤；

【导师】 肖创柏；

【作者基本信息】 北京工业大学 ， 计算机应用技术， 2012， 博士

【摘要】 随着信息技术的迅猛发展和计算机网络的快速普及，基础信息网络与重要信息系统的基础性、全局性和战略性作用日益增强，已成为国家和社会发展新的重要战略资源。保障基础网络和重要信息系统安全，更好地维护国家安全、公共利益和社会稳定，是当前信息化发展中迫切需要解决的重大问题。信息安全等级保护是国家信息安全保障工作的基本制度、基本策略、基本方法。访问控制机制是信息系统中敏感信息保护的核心，访问控制安全模型为信息系统访问控制机制提供基本的理论依据。本文以GB17859-1999和GB/T25070-2010为基本依据，在“一个中心”管理下的“三重保护”体系结构的基础上，研究了信息系统等级保护中的多级安全相关技术，提出了一系列的改进模型和技术方案，对于解决当前信息系统等级保护工作面临的问题，不仅具有一定的科学理论意义，而且具有重要的应用前景。论文的主要工作及研究成果包括：1、针对多级安全信息系统中的信息保护和共享问题，分析了多级安全信息系统的安全需求，将独立计算机系统中的BLP模型扩展至多级安全信息系统，给出了主、客体在信息系统中的新解释，引入了需享原则和多级客体的概念，建立了一个支持信息安全共享的信息系统多级安全模型，给出了该安全模型的形式化描述，定义了系统的安全访问规则，并证明了系统的安全性。新的安全模型允许信息系统中需要共享信息的部门之间安全地共享信息，同时保持了信息系统的多级安全性。2、针对现有模型无法很好地同时兼顾机密性与完整性的问题，建立了一个机密性和完整性统一的访问控制模型，给出了模型的形式化描述，定义了模型的安全特性，并对其安全性进行了分析。新模型基于主、客体的机密性级别和完整性级别是相互独立的这一假设，从客体本身所具有的机密性和完整性这两种不同且又同时存在的安全属性出发，当主、客体的安全标记满足一定条件的情况下，根据客体安全类别中机密性和完整性的重要程度不同，由机密性检查室和完整性检查室有条件地在一定范围内调整主体的机密性级别和完整性级别，从而在一定程度上解决了系统的机密性和完整性。3、在“一个中心”管理下的“三重保护”体系结构的基础上，提出了一个多级安全策略执行框架，通过将独立计算系统的可信计算基到扩展到整个信息系统，形成整个信息系统统一的安全策略执行机制，并在此框架的基础上提出了一个多级安全策略模型，同时实现访问控制和信息流控制，定义了信息系统中的用户、进程和各种设备在进行信息交换时需要遵循的策略，给出了模型的形式化描述，并对模型的安全性进行了证明。新的安全策略模型允许可信和不可信的计算机系统以及其他数据处理设备连接到具有单一安全管理中心的信息系统，能够处理不同密级的信息，为不同安全许可级别的用户提供服务。4、针对我国信息系统等级保护工作在工程实践与标准方面缺乏统一、成熟的技术体系的现状，根据《信息系统等级保护安全设计技术要求》，以第四级信息系统为例，分析了第四级信息系统安全保护环境的安全需求、设计目标与技术要求，介绍了第四级信息系统安全保护环境的设计思路，重点讨论了第四级信息系统安全保护环境的多级安全机制与实现技术，并对计算节点子系统、安全区域边界子系统和安全管理子系统中与多级安全技术相关的功能给出了技术方案设计，从而为等级保护安全建设工作提供有益的参考。更多还原

【Abstract】 With the rapid development of informationization process and computernetworks, the fundamental, global and strategic role of basic information networksand critical information systems are increasingly significant. Basic informationnetworks and critical information systems have become new and important strategicresources for the development of nation and socialty. Securing basic informationnetworks and critical information systems and better safeguarding state security,public interests and social stability are the major problem that urgent need solves inthe current information technology development.Information security classified protection is the basic system, basic strategy andbasic approach of protecting national information security. Access control mechanismis the core of protecting sensitive information in information systems. Access controlsecurity models provide a theoretical basis for access control mechanisms ofinformation systems. In this dissertation, we focus on the multi-level securitytechnologies for information system classified protection and propose a series ofimproved models and technical solutions according to the technical standardGB17859-1999and GB/T25070-2010and based on the architecture of “one centerand triple protection”. Our works not only have a certain theoretical significance, butalso have important potential applications for solving the problems faced by theinformation system classified protection.Our main works and contributions are as follows:1. To address the problem of protection and sharing of information ininformation systems with multi-level security, we first analyse the securityrequirements of information systems with multi-level security. Second, we extend theBLP model of the stand-alone computer system to the information system withmulti-level security, give new explanation for interpretations of subjects and objects ininformation systems, introduce the principle of need-to-share and the notion ofmulti-level object, and develop a new multi-level security model of informationsystem for securely sharing information. Finally, we present the formal description ofthe security model, define the full set of access rules that apply to the system, andprove the security of the information system. The new security model allowsinformation being securely shared with the right users and protected from the wronguser, while maintaining the multi-level security of information systems.2. In order to solve the issue that existing security models can not combineconfidentiality and integrity very well, we propose a new access control model whichunites the confidentiality and integrity. Then, we give the formal description of themodel, define the security property of the model, and analyse the security of the model. The new model is based on the assumption that confidentiality levels andintegrity levels of subjects and objects are independent. Confidentiality and integrityare two different security attributes of the object itself and exist at the same time.When security labels of the subject and object meet certain conditions, the modeladjusts confidentiality level or integrity level of the subject depending on the degreeof importance of confidentiality and integrity of the object security class. The newmodel resolves the question of the confidentiality and integrity of the informationsystem to a certain extent.3. Based on the architecture of “one center and triple protection”, we firstpropose a multi-level security policy enforcement framework that extend the trustedcomputing base of the stand-alone computer system to the entire information systemand form a united security policy enforcement mechanism of the entire informationsystem. Second, we establish a multi-level security policy model on the basis of theframework. The multi-level security policy model can implement access control andinformation flow control. Then, we define the policies which users, processes anddevices in information systems need to follow when they exchange information.Finally, we present the formal description of the security policy model and prove thesecurity of the model. The new security policy model allows trusted and untrustedcomuter systems and other data processing device to connect to the informationsystem with a single security management center, processes sensitive informationwith different classifications, and provides services for users with different securityclearance levels.4. Because lacking of unified, mature technology systems in engineering practiceand standards for information system classified protection, we first analyse securityrequirements, design goals, and technical requirements of the fourth-class informationsystem according to “Technical requirements of security design for informationsystem classified protection”. Then we introduce design ideas of secure protectionenvironment in the fourth-class information system and fully discuss multi-levelsecurity mechanism and implementation technology of secure protection environmentin the fourth-class information system. Finally, we develop technical solutions offeatures relative to multi-level security technology in computing node subsystem,secure area boundary subsystem and security management subsystem, trying toprovide a useful reference for security construction of information system classifiedprotection.更多还原